After spending the first half of the week in Nashville, Tennessee, I jumped on a plane to make the trek north to Buffalo, New York. My first stop was the beautiful Seneca Niagara Casino & Hotel in downtown Niagara Falls, 15 miles north of Buffalo. The hotel is just a short walk from the three famous waterfalls that are the city’s namesake, and that impact the Niagara River that straddles the border between the United States and Canada. Although not exceptionally high, these falls are the most powerful in North America and are an important source of hydroelectric power, and one of the most recognized landmarks in the world.

Seneca Casino, one of PowerTech’s valued customers, graciously offered to host our 3^rd IBM i security workshop in their well-appointed conference facilities. The half-day session was another highly interactive one, and was accompanied by a fantastic lunch and free PowerTech giveaways. After bragging that previous sessions had finished within 5 minutes of the scheduled 4 hours, of course this session ran over; simply because of the great interaction and discussion with the attendees. For that reason, no one seemed to mind, and everyone seemed happy with the content that we provided, with topics that included system values, exit points, and object-level security.

Before heading back to Buffalo, I did make the short walk down to the breathtaking American and Bridal Veil Falls. If you have never seen this stunning sight—especially in the Winter—then it is hard to describe the power and sheer natural force of these natural wonders. While I had previously seen the view from the Canadian side in July, this was my first visit to the U.S. side. While a still-photograph doesn’t really do it justice, I hope my panorama conveys a fraction of its majesty.

The remainder of the evening was spent with the large group that comprises the Midrange Users Group of Western New York (www.mugwny.com). On this night, I presented a combined session called The Top 10 IBM i Security Vulnerabilities and The State of IBM i Security Study, which is based on the popular PowerTech white paper that is published annually. From the reaction of the crowd, some of the issues were quite eye-opening. Hopefully the information I provided will assist them with performing security improvements that might prevent corporate data from flowing out of the network as fast as water over the falls! As always, I offered to conduct a no-charge security review for anyone interested in using our fabulous automated Compliance Assessment solution.

Fortunately, the “lake effect snow” that I had been told about plaguing the region held off for the most part, and I was able to start my return travels on time. Ironically, while everyone had cautioned me about the likelihood of flight delays in and out of Buffalo, and my knowledge of the prevalence of seasonal delays at my connecting hub of Chicago’s O’Hare airport, it was my final destination of Des Moines, Iowa, that almost derailed my return. As we were beginning our descent into Des Moines, the pilot informed us that airport had just closed due to the blowing snow from a winter storm. We immediately went into holding pattern awaiting further instructions. The captain indicated that we had an extra 40 minutes worth of fuel in addition to the fuel required for a return to Chicago! Fortunately, we didn’t require much of either as the airport subsequently reopened and we were cleared to land after about 20 minutes of circling. I was so relieved that I didn’t have to end a fantastic work week with a winter travel horror story!

Thanks again for everyone’s continued hospitality on the road, both for the workshops and the user groups. I would be remiss if I didn’t also thank my team back in Minneapolis, especially Katie Carnicom, who tirelessly facilitates the numerous agendas (for me, as well as other members of staff), complicated travel schedules, and shipments of the t-shirts and presentation materials. It takes unbelievable organization to put these events on back-to-back, and she does an amazing job that allows me look good with little effort on my part!

This week will be a week to try and catch up, and then next week I will be off again, taking the workshop and user group presentation to Reno, Nevada, billed as “The Biggest Little City In The World.” That will be immediately followed by Portland, Oregon, the week of March 8^th.

UPDATE: New 2010 study released.

PowerTech publishes a popular study of the configuration of IBM System i servers each year, called The State of IBM i Security. Now in its seventh year, we continue to see many of the same vulnerabilities reported to us through an anonymous auditing process.

The report includes a review of six main audit categories:

• Network access
• System values
• User settings
• Administrative rights
• Public authority to data
• Event auditing

View this informative Webinar for insight into the 2010 edition of the study and to learn what steps your own organization should take to address the same commonly overlooked and dangerous security exposures.

Attendees are eligible to receive a FREE Compliance Assessment, as well as a copy of the full 2010 study.

Presenters
Main Presenter: Robin Tatam, PowerTech
Co-Presenter: Jill Martin, PowerTech

Wednesday, March 31, 2010
10 a.m. Central Standard Time (16:00 GMT)
Check our chart for your local time >

Cost
Free of charge

Registration
To register, please visit our WebEx site.

