Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5...
Transcript of Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5...
![Page 1: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/1.jpg)
Top 5 IBM i Security
Threats And How To
Avoid Them
Presented by: Software Engineering of America
Lloyd Ramdarie (Senior Engineer)
Alex Rodriguez (Technical Sales)
![Page 2: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/2.jpg)
• 38 years of Excellence
• 85% of the Fortune 500
• 9 of the Fortune 10
• Live Support
• 24/7, 365
![Page 3: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/3.jpg)
Agenda
Employees or People in general
Excessive Authority (higher authority than they need)
Network (Unbridled remote access to the IBM i)
System (Not enough monitoring activated)
IFS (Unsecured usage)
Introduction to Cyberthreats
![Page 4: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/4.jpg)
Ever Changing Threats
• Digitization has lead to fundamental changes to how businesses
operate and how they deliver value to customers
• Digitization has attracted hackers and those with malicious
intentions.
• IBM i is no longer an isolated system but connected to other
databases through networked systems and connectivity
The threat of Cyber-attacks is very real to IBM i
![Page 5: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/5.jpg)
Data Protection worldwide
Source: DLA Piper https://www.dlapiperdataprotection.com/index.html?t=world-map&c=AO
![Page 6: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/6.jpg)
Cyberattacks
• Cyberattack offensive (malware), targets information systems,
infrastructures, computer networks, personal computer devices, mobile
devices. Malicious acts originating from anonymous sources: expose,
alter, disable, destroy, steal or gain unauthorized access, target by
hacking the vulnerable system.
• Cyberattacks range from installing spyware on a personal computer…
attempts to destroy the infrastructure of entire nations.
• Cyberattacks take the form of executable code, scripts, active content,
and other software.
![Page 7: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/7.jpg)
Types of Malware
• Computer viruses
• Worms
• Trojan horses
• Spyware
• Adware
• Scareware
• Ransomware
• Other malicious programs
![Page 8: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/8.jpg)
Ransomware attacks
![Page 9: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/9.jpg)
Some Ransomware statistics
Source: Barkly Blog "Must-Know Ransomware Statistics 2017"
![Page 10: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/10.jpg)
Ransomware by Industry
Consider paying of ransom money.
21% of those who paid – didn’t
receive the key to decrypt their files
Source: NTT Security
![Page 11: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/11.jpg)
200 Crypto-Ransomware Families
CryptoHasYou., 777, 7ev3n, 7h9r, 8lock8, Alfa Ransomware, Alma Ransomware, Alpha Ransomware, AMBA, Apocalypse, ApocalypseVM, AutoLocky, BadBlock, BaksoCrypt, Bandarchor, Bart, BitCryptor, BitStak, BlackShades Crypter, Blocatto, Booyah, Brazilian, BrLock, Browlock, Bucbi, BuyUnlockCode, Cerber, Chimera, CoinVault, Coverton, Cryaki, Crybola, CryFile, CryLocker, CrypMIC, Crypren, Crypt38, Cryptear, CryptFile2, CryptInfinite, CryptoBit, CryptoDefense, CryptoFinancial, CryptoFortress, CryptoGraphic Locker, CryptoHost, CryptoJoker, CryptoLocker, Cryptolocker 2.0, CryptoMix, CryptoRoger, CryptoShocker, CryptoTorLocker2015, CryptoWall 1, CryptoWall 2, CryptoWall 3, CryptoWall 4, CryptXXX, CryptXXX 2.0, CryptXXX 3.0, CryptXXX 3.1, CTB-Faker, CTB-Locker, CTB-Locker WEB, CuteRansomware, DeCrypt Protect, DEDCryptor, DetoxCrypto, DirtyDecrypt, DMALocker, DMALocker 3.0, Domino, EDA2 / HiddenTear, EduCrypt, El-Polocker, Enigma, FairWare, Fakben, Fantom, Fonco, Fsociety, Fury, GhostCrypt, Globe, GNL Locker, Gomasom, Goopic, Gopher, Harasom, Herbst, Hi Buddy!, Hitler, HolyCrypt, HydraCrypt, iLock, iLockLight, International Police Association, JagerDecryptor, Jeiphoos, Jigsaw, Job Crypter, KeRanger, KeyBTC, KEYHolder, KimcilWare, Korean, Kozy.Jozy, KratosCrypt, KryptoLocker, LeChiffre, Linux.Encoder, Locker, Locky, Lortok, LowLevel04, Mabouia, Magic, MaktubLocker, MIRCOP, MireWare, Mischa, MM Locker, Mobef, NanoLocker, Nemucod, NoobCrypt, Nullbyte, NYton, ODCODC, Offline ransomware, OMG! Ransomware, Operation Global III, PadCrypt, Pclock, Petya, PizzaCrypts, PokemonGO, PowerWare, PowerWorm, PRISM, R980, RAA encryptor, Radamant, Rakhni,, Rannoh, Ransom32, RansomLock, Rector, RektLocker, RemindMe, Rokku, Samas-Samsam, Sanction, Satana, Scraper, Serpico, Shark, ShinoLocker, Shujin, Simple_Encoder, SkidLocker / Pompous, Smrss32, SNSLocker, Sport, Stampado, Strictor, Surprise, SynoLocker, SZFLocker, TeslaCrypt 0.x - 2.2.0, TeslaCrypt3.0+, TeslaCrypt 4.1A, TeslaCrypt 4.2, Threat Finder, TorrentLocker, TowerWeb, Toxcrypt, Troldesh, TrueCrypter, Turkish Ransom, UmbreCrypt, Ungluk, Unlock92, VaultCrypt, VenusLocker, Virlock, Virus-Encoder, WannaCry, WildFire Locker, Xorist, XRTN, Zcrypt, Zepto, Zimbra, Zlader / Russian, Zyklon
![Page 12: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/12.jpg)
Ransomware & IBM i
• The IFS appears as a mapped
network drive.
