Identify and Address 5 Top IBM i Security Threats

The IBM i has a well-earned reputation as one of the most secure IT platforms in the world. But actually, that’s something of a misnomer. It would be more correct to say that IBM i is one of the planet’s most highly securable operating environments.  

With IBM i, achieving a high level of security in practice isn’t a given. When administrators fail to take full advantage of the multitude of powerful security features IBM i makes available to them, their systems can be far more vulnerable to cyberattacks than they know. 

According to Precisely’s IBM i Security Insights for 2020 survey, only 25 percent of respondents reported being “very confident” that the security measures they had in place could be relied on to prevent a security breach. This is a clear indication that the majority of IBM i administrators are unsure how to build a rock-solid security profile for their systems and need help in doing so. Precisely designed its Assure Security suite to provide that help.

Top IBM i security threats & how Assure Security addresses them

Assure Security is a comprehensive suite of security solutions that can help IBM i installations become as bullet-proof as possible. Consider some of the top IBM i security threats and how Assure Security helps you to address each of them.

1. Too many users with too much authority

Virtually all IBM i systems have multiple users with authorities much higher than they actually need. For example, it’s not unusual for IBM i installations to have dozens, if not hundreds, of users with *ALLOBJ authority, which gives each of them unlimited power to view, change, or delete any file or application on the system.

• Assure Elevated Authority Manager automates management of these powerful user authorities and allows you to ensure they are assigned on a strictly as-needed basis.

2. Lack of network access control

IBM i allows data to be freely accessed from other platforms across a network using tools such as FTP, ODBC, and DDM. However, if not properly managed, these access points can function as a back door for unauthorized intruders and IBM i security threats. 

• Assure System Access Manager provides complete control over all IBM i points of entry.

3. Inadequate user account security

IBM i password security is frequently an area of particular vulnerability. When a new profile is created, the default password is the username. Far too often these default passwords are never changed. Even when they are, users are often allowed to specify weak passwords that are easy to guess. These common practices can provide a wide-open door for cybercriminals.

• Assure Multi-Factor Authentication strengthens logon security by requiring multi-factor authentication for configured users and situations.

4. Insufficient data security

The ultimate prize for cybercriminals is your system’s sensitive personal or business data and the IBM i platform typically stores critical transaction and customer record data. The most effective tool for ensuring that such data is protected at all times is a comprehensive encryption regime.

• Assure Data Privacy uses encryption, along with tools such as masking and access auditing, to protect your sensitive data both at rest and while in motion.

5. Inadequate monitoring

Without continuous, effective monitoring of your system, you simply won’t be able to detect security breaches when they occur. In the Precisely IBM i security survey, 41 percent of respondents admitted to having suffered a security breach. Significantly, another 20 percent couldn’t say whether they had or not experienced a breach.

• Assure Monitoring and Reporting continuously monitors your system and its databases and produces alerts and reports that allow you to quickly (and in many cases automatically) react to security threats as they occur.

To learn more about how Assure Security can improve your IBM i security, please read our white paper: The Essential Layers of IBM i Security