Latest PowerSC Capabilities Build Upon a Strong AIX Security Foundation
The three attributes that set IBM Power Systems apart from other server platforms have long been: performance, reliability and security. In the third area, AIX and Power Systems have an impressive record of providing a secure environment for clients. Over the years, AIX has delivered many security capabilities, such as Role-Based Access Control, Encrypted File Systems, Trusted Execution and the AIX Security Expert to protect client’s information resources.
Recently, though, the IBM development focus has shifted to allow security specialists to more easily manage the operational aspects of security and compliance. The goal is to simplify the task of ensuring clients’ IT infrastructure is not only secure from threats, but also compliant with regulatory standards.
Security and Compliance
Since security and compliance span many aspects of the IT infrastructure, beyond the OS, IBM has introduced new products, outside of AIX, under the PowerSC brand name. The SC stands for security and compliance.
The PowerSC Standard Edition, Express Edition and Trusted Surveyor products are intended to better enable security administrators to secure their systems, and administrators to document that they’ve taken the appropriate actions required by external standards. These products leverage capabilities in AIX, Power firmware and, in some cases, Power Systems hardware to provide a secure, manageable environment for clients.
Key features of PowerSC Standard Edition include:
- The automation and monitoring of security settings for specific external security standards
- Protection against attacks that could use a compromised AIX OS or application
- Tamper-proof system and application logs
- Administrator notification of systems with unpatched security vulnerabilities
- Firewall capability built-in to the virtualization layer.
PowerSC Standard Edition and PowerSC Express provide security and compliance automation designed to simplify and automate the deployment and monitoring of specific system security settings. These settings are required by external requirements like the Payment Card Industry (PCI), Control Objectives for Information and Related Technology (COBIT), Health Insurance Portability and Accountability Act (HIPAA), and Department of Defense Security Technical Implementation Guide (DOD STIG).
This capability builds on earlier AIX technology, including the AIX Security Expert and the AIX Profile Manager, to implement the recommended security configuration for these standards and allow monitoring to ensure these settings remain within the compliance policy. In late 2012, this feature was extended to provide for real-time detection of non-compliant changes by leveraging the AIX monitoring infrastructure, which is part of the Cluster Aware AIX functionality. These real-time alerts can be sent via email or phone messages. Monitoring is a very important part of this functionality, because to be compliant, you have to show how you detect if non-compliant changes are made.
PowerSC also protects against attacks that compromise the AIX boot image, ensuring it isn’t hacked before the OS is actually up and running. Although this type of attack is probably more common on x86 servers, IBM has clients that demand protection against such attacks on Power Systems. This advanced protection extends coverage to the loading of the AIX kernel, kernel extensions and files protected by the AIX Trusted Execution technology. AIX Trusted Execution is part of AIX and can detect when an application or program has been tampered with. By leveraging this capability, PowerSC can protect against unauthorized changes from the boot image all the way up through the application. The Trusted Boot feature required changes to the Power firmware and the Hardware Management Console (HMC) to provide the necessary infrastructure to detect if the cryptographically signed boot image has been altered.
Another important PowerSC Standard Edition feature provides for tamper-proof logs by effectively “teeing” them to the PowerVM Virtual I/O Server (VIOS). Even if someone were able to hack into an AIX virtual machine (VM)/LPAR and change the system logs to hide the breach, a tamper-proof copy of the logs will exist on the VIOS. For compliance purposes, PowerSC Trusted Logging provides forensic data that may be used to determine how a system was penetrated.
The core capability of the Trusted Network Connect feature is to notify the administrator of systems with unpatched security vulnerabilities. It also provides you with automated tools to simplify downloading new security updates and deploying those updates to hundreds of AIX VMs.
Trusted Firewall is the newest capability of PowerSC Standard Edition. It addresses a common security issue in virtualized environments—the use of firewalls between VMs. When a client runs multiple VMs that belong to different security domains on a single Power Systems server (for example, edge-of-network Web servers and back-end database servers on the same machine), it’s a best practice to put a network firewall between each of those VMs. Typically administrators will route all the traffic from one VM out of the server to an external firewall, then back into the same server into another VM. This results in additional network latency and performance overhead. With the PowerSC Trusted Firewall capability, you can use simple firewall rules to allow trusted traffic to go directly between the two VMs through the Power Virtual Ethernet—avoiding the latency and performance overhead of the traditional approach.
With this broad mix of capabilities, PowerSC has seen a significant amount of client adoption since the initial release as a standalone product in November 2011. We expect that usage of PowerSC Standard Edition will expand rapidly since it is now included in AIX Enterprise Edition.
The newest product in the PowerSC product line is PowerSC Trusted Surveyor, introduced in October 2012. It provides an objective way to monitor changes in the Virtual LAN (VLAN) configuration on Power Systems servers and to detect inappropriate network configuration. PowerSC Trusted Surveyor uses technology developed by IBM Research that queries all HMCs for VLAN and VM/LPAR configuration information. It uses that information to build a model of the VLANs and VMs/LPARs that’s effectively a snapshot of the current configuration. This snapshot can be used to document how thousands of VMs/LPARs and VLANs are isolated. An administrator can then classify the VMs and VLANs into categories like Test, Production, PCI, etc. On subsequent snapshots, the Trusted Surveyor will highlight changes from a reference snapshot and also will detect inappropriate connections (for example, a Test server on a Production VLAN). The Trusted Surveyor information is presented in an easy-to-use Web format, and can also be downloaded in spreadsheet format for further analysis.
With this broad mix of capabilities, PowerSC has seen a significant amount of client adoption since the initial release as a standalone product in November 2011. IBM expects that usage of PowerSC Standard Edition will expand rapidly because it is now included in AIX Enterprise Edition.
The current security and compliance features of AIX and PowerSC are only a beginning. With the industry move to cloud environments, IBM intends to expand the current security model to encompass additional types of resources, including other OSs and storage. IBM also plans to ensure the security of applications and data as VMs are deployed, relocated and modified.