Endpoint security has been a hot topic in the technology and corporate sectors for a few years. Especially with the emergence of bring-your-own-device practices, it has become even more critical to put safeguards in place to ensure the security of sensitive information.
A user’s ability to execute commands in a green-screen environment is controlled by the limit capabilities (LMTCPB) parameter on their profile. Although without exit programs to extend IBM i security functions, even limited capability users could invoke commands through network interfaces such as FTP.
Does this sound familiar? You recently experienced an “unplanned outage” after an administrator inadvertently issued a PWRDWNSYS command while mentoring a new operator.
File Integrity Monitoring (FIM) helps ensure that your critical and sensitive data is viewed and changed only by authorized personnel through approved channels. Candidates for FIM include application files containing sensitive data, such as personnel or financial data, and server configuration files.
During an audit a few years ago, I revealed to the client’s security team that corporate payroll information on every employee, including the CEO, was being archived in an output queue (called PAYROLL) for weeks at a time. Due to poor configuration, this information was accessible to every employee.
Complying with the PCI standard is a normal part of doing business in today’s credit-centric world. But, PCI applies to multiple platforms. The challenge becomes how to map the general PCI requirements to a specific platform, such as IBM i. And, more importantly, how can you maintain—and prove—compliance?
Discover the ways to control and audit the activity of powerful users, with a view to enhancing the integrity of your IBM i. With the proper controls in place, you can restrict even the most powerful users as required.
Appvion, Inc. manufactures paper—thermal, carbonless, security, inkjet, digital specialty and colored papers. But this Appleton, Wisconsin-based company had a problem when it came to digital documents in their customer web portal. Their existing system just wasn’t up to snuff. It was time to make a change.
...
Insiders are responsible for 34 percent of data breaches—and insiders are also the most difficult threat to control control on IBM i. You can't lock them out completely because your IBM i users need at least some level of access to do their jobs.
So, how do you ensure users have only the access they need without overburdening IT with manual processes that...
Before you commit the resources to develop an in-house solution for exit point security, read our list of issues to consider. You might decide it’s neither easy nor cost-effective to set up and monitor your own in-house solution.
Over the years, users have relied on commands like STRSQL and RUNSQL to provide instant and powerful access to the data on their Power Systems™ servers. All types of users—from programmers to system administrators to end users—use these commands as their primary interface for extracting and updating data.
However, allowing a user to view, update, and even delete data without any control by the...
In this compliance 101 primer, we'll look at three high-profile breaches from the past year, each of which shows what can go wrong when data oversight isn't up to snuff. Along the way, we'll discuss some basic fixes that can help shore up network defenses.
Barely a day passes without new headlines reporting another cyber attack, policy violation, or data breach. Secretly, we breathe a sigh of relief that it happened to someone else, but most of us know that we’ll all eventually feel the impact in some capacity.
The Payment Card Industry Data Security Standard (PCI DSS) applies to every organization that processes credit or debit card information. This includes merchants and third-party service providers that store, process, or transmit credit card data.The launch of PCI DSS helped expose serious security shortcomings, failures to follow security best practices, and a...
When a healthcare organization faced stringent regulations like HIPAA, PowerTech's security products closed the security gaps on IBM i and helped protect confidential data.
Reports are an essential part of all businesses. Among other purposes, they help organizations to better manage and control their operations. But what if managing those documents placed an unnecessary burden on the enterprise? Paper-based reports do exactly that.