top 10 os/400 security risks - mrmug 2009 top 10... · the top 10 i5/os and os/400 security risks....
TRANSCRIPT
![Page 1: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/1.jpg)
Copyright 2006
The PowerTech Group, Inc
John Earljohn.earl@ powertech.com
206-669-3336
The Top 10 i5/OS and OS/400
Security Risks
![Page 2: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/2.jpg)
What is the state of security?
• Organizations don‟t audit or control changes made to data thru PC data access tools.
• There are too many privileged (powerful) users with too much access to data.
• Auditing is sparse, or not present at all
• No one is minding the store
![Page 3: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/3.jpg)
PowerTech’s 2008 State of the
System I Security Study.
• Fifth year of the study (started in 2004)
• The only comprehensive security study specifically about OS/400 and i5/OS.
• Study Metrics
» 200 different companies, 217 different System i‟s
» Wide range of industries across a world wide sample (although U.S. participation was strongest)
» Average of 756 users per system
» Average of 393 libraries (Data Base collections) per system
![Page 4: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/4.jpg)
Unprotected
Network Access
• OS/400 applications rely on menu security
» It was easy to build
» It‟s the „legacy‟ of business applications
• Most menu „security‟ designs assume:
» All access is through the application menu
» Users don‟t have command line access
» Query access is limited or denied completely
![Page 5: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/5.jpg)
• Menu security is no longer relevant in a
networked environment
» Users have intelligent devices
• Not dumb terminals
» PC‟s have sophisticated data access tools:
• FTP, ODBC, Remote Command and more
» Users are much more sophisticated
• They enter the workforce familiar with tools.
• Don‟t think that the 5250 green screen is
the “end” of your security responsibility
Unprotected
Network Access
![Page 6: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/6.jpg)
Application Menu
CRM
Result:
Too Much Access
ODBC
Telnet
![Page 7: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/7.jpg)
Unprotected
Network Access
![Page 8: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/8.jpg)
• Implement Exit Programs
» Protect FTP, ODBC, and other services
» Exit programs:
• Protect systems that rely solely on menu security.
• Limit trading partners who access your systems.
• Monitor and report on access you can’t see
• Stop unwanted activity when you’re not around.
Regulating Network
Access to Data
![Page 9: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/9.jpg)
State of System i
Network Access Control
iSeries Security Study 2008 Source: The PowerTech Group Inc.
![Page 10: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/10.jpg)
User specified exit program
3. Analyze request & return result
What is an exit point anyway?
Main program
IBM’s ODBC Server1. User requests data:
2. ODBC Server calls exit program
Pass/Fail
4. Continue processing...
Unprotected
Network Access
![Page 11: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/11.jpg)
Power Users
• Users can be made more powerful through the
granting of OS/400 “Special Authorities”
» Special Authorities can trump OS/400 object level
authorities.
• A USER WITH *ALLOBJ CAN READ, CHANGE, OR DELETE
ANY OBJECT ON THE SYSTEM.
• A USER WITH *SPLCTL CAN READ, CHANGE, OR DELETE
ANY SPOOL FILE ON THE SYSTEM.
• A USER WITH *JOBCTL CAN VIEW, CHANGE, OR STOP ANY
JOB ON THE SYSTEM (INCLUDES ENDSBS AND
PWRDWNSYS)
• A USER WITH *SAVSYS CAN READ OR DELETE ANY
OBJECT ON THE SYSTEM.
![Page 12: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/12.jpg)
iSeries Security Study 2008 Source: The PowerTech Group Inc.
Powerful
Users
![Page 13: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/13.jpg)
Powerful
Users
• What do special authorities do?
» *ALLOBJ - ALL authority to every object on the system – Game Over!
» *AUDIT - Authority to manipulate system auditing values.
» *IOSYSCFG - Authority to create and modify communications to the system.
» *JOBCTL- Authority to control other user‟s jobs.
![Page 14: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/14.jpg)
Powerful
Users
• What do special authorities do?
» *SAVRST - Authority to save, restore, and
remove any object on the system.