Speaker Bios
Robin Tatam is the Director of Security Technologies for PowerTech, a leading provider of security solutions for the System i. As a frequent speaker on security topics, he was also co-author of the Redbook IBM System i Security: Protecting i5/OS Data with Encryption. Robin can be reached by email at robin.tatam@powertech.com.

Jill Martin is Product Support Manager for PowerTech and brings a strong System i background to any security discussion. Jill has worked in a number of roles in the industry, including technical trainer, sales account manager, and most recently as a key member of the security team. Contact Jill at jill.martin@powertech.com.

At one time or another, every system administrator and security officer faces the question “who did it?” IBM i can audit numerous events and you should be using its capabilities. However, what happens after you collect the event data? How do you convert the raw data into useful information?

Auditors and internal policy controls often require the review of numerous security details and configuration metrics. Not only is this time-consuming—especially when multiplied across many systems—it’s a resource-intensive process. Often, we do it only when we have to instead of as part of an ongoing security plan.

Join this Webinar to understand:

• How to configure IBM i to record system and user events
• What activities can (and cannot) be audited
• What mechanisms are available to extract audit data from the audit journal
• What other information does an auditor want to see
• How to step up to the next level of audit reporting with PowerTech Compliance Monitor

Attendees are eligible to receive a FREE Compliance Assessment.

Presenters
Main Presenter: Jill Martin, PowerTech
Co-Presenter: Paul “Paulie” Culin, PowerTech

Wednesday, March 24, 2010
10 a.m. Central Standard Time (16:00 GMT)
Check our chart for your local time >

Cost
Free of charge

Registration
To register, please visit our WebEx site.

Speaker Bios

Jill Martin is Product Support Manager for the PowerTech Group. She has more than 19 years of System i  experience, including 5 years at IBM working in product support and testing. She has been educating customers on IBM midrange systems in areas such as backup and recovery, OS upgrades, partition management, and security for more than 10 years. Contact Jill at jill.martin@powertech.com.

Paul “Paulie” Culin is a Senior Security Engineer with the PowerTech Group. As a product expert, his role at PowerTech includes managing client training and implementation services, as well as hosting security presentations, Webinars, and product demonstrations. Paul has thirteen years of experience in the security field.

PowerTech’s annual State of IBM i Security study shows that the vast majority of organizations still rely on menu security to protect their data. Unfortunately, users have access to numerous interfaces that completely bypass these controls and make it easy to view, update, and delete data in the database. If you need to comply with any type of regulation, or if you simply want to ensure the integrity of your application data, learning about the openness of these interfaces is critical.

Attend this informative Webinar to learn more about IBM i security and how to close the “back doors” not covered by traditional menu security schemes. You’ll also learn how to implement policies that restrict access to only those users who need it.

Attendees are eligible to receive a FREE Compliance Assessment.

Presenters
Main Presenter: Robin Tatam, PowerTech
Co-Presenter: Jill Martin, PowerTech

Wednesday, March 17, 2010
10 a.m. Central Standard Time (16:00 GMT)
Check our chart for your local time >

Cost
Free of charge

Registration
To register, please visit our WebEx site.

Speaker Bios
Robin Tatam is the Director of Security Technologies for PowerTech, a leading provider of security solutions for the System i. As a frequent speaker on security topics, he was also co-author of the Redbook IBM System i Security: Protecting i5/OS Data with Encryption. Robin can be reached by email at robin.tatam@powertech.com.

Jill Martin is Product Support Manager for PowerTech and brings a strong System i background to any security discussion. Jill has worked in a number of roles in the industry, including technical trainer, sales account manager, and most recently as a key member of the
security team. Contact Jill at jill.martin@powertech.com.

Although the IBM System i is one of the most securable servers available, it doesn’t come that way from the factory. PowerTech’s State of System i Security study has shown that most organizations still fail to take adequate steps to secure their data or the server.

PowerTech has compiled a list of the ten most common and important IBM i security risks. We will share them with you to help you identify your own vulnerabilities and prioritize their correction. Attend this informative Webinar to gain insight into the top ten security vulnerabilities and recommendations of how to fix them.

Attendees are eligible to receive a FREE Compliance Assessment.

Presenters
Main Presenter: Robin Tatam, PowerTech
Co-Presenter: Jill Martin, PowerTech

Wednesday, March 3, 2010
10 a.m. Central Standard Time (16:00 GMT)
Check our chart for your local time >

Cost
Free of charge

Registration
To register, please visit our WebEx site.

