Resources

Guide
Guide

Download the "State of IBM i Security Study"

Real-World Insight into IBM i Security The 2024 State of IBM i Security Study provides exclusive insight into the tools and strategies organizations are using to secure IBM i—and where systems are often left vulnerable. This year's study analyzes settings on 148 IBM i server partitions, providing real-world information about how organizations around the world secure this powerful OS. You'll learn...
IBM i Cybersecurity
Blog
Blog

Protect Your Administrator Accounts from Abuse

Fri, 03/10/2017
Attackers often use malware to exploit user credentials and gain access to sensitive data. Properly securing admin accounts is an important line of defense you don't want to ignore. Read on to learn how.
Vulnerability Management
IBM i Cybersecurity
Blog
Blog

A Virus on i?

By Sandi Moore on Thu, 03/09/2017
Do you all remember Malcom Haines’ presentation comparing the viruses on Windows and on IBM i? The first slide, for Microsoft, was an entire page filled, at a 4-point font, with different viruses. Then Malcom switched to the IBM i slide, which was blank. This would always result in an outburst in laughter among us IBM i evangelists.
IBM i Cybersecurity
Blog
Blog

The DDoS Deception You Need to Know About

By Robin Tatam on Wed, 03/08/2017
A denial-of-service attack is any attempt to interrupt or inflict downtime upon IT systems, but a basic DoS threat is smaller in scale than its DDoS counterpart. With the former, the influx of traffic may come from a single source, while in a DDoS attack, traffic comes from numerous sources – making it more difficult to deal with.
IBM i Cybersecurity
Blog
Blog

PCI Compliance is Only the Beginning of Security

By Robin Tatam on Wed, 03/08/2017
The recent string of breaches at prominent retailers such as Target and Neiman Marcus demonstrated that too many organizations still falsely equate PCI compliance with comprehensive security. Fully compliant organizations are being hit with attacks that compromise payment card data on a regular basis.
Compliance
IBM i Cybersecurity
Blog
Blog

How “Smash and Grab” Compromises IBM i

By Robin Tatam on Wed, 03/08/2017
During an audit a few years ago, I revealed to the client’s security team that corporate payroll information on every employee, including the CEO, was being archived in an output queue (called PAYROLL) for weeks at a time. Due to poor configuration, this information was accessible to every employee.
IBM i Cybersecurity
Article
Article

The Modern Alternative to Authority Adoption

By Robin Tatam on Wed, 03/08/2017
There are several considerations with authority adoption. Each is important but can usually be accommodated. But what is the effect if the program owner has the same or less privileges than the user that called the program?
IBM i Cybersecurity
Article
Article

Stay on Top of Security with Security Scan

By Robin Tatam on Wed, 03/08/2017
Security and compliance adherence has elevated in criticality over the past few years and has now taken its rightful place as a primary IT initiative, alongside virtualization and disaster preparedness. The necessity for better data protection has landed front-and-center in the public eye following some of the largest data breaches on record.
IBM i Cybersecurity
Article
Article

The Road To Security Starts with a Security Scan

By Robin Tatam on Wed, 03/08/2017
Sometimes, there are known vulnerabilities that clearly need to be mitigated as soon as possible—such as application users running with *ALLOBJ special authority. But, often there isn’t a thorough understanding of what’s wrong with a server’s configuration or what should be addressed first.
IBM i Cybersecurity