» *SECADM - Authority to change profiles
and passwords
» *SERVICE - Authority to use the system
service tools
» *SPLCTL - *ALLOBJ authority for spool
files
Learn more at: http://www.powertech.com
![Page 15: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/15.jpg)
Weak or Compromised
Passwords
• Passwords can be sniffed in network traffic
• Several protocols submit user ID‟s and passwords in clear text» FTP, Telnet, and older forms of Client Access
and PC support
• Protect yourself by…» Minimizing use of legacy OS/400 sign-on screen
» Set the Client Access “Bypass Signon” flag
» Use SSL or VPN‟s
![Page 16: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/16.jpg)
• Too many passwords, too many
places» Users pick passwords that are easy to
remember (and therefore easy to guess)
» Users will re-use passwords inside and
outside the company.
» Every occurrence of a password is a potential
point of exposure.
Weak or Compromised
Passwords
![Page 17: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/17.jpg)
Subject: alt.2600 FAQ (1/3) #18/
From: [email protected]
Forums: alt.2600
Message segment 18 of 63 - Get Previous / Next Segment - Get All 63 Segments
AS/400
~~~~~~
qsecofr qsecofr /* master security officer */
qsysopr qsysopr /* system operator */
qpgmr qpgmr /* default programmer */
ibm password
ibm 2222
ibm service
qsecofr 1111111
qsecofr 2222222
qserv qserv
qsvr qsvr
secofr secofr
qsrv ibmce
(Get All 63 Segments)
All of the default passwords are well known!
Weak or Compromised
Passwords
![Page 18: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/18.jpg)
• If you must have passwords, prevent trivial
passwords:
» At a minimum, set these system values:
System Value Name Value Description
• QPWDEXPITV 90 90 Days
• QPWDMINLEN 6 6 Character Minimum length
• QPWDRQDDGT 1 Require a digit
• QPWDRQDDIF 5 Unique in 10
Weak or Compromised
Passwords
![Page 19: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/19.jpg)
• Password Do‟s and Don‟ts» Don‟t send passwords via email, or over un-
secured networks.
» Require that passwords be changed at regular
intervals.
» Don‟t use default passwords
» Do use a password checker program.
» Don‟t allow unencrypted signons through the
traditional OS/400 signon screen
» Do use OS/400‟s Single Sign-On
Weak or Compromised
Passwords
![Page 20: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/20.jpg)
User Identity
Theft
• 3 ways to steal an OS/400 user ID
OS/400 Job Description
Submit Job Command (SBMJOB)
IBM API‟s to Switch to the user
> None of these methods requires you
to know the user‟s password
![Page 21: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/21.jpg)
> Use an OS/400 job description to
masquerade as the user.» A JOBD that has a User ID attached to it
represents the ability to run a job as that user….
• No password required
» Only at QSECURITY level 30 and lower.
» SBMJOB CMD(CALL MYPGM)
JOB(REPORT) JOBD(QGPL/QBATCH) USER(*JOBD)
» Solution?
• Move to QSECURITY level 40 or higher.
User Identity
Theft
![Page 22: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/22.jpg)
• Use the Submit Job Command (SBMJOB)
to masquerade as the user
• Specify the name of another user, and run
using the assumed identity• SBMJOB CMD(CALL MYPGM)
• JOB(REPORT) JOBD(QGPL/QBATCH) USER(SALLY)
User Identity
Theft
![Page 23: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/23.jpg)
• Use IBM API‟s to switch to the user• No password required
• The following code will allow me to become someone else without knowing their password
• Program QSYS/QASSUMEPGM PARM(&USER)
DCL &USER *CHAR 10
DCL &HANDLE *CHAR 10
DCL &ERROR *CHAR 4
CHGVAR %BIN(&ERROR) 0
CALL 'QSYGETPH’ +
PARM(&USER *NOPWD &HANDLE &ERROR)
CHGVAR %BIN(&ERROR) 0
CALL 'QWTSETP’ PARM(&HANDLE &ERROR)
ENDPGM
User Identity
Theft
![Page 24: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/24.jpg)
• Every OS/400 object specifies some kind of authority for a user called *PUBLIC?» WHO IS *PUBLIC?