• From the point of view of any
system that has access to an IFS
folder, the IFS folder files are
regular files.
• Ransomware – it encrypts every
data file that it has access to. IFS
files included !
How Ransomware works in an IBM i environment
![Page 13: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/13.jpg)
Let’s Dig Deeper Employees or People in general
Excessive Authority (higher authority than they need)
Network (Unbridled remote access to the IBM i)
System (Not enough monitoring activated)
IFS (Unsecured usage)
![Page 14: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/14.jpg)
#1
![Page 15: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/15.jpg)
People and adherence to security protocols
• Leaving notes lying around
• Unattended workstations
• Password sharing
• Default password usage
• Clicking unknown links
• Bringing external devices from home
• Relaxed access to data center or server room
![Page 16: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/16.jpg)
What can we do to avoid or prevent a people enacted security disaster
• Monitor or track data access
• Setup an inactivity monitoring solution
• Implement a change tracking solution
• Password Reset solution
• Layered AV solution for the IBM i
![Page 17: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/17.jpg)
How can we monitor data accesses?
• Develop your own solution to:
• Monitor data accesses
• Generate reports for Audit
• Produce alerts when exceptions occur
or
• Simply find a reputable 3rd party solution
![Page 18: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/18.jpg)
Examples of data accesses that are typically monitored?
• Login Failures
• Audited command usages
• System values changes
• Object creation, deletion, modification, movement etc…
• Changes to user profiles
• Network attributes changes
• Auditing values changes
![Page 19: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/19.jpg)
How to setup inactivity monitoring?
• Setup an inactivity monitoring solution
• Develop and maintain your own program
or
• Simply take advantage of existing 3rd party
tool
![Page 20: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/20.jpg)
How to setup inactivity monitoring?
• IBM System Values
• QINACTMSGQ - *ENDJOB or *DSCJOB
And
• QINACTITV – 5-300 mins
![Page 21: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/21.jpg)
Change Tracking?
• Implement a change tracking solution
• Enterprise CMS
• Items to be audited
• Reports
• Shipped with its own audit trail
![Page 22: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/22.jpg)
Automated Password Reset
• Password Reset solution can assist with
• Manual PWD resets
• Recovery of valuable production time
• Avoid lengthy outages
![Page 23: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/23.jpg)
Anti-Virus on the IBM i
• Layered AV solution for the IBM I
• Prevents IFS from becoming a propagator
• Proven to be foolproof
• Still protects when 1st level is compromised
![Page 24: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/24.jpg)
Anti-Ransomware on the IBM i
• Additional solution for the IBM I
• Prevents IFS from becoming encrypted
• Proactive solution
• Still protects when 1st level is compromised
![Page 25: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/25.jpg)
#2
![Page 26: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/26.jpg)
Users with too much authority
• Implement granting authority on demand
• Remove command line access
• Remove *ALLOBJ special authority
![Page 27: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/27.jpg)
Hidden danger with too much authority
• Accidental or deliberate access to sensitive data
• Potential for hacker to gain elevated authority
• Untrusted users are given unnecessary special
authority
![Page 28: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/28.jpg)
Best approach
• Start with least privilege access to perform tasks
• Elevate only when required and fully audited
• Generate reports over the activity
![Page 29: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/29.jpg)
#3
![Page 30: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/30.jpg)
Network access
• Remote access protection
• Secure Exit points
• Monitor, Report and Prevent
![Page 31: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/31.jpg)
Securing Exit Points and Remote access protection
• Implement exit point program
• Writing your own requires more overhead
• TCP protocols are widely used to connect to
IBM i
![Page 32: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/32.jpg)
#4
![Page 33: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/33.jpg)
Securable system operating system was not configured
• System security journal inactive
• Sensitive data unprotected at rest
![Page 34: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/34.jpg)
Securable system operating system was not configured
QAUDJRN
• Shipped security Audit journal
• WRKSYSVAL SYSVAL(*SEC)
• QAUDLVL
• QAUDLVL2
![Page 35: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/35.jpg)
Securable system operating system was not configured
Security Levels
• Most should be at 40
• Consider level 50
• SYSTEM VALUE (QSECURITY)
![Page 36: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/36.jpg)
Securable system operating system was not configured
Password security levels
• Level 10 is obsolete
• Consider at least Level 20 or 30
![Page 37: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/37.jpg)
#5
![Page 38: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/38.jpg)
Securing IFS
• Virus or malware detection
• Monitor changes as they occur
• Set permissions based on specific rules
• Restrict access to QSYS.LIB
(https://www.ibm.com/support/knowledgecenter/
en/ssw_ibm_i_73/ifs/rzaaxlibfs.htm)
![Page 39: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/39.jpg)
Summary• Implement security measures • Ensure that users are not bypassing
security policies and implementations• Power users are audited• Securely connect to the IBM i remotely• Monitoring local activity with QAUDJRN• Protect the IFS from being exploited
externally as well as internally.
![Page 40: Top 5 IBM i Security Threats And How To Avoid Themgateway400.org/documents/Gateway400/Handouts/Top 5 Threats W… · Ransomware & IBM i • The IFS appears as a mapped network drive.](https://reader034.fdocuments.in/reader034/viewer/2022042711/5f78a4b3ccf5fe6edf0d2554/html5/thumbnails/40.jpg)
Questions?
IBM i Job Scheduling
Message & Resource Management
SEA ‘s IBM i Solutions for Process Automation and Security