It has been a busy few weeks here at Help/Systems: fulfilling my SME duties at COMMON’s annual meeting in Austin, a corporate office move, a week in Las Vegas helping a customer mitigate some security challenges pertaining to PCI compliance, and another at IBM’s Technology Symposium in New Orleans!
During this time, with much help from my wonderful marketing department, I was able to analyze the data for the 2013 State of IBM i Security study. This year marks the tenth anniversary of this hugely popular document and reveals that much of the necessary security work remains to be done.
The number of regulatory and legislative compliance mandates has exploded over the past decade and this has helped spur a growing interest in security; however, as IBM lights the candles for the 25th birthday celebration of the AS/400, many organizations are still not following even simple best-practices for protecting their IBM i data from abuse—either accidental or malicious.
We were given permission to include data from more than 100 of the assessments that we conducted during the year. Although we can’t include the details from a number of others, I can confirm that the study sample is very representative of the total pool of servers we reviewed.
Some examples of the common vulnerabilities we uncovered include:
- 79 users on average were still using a default password
- 69% of servers lack the capability to audit data downloaded to the network
- 65 users on average running with “root” (administrator) privileges
Fortunately, these vulnerabilities are not due to a lack of OS security controls. On the contrary, IBM has provided us with one of the most securable operating systems available. Our report suggests that deployment of the capabilities provided within IBM i remains weak. Security can be improved dramatically using a combination of altered settings and enhancements provided through software from PowerTech.
To download the 2013 edition of the study, point your browser to www.ibmisecurity.com, or click on the banner on the Powertech.com homepage.
If you would like to know more about the State of IBM i Security study, send an email to email@example.com.
One of my most recent blog entries followed the bombing in Boston. Sadly, as I drafted this entry, news was breaking of the massive tornado that recently tore through Moore, Oklahoma. I have been through this town many times and am stunned at the images of total destruction. I was in Des Moines with my family that afternoon and we had to take shelter underground as warning sirens blared and reports came in about a “touchdown” on the outskirts of town. I am thankful that we all remained safe. On behalf of PowerTech and Help/Systems, I want to send our prayers to the residents of Moore.