• Any user of this computer who does not have explicit authority to a given object.
» In the old days *PUBLIC was “Everyone in my company”
• Then as we networked to more and more systems, *PUBLIC became every one you do business with (Customers, Vendors, Partners, etc.)
• With virtually every network connected to every other network (it’s called “The Internet!”), *PUBLIC could be anyone in the WORLD that can connect to your network!!!
» In a perfect world, *PUBLIC should have little or no authority to production applications.
The Open
Door Policy
![Page 25: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/25.jpg)
iSeries Security Study 2008 Source: The PowerTech Group Inc.
The Open
Door Policy
![Page 26: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/26.jpg)
• At a maximum, Business Application
users need no more than;» *USE authority to static objects such as programs.
» *CHANGE Authority to dynamic objects such as data
files.
• Ideally, don‟t give *PUBLIC even read
(*USE) authority to anything
• Check out the QCRTAUT system value
» Shows the authority *PUBLIC is given to newly
created objects.
The Open
Door Policy
![Page 27: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/27.jpg)
When new applications are
created…
* PUBLIC‟s authority to new objects
![Page 28: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/28.jpg)
Promiscuous
Object Ownership
• All end users belong to a group profile that
owns all of the application objects.
» Easy to administer security
• Assumes that all application access will take
place through a predefined menu interface
![Page 29: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/29.jpg)
• Why is this a problem?
» Users are no longer locked into green screen
interfaces and dumb terminals.
» There are numerous ways of getting at the data
• Command Line access
• DFU, DBU, EZView and other Data manipulation tools
• QUERY/400, SQL, and other query tools
• FTP, ODBC, Remote command and other network accesses.
» Make sure that you‟ve got all the back doors (and
Windows!) covered as well.
Promiscuous
Object Ownership
![Page 30: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/30.jpg)
• A library list specifies the order in which objects and files are searched for.
• A user who can place objects into a library could bypass security checking programs» Example:
• If the library list contains LIBa, LIBb, and LIBc
• And security checking program PROGZ exists in LIBC
• And user Fred has at least *USE + *ADD authority to LIBA
• User Fred could place a bogus version of PROGZ into LIBA that bypasses security
• Solution:» Users only need *USE authority to libraries in their library list.
» This is especially true of libraries on the system portion of the library list (System Value QSYSLIBL)
Libraries and
Library Lists
![Page 31: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/31.jpg)
• Protect libraries first» No more than *USE authority to production libraries
» *EXCLUDE for sensitive libraries
• User authorities to libraries:» *EXCLUDE => Cannot access anything
» *USE => Read, change, or delete objects
» *USE plus *ADD => Place new objects into a library
» *ALL => Delete the library
Libraries and
Library Lists
![Page 32: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/32.jpg)
• The ability to execute commands allows a
user to skirt traditional menu limitations» Commands can be entered in a variety of ways:
• OS/400 command line (Call QCMD)
• OS/400 screens that display a command line (WRKOUTQ,
WRKWTR etc.), or other applications with hidden command line
access keys.
• Through the use of the attention key.
• Using FTP to issue a command remotely
• Using Client Access to issue a command remotely
• Using DDM to issue a command remotely
Command Line Abuse
![Page 33: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/33.jpg)
• Control user‟s access to commands by…
» Use the Limited Capability parameter (LMTCPB) on
the OS/400 user profile to some interfaces
» Beware that other interfaces do not respect the
LMTCPB parameter limitations
• Use an exit program to limit DDM, Client Access, and
OPSNAV, and other Windows interfaces
» Some users require command line access
(Programmers, Operators, Vendors, etc.)
• Make sure that they are monitored
Command Line
Interface Abuse
![Page 34: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/34.jpg)
Command Line
Interface Abuse
![Page 35: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/35.jpg)
System Value
Weaknesses
• There are several system values must be set
properly to protect your system
» Set the system values to their most protective
setting
• Then toggle them off/on as needed.
» Monitor system values to detect and alert you
whenever they are changed.
