Tool Enables IBM i Administrators to Assess Security Weaknesses
Even with more public awareness about security breaches in recent years, it’s surprising that “security administration isn’t given the priority it should,” says Terry Ford, team lead for security services delivery, IBM Systems Lab Services in Rochester, Minn. “Administrators don’t regularly look at it, or they only look at it after performing other work.”
Still, Ford believes that they’re not intentionally negligent. Administrators are often frustrated because they’d like to do more security checks, but budgetary constraints stop them, he explains. “Yet they will be the ones who are held accountable if they aren’t able to practice secure computing with the rigor it requires.”
Why don’t organizations examine security as closely as they should? “Time is a big part of that,” Ford says. Companies focus on producing and selling products or services, so security is often an afterthought, he notes.
To help IBM i clients, Ford and his team built a security compliance, assessment and reporting tool (CART) that allows time-starved administrators to examine where hackers could exploit their systems. (Other IBM teams have created similar assessment tools for AIX* and Linux* administrators.) The CART provides a comprehensive picture of a client’s systems and pinpoints current and potential weaknesses. The tool creates daily reports but also features an alert function when changes occur for system administrators who can’t review every report.
The Bigger Picture
The lack of time focused on security is just one problem. In Ford’s opinion, many organizations are “often ignorant, or choose to be ignorant, about the dangers of a security breach.” They think a breach won’t hit them because their business is too small. With news about major retailers, internet service providers and financial services firms that suffered expensive data breaches, they believe that hackers prefer to target larger organizations. There’s some truth to that, Ford notes. “But what the smaller guy fails to realize is that a hacker’s path to the larger organization may be through him, a smaller but related company or supplier,” he adds.
“What the smaller guy fails to realize is that a hacker’s path to the larger organization may be through him, a smaller but related company or supplier.”
—Terry Ford, team lead for security services delivery, IBM Systems Lab Services
Organizations try to keep their systems secure by having at least a firewall or password access system. But Ford notes, “Hackers are more educated than system administrators are.” He explains that hackers have made it