Power i / IBM i has been one of the most secure platforms around for decades. But, as we recently discussed in our debrief on the Log4j virus, no ecosystem is immune to serious risks – even Power i/IBM i.
If your organization wants to begin taking a more systematic approach to securing its critical infrastructure, it can be hard to know where to begin. Based on our experience supporting and securing a variety of enterprise-scale Power i implementations, security audits are the ideal foundation for more robust security practices. In this blog, we explain why and provide a breakdown of how our team organizes a Power i / IBM i security audit.What is a Security Audit and why is it important?
In short, a security audit is a systematic review of security practices, procedures, settings, and risks. This review is a great way to:
- Create a highly detailed baseline for existing security practices to identify areas where added security capabilities are needed.
- Immediately identify any critical existing vulnerabilities.
- Generate detailed recommendations for improved security practices.
As we explore below, however, conducting an effective audit is highly detailed work that requires extensive knowledge of security concerns for the Power i / IBM i ecosystem. The complexity of this process is precisely why it goes undone in so many organizations, and the very sense of safety that this ecosystem brings may risk driving complacency.
A managed service provider with the right security expertise on staff can be a great option for conducting an in-depth security audit without bogging down your internal IT teams. We take a look at some of the most important activities covered by PSGi’s Power i / IBM i security audit process below.
What does an effective Power i / IBM i cybersecurity audit need to include?
An effective review will need to cover a variety of potential risk sources including the core operating systems, settings, user profiles, and permissions. The list below highlights some of the most important priorities of our team when conducting a security audit:
User Access Practices and Settings
- Investigate privileged user profiles, command line access, and other significant aspects of the user profiles on the system
- Investigate password practices
- Investigate the use of Group Profiles and Authorization Lists
- Analyze the use of adopted authority and profile swapping
Critical System and Networking Security Settings
- Examine communications and TCP/IP exposures (Open Ports and Exit Points)
- Examine current system value settings
- Examine current System Service Tools (SST) security settings
- Examine the subsystem descriptions, job descriptions, output queues, and job queues
- Analyze access control for Library system objects
- Analyze access control for IFS directories
Evaluate Current Risk Exposure and Make Recommendations
- Analyze file shares for ransomware exposure
- Examine current Security PTF levels and determine whether the customer’s organization is within those current levels
- Document the findings and recommendations for securing the system based on the findings
- Examine the IBM i auditing and logging practices used by the customer's organization and provide recommendations for improvement if determined to be insufficient
- Review user, programmer, and admin access to data from the application
- Recommend application security design or changes to meet security requirements
- Provide recommendations on proper development security best practices
Ultimately, the recommendations produced from our security audit set the stage for both reduced short-term security risk and the implementation of the best practices that will keep an organization secure over the long term. And that’s precisely why, if your organization has been neglecting security, an audit is a perfect place to start.
Learn More About Working with an MSP for Security Audits and Beyond
A managed services provider like PSGi can provide a high-quality security audit much more efficiently than would be possible using internal resources. Effective cybersecurity requires more and more specialized expertise with each passing year, and an MSP can help your organization leverage veteran security experts for critical work like audits without the cost of a dedicated internal hire. Our team always stays up to date with the most recent best practices for security, allowing your team to focus on the core business. And we are standing by to implement the latest mitigation strategies as new vulnerabilities develop.
If you are interested in a more detailed discussion on the best approach to conducting an iSeries cybersecurity security audit in your organization, please contact a PSGI IBM i Specialist.