AIX > Administrator > Security

AIX Security Tools You Can Use

A look at new AIX security capabilities.

Note: This is the final part of a three-part series designed to highlight many AIX*/System p* tools that are often overlooked or underutilized.

In this article, the last of our three-part series on AIX, we cover perhaps the most important aspect of systems administration, a subject near and dear to our hearts: security.

We all realize that security is one of the most important technical concerns IT provides the business environment, and it's perhaps one of the hardest to quantify. A system administrator must establish and maintain a secure environment, taking into account site or company security policies to define and implement multiple layers of security to thwart any attacks.

Traditionally, environmental threat levels have been factors to define a company's security policy. In today's world, where most businesses operate in the wide-open world of e-business, the potential for catastrophic attacks has increased exponentially. Further exposure comes from data stores of critical and sensitive identity information such Social Security numbers, credit-card numbers and histories, and medical histories. HIPAA and Sarbanes-Oxley laws further expand security requirements as our environments increase in complexity. Government regulations require businesses to implement strict operating environments that provide optimum security, maintain audit trails to provide security, and protect privacy while ensuring information integrity.

Our operating environments must be secured and auditable, which requires that the underlying OS provide robust security and the necessary functionality and assurance to secure the company's data.

AIX celebrated its 20th anniversary this year. AIX has matured and provided tools for manageability, performance, and availability and has also embraced technologies designed to provide a robust and secure operating environment to meet security needs. The security-concept fundamentals of Trusted Computer Security Specifications of the mid-80s have changed significantly and AIX security has matured to meet these needs, providing a rich set of functional capabilities validated by independent evaluation agency under the auspices of Common Criteria Organization. AIX has been certified multiple times using the earlier C2 certifications as well as recent Access Controlled Protection Profile Evaluated Assurance Level 4+ (CAPP EAL4+) certifications. AIX has also been certified at the Labeled Security Protection Profile (LSPP) EAL4+ level.

IBM recognizes customer prioritization of security as one of the major issues and continually expands the security features in AIX to meet this demand. Let's review some of the more recent additions to AIX security capabilities and outline the security enhancements delivered in AIX 5L TL05 released in August. We'll review the following features:

  1. Lightweight Directory Access Protocol (LDAP)-based user management: Active Directory support
  2. Protection against attacks using the Stack Execution Disable feature
  3. AIX Security Expert (AIXPert) based system lockdown
  4. Advanced Access Control Lists (ACLs) in AIX



AIX 5.3 TL05 introduced the new feature: AIX Security Expert. This feature centralizes nearly 100 security controls in AIX through a single user interface.

Ravi Shankar is an architect for AIX and PowerHA. He joined IBM 14 years ago and has specialized in wide set of technologies from reliability, availability and serviceability, to AIX security to business resiliency. With more than 19 years of experience in IT, he’s an expert in real-time systems, OS internals and overall system architecture.

Susan Schreitmueller is an IBM-certified senior consultant. Susan can be reached at

comments powered by Disqus



2018 Solutions Edition

A Comprehensive Online Buyer's Guide to Solutions, Services and Education.

A Bankable Solution

AIX Cryptographic Services improves security while simplifying administration

AIX Security Tools You Can Use

A look at new AIX security capabilities.

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store
IBMi News Sign Up Today! Past News Letters