Speaker Bios
Robin Tatam is the Director of Security Technologies for PowerTech, a leading provider of security solutions for the System i. As a frequent speaker on security topics, he was also co-author of the Redbook IBM System i Security: Protecting i5/OS Data with Encryption. Robin can be reached by email at robin.tatam@powertech.com.

Jill Martin is Product Support Manager for PowerTech and brings a strong System i background to any security discussion. Jill has worked in a number of roles in the industry, including technical trainer, sales account manager, and most recently as a key member of the
security team. Contact Jill at jill.martin@powertech.com.

Although it is my first visit to the city of Nashville, it’s immediately clear that it’s a Southern city with a bustling nightlife, and a place that takes pride in its heritage. Best known as the hub of country music, Nashville is home to everything from the Country Music Hall of Fame to “Cooters,” a museum dedicated to them “good ol’ boys,” the Dukes of Hazzard.

Although I don’t typically have time to visit many attractions on my trips, I would certainly love to come back and take some time to explore this town. I must say it was fun to eat dinner while listening to some live country music, as well as visit the spectacular Opryland Hotel. Traveling as much as I do, I thought I had seen it all, but this venue is truly spectacular consisting of three huge atriums complete with cascading waterfalls, winding overhead walkways, and a musically-inspired indoor fountain show.

My whistle-stop schedule started with a customer visit on Monday, and continued today with a half-day security workshop. It was another great interactive event, and opened the door to some great questions and numerous conversations regarding how customers are currently approaching the challenge of securing their data. It was fantastic to find that a number of the attendees are already running Powertech solutions to assist them, and fun to give away another box of shirts and a Starbucks gift card!

Last night found me up in front of a full room at the local Nashville user group where I presented a combination session on protecting the IBM i from FTP, ODBC, and Remote Command, along with how to configure auditing controls for IBM i. While the dinner and cheesecake were great, the best part of the evening was the highly interactive audience, and that is very satisfying to me as a speaker. There were a lot of pertinent questions and discussion around the two topics, and good conversation afterwards about security topics in general. I am also getting to enjoy the mass t-shirt distribution, as everyone seems to get a kick out of our “control freaks” t-shirts!

The hotel that hosted the user group also had a Nashville Songwriters event going on afterwards, and presented some of the talent behind hit songs recorded such country legends as Kenny Chesney, George Straight, and Trace Adkins. I am now preparing to head to the airport this morning for a flight to Buffalo, NY, to repeat the same events again in the Niagara Falls and Buffalo area. I will give you an update on that part of my trip next week.

As part of this entry, I thought I would share a funny story. As a Midwesterner, you’d think that I would be prepared for bad winter weather wherever I go, but upon waking here on my first morning in town I was more than a little surprised to see that Nashville was coated in a layer of black ice, topped with a couple of inches of powdery snow. I was dismayed to find that my car windows were frozen solid, and my windshield wipers “super-glued” to the glass. Unfortunately for me, the rental car agency didn’t include the normal obligatory corporate-branded ice scraper, so I had to make do with the edge of the hotel’s plastic room key. Halfway into this finger-numbing exercise, I was approached by a man carrying a can of de-icer and a scraper. While the scraper was making short work of removing the ice, I asked if this was a common event in Tennessee and mentioned that I was impressed that he was so well prepared. While I had assumed I would be leaving the winter weather behind me for a few days, I was definitely amused when he grinned at me and responded “I have no idea. I am just visiting from Illinois!” I should have known it would take a fellow sufferer to carry his own winter lifeline.

It has been a busy year, and it’s hard to believe we are well into February already. I have really been enjoying the recent interaction with class students, regional user groups, and PowerTech customers around the country and although it is one of my favorite responsibilities, it is not without its challenges. While I have a Blackberry pretty much velcro’d to my hand, it can be challenging to keep up on the daily affairs of the office in Minneapolis.

I actually hear that type of complaint from a lot from customers that I talk to: The daily challenge of finding the time to perform all of the necessary security forensics. It is always nice to visit with some of those same customers after they have installed a tool like PowerTech Compliance Monitor (CM), and to hear how the tasks that previously took hours or even days to perform, can now be reviewed and analyzed in a matter of minutes. For example, the task of comparing system values against your policy. Printing and hand-reviewing this information is not difficult, but takes a good eye and patience to do the compare. Compare that with CM’s ability to quickly and effortlessly print system value scorecards that color-code any non-compliant items for you, and provide a compliance ranking. Of course, although we ship a great policy template inside the product, you can modify it for your own requirements. Now, consider comparing the values on dozens or even hundreds of partitions and it doesn’t take long to see where the time savings start to really add up!

Last week, the U.S. House of Representatives passed the Cybersecurity Enhancement Act (HR 4061). The bill passed easily with a vote of 422-5, and now goes before Congress. If passed into law, the bill provides various provisions, such as providing grants to students in the field of computer security in return for service to the government cybersecurity team, strengthening the role of the National Institute of Standards and Technology (NIST) to influence the way cybersecurity is addressed though awareness campaigns, and requiring the President to perform an agency-by-agency assessment of the skills found in government’s cybersecurity workforce. It is the first major cybersecurity bill to be passed by either house in the current session of Congress, but is unlikely to be the last. For more information, visit http://www.opencongress.org/bill/111-h4061/show

On another note, the PowerTech team is busy working on the finishing touches to Network Security v6.0, which is to be released soon. We are already actively working on ideas for several other product releases, as well as building a development wish list for NS v7.0. As an IBM business partner, we are now running tests on pre-release versions of IBM i to ensure that our products are approved and ready to go when IBM releases its latest iteration of the operating system. I will be taking a look at the new release soon with an eye on delivering an update regarding any new security enhancements that have been included.

If you are in Rochester, Minnesota today for the Large User Group (LUG) sessions at IBM, please consider yourself invited to our customer appreciation event at the DoubleTree hotel downtown.

As I am writing this, the snow is again falling and blowing. If you are in a geography that is being blasted by this storm, or even the last one that came through that ended up dropping a whopping 33” of snow on our nation’s capitol, stay safe. Next week I am headed to Nashville, and then on to Buffalo, so I have a feeling that I haven’t seen the last of Mother Nature! I am hosting an IBM i security workshop in both cities, and presenting at the local user groups. If you would like to get more information on these events, check the events section of the Web site at www.powertech.com.

It was another week on the road, this time heading slightly south to St Louis, Missouri. It was great to get away from the snow, although the air seemed just as cold as in Minneapolis. To say that it would be nice to feel a warm breeze at this point would be an understatement!

One of my first duties in town was to conduct our weekly PowerTech Webinar. The Webinar was titled Protect IBM i (AS400) Data From FTP, ODBC, and Remote Command, and it’s always one of the most popular Webinars that we do. It still surprises me that we have so many people attend this topic, and ask such great questions such as why IBM i is often exposed from a lack of access control, or auditing of network-initiated transactions. I suppose the statistic that 65% of IBM i servers that we audit still have no exit programs registered might explain some of the interest—even after two decades of awareness of this problem.

I was thrilled to also be presenting the first session of our new regional security workshops to a full room of attendees. For several hours, we whittled our way through numerous important aspects of IBM i security—from system values to adopted authority and from special authorities to network access. Based on the positive comments made on the evaluation forms, the class was a resounding success! It always makes it fun when an idea comes to fruition, and especially when it is so well received. Thanks to the IBM i team at MSI Systems Integrators for hosting the event at their downtown facilities, and for providing lunch for all of the attendees.

After the class, I traveled the 90 miles or so to Jefferson City and engaged with the mid-Missouri users group, presenting a session titled Top 10 Security Vulnerabilities. I would like to offer my appreciation to Huber and Associates for inviting me to present at their location, and also for the interest and interaction I received from the group. This presentation actually ran long because of some of the great discussion that we were having. Before I left, we emptied another box of cool PowerTech t-shirts, and raffled another gift-card.

I am now going to be back in the office for a couple of weeks to catch up on some of my other daily responsibilities, including helping host our upcoming online training classes for Network Security. After that, I will head out again for the next workshop and user group stops, this time in Nashville, Tennessee, and Buffalo, New York. I am especially excited about going to Buffalo, as it is being hosted at a PowerTech customer location. Plans are also being worked on for Reno and Portland events in early March, so if you work in those areas, we invite you to join us.

Before I close this week’s entry, I want to take a moment to say that my thoughts are with the family of IBM’s Craig Johnson, who died this past week in a car accident in Northern Iowa. Blizzard and whiteout conditions on Interstate 35 led to a massive 40-vehicle pile-up. This is the exact same route that I take weekly between Des Moines and Minneapolis, and I just happened to have stayed in Minneapolis that weekend due to my back-to-back travel plans. It certainly brings home how life can change in an instant, and how important it is to live each day as if it is your last.

Stay Warm!