Blog
Blog

3 Ways Malware Can Reach Your IFS

Thu, 12/13/2018
It's true that IBM i can't be infected by a PC virus. It's also true that the IFS can act as a host and spread malicious programs throughout your environment.
IBM i Cybersecurity
Blog

Your IFS Is Probably a Treasure Trove of Unsecured Data

Wed, 09/12/2018
Consider the type of information contained in the PDFs in your directories and spooled files in your output queues. Aside from taking up disk space and consuming time during a backup, what's the issue with leaving these reports on the system? The issue is the contents of those reports, along with who has access to them.
IBM i Cybersecurity
Blog

The DDoS Deception You Need to Know About

By Robin Tatam on Wed, 03/08/2017
A denial-of-service attack is any attempt to interrupt or inflict downtime upon IT systems, but a basic DoS threat is smaller in scale than its DDoS counterpart. With the former, the influx of traffic may come from a single source, while in a DDoS attack, traffic comes from numerous sources – making it more difficult to deal with.
IBM i Cybersecurity
Blog

PCI Compliance is Only the Beginning of Security

By Robin Tatam on Wed, 03/08/2017
The recent string of breaches at prominent retailers such as Target and Neiman Marcus demonstrated that too many organizations still falsely equate PCI compliance with comprehensive security. Fully compliant organizations are being hit with attacks that compromise payment card data on a regular basis.
Compliance
IBM i Cybersecurity
Blog

How “Smash and Grab” Compromises IBM i

By Robin Tatam on Wed, 03/08/2017
During an audit a few years ago, I revealed to the client’s security team that corporate payroll information on every employee, including the CEO, was being archived in an output queue (called PAYROLL) for weeks at a time. Due to poor configuration, this information was accessible to every employee.
IBM i Cybersecurity
Blog

What is the Value of SIEM?

By Robin Tatam on Wed, 03/08/2017
As is often the case in the technology industry, the details surrounding security information and event management can be a little unclear. While vendors may offer solutions of varying complexity, there is still a basic idea behind most SIEM products…
Vulnerability Management
Blog

Your Biggest Challenge to IBM i User Onboarding

By Robin Tatam on Mon, 03/06/2017
As companies bounce back from recession and place a stronger emphasis on digitally-driven innovations, IT departments are finally receiving the funds they need to hire qualified, new colleagues who can lighten the workload. However, the first order of business will be getting these recent hires up to speed.
IBM i Cybersecurity
Blog

Your Biggest Threat Since Edward Snowden

By Robin Tatam on Mon, 03/06/2017
When Edward Snowden leaked the details of the National Security Agency’s PRISM program to the media, it resulted in a large public outcry and lot of unwanted attention. This doesn’t mean that system administrators should treat all of their contractors as the next Snowden, but it highlights the importance of ensuring that contractors, as well as employees, are sufficiently monitored and aware of how they are allowed to use company data.
IBM i Cybersecurity
Blog

What's the Difference Between a Profile Swap and Adopted Authority?

Mon, 01/16/2017
Many organizations have the requirement to reduce the number of profiles to which special authorities—especially *ALLOBJ specially authority—have been assigned. In many cases, the excess capabilities can simply be removed because they aren't required for the person to perform their job functions. *SAVSYS special authority is a good example. Unless...
IBM i Cybersecurity