• Ensure that those system values are changed back
• Monitor for toggle off / toggle on conditions
• Monitor while System Values are toggled off
![Page 36: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/36.jpg)
> Operating system integrity
» QSECURITY
10 = Physical Security
20 = Password Security
30 = Resource Security
40 = Operating System Security
50 = Enhanced Operating System Security
» Do not allow programs to bypass OS security
System Value
Weaknesses
![Page 37: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/37.jpg)
• Sign-On Control- regulate sign on to prevent attacks
» QDSPSGNINF = 1• Display the signon information screen.
» QINACTITV = 30• Time out a screen after 30 idle minutes.
» QINACTMSGQ = *DSCJOB• When job is timed out, disconnect job and show signon screen.
» QMAXSIGN = 3• Maximum invalid signon attempts allowed.
» QMAXSGNACN = 2• Disable User after „N‟ invalid signon attempts
» QRMTSIGN = *VERIFY• Allow user to bypass legacy signon screen.
System Value
Weaknesses
![Page 38: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/38.jpg)
PowerTech’s Open Source
Security Policy
Use it, modify it, share it.www.powertech.com/securitypolicy.html
![Page 39: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/39.jpg)
No Audit
Ability
• If you had a security problem, would you know?» Who did it?
» What happened?
» When it happened?
» How it was done?
» How to stop it from happening again?
• What if the data was not damaged, but only stolen?
![Page 40: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/40.jpg)
• In order to prevent security breaches, you
must first be able to detect them
• Use the OS/400 security auditing journal (QAUDJRN) to help determine where your security stands» Why?
• It’s free (from IBM)
• It’s a comprehensive gathering tool
• It’s an irrefutable source of historical events.
No Audit
Ability
![Page 41: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/41.jpg)
• Turn on OS/400 security auditing by typing:CHGSECAUD QAUDCTL(*AUDLVL) +
QAUDLVL(*AUTFAIL *CREATE *DELETE +*JOBDTA *NETCMN *OBJMGT + *OFCSRV *OPTICAL *PGMADP + *PGMFAIL *PRTDTA*SAVRST +*SECURITY *SERVICE *SPLFDTA +
*SYSMGT ) +
INLJRNRCV(SECURLIB/AUDRCV0001)
• This will generate a lot of audit trails
• Use tools to sift through the audit trails to find important events.
• If at all possible, save all security journal receivers.
No Audit
Ability
![Page 42: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/42.jpg)
www.audit400.com
![Page 43: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/43.jpg)
The Compliance Guide
![Page 44: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/44.jpg)
Security System Value Guidance
![Page 45: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/45.jpg)
PowerTech’s COBIT Guide
![Page 46: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/46.jpg)
Other Resources
![Page 47: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/47.jpg)
Open Source OS/400 Policy
![Page 48: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/48.jpg)
Other Resources
![Page 49: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/49.jpg)
![Page 50: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/50.jpg)
Getting Started
![Page 51: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/51.jpg)
![Page 52: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/52.jpg)
![Page 53: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/53.jpg)
![Page 54: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/54.jpg)
![Page 55: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/55.jpg)
![Page 56: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/56.jpg)
![Page 57: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/57.jpg)
![Page 58: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/58.jpg)
![Page 59: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/59.jpg)
![Page 60: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/60.jpg)
Complimentary Resources for
AS/400 Auditors
• This Compliance Assessment tool
• An Open Source OS/400 Security Policy
• The State of the System i Security Study
• OS/400 Compliance Guide
All four items are available in the
Auditor Resource area at
www.audit400.com
![Page 61: Top 10 OS/400 Security Risks - MRMUG 2009 Top 10... · The Top 10 i5/OS and OS/400 Security Risks. What is the state of security? ... The Compliance Guide](https://reader033.vdocuments.site/reader033/viewer/2022051800/5ad0b66d7f8b9a56098ea0fa/html5/thumbnails/61.jpg)
PowerTech Security Solutions
Policy
Compliance
Powerful User
Control
Network
Access Control
Single Sign on
EnablementData
Encryption
Security
Monitoring
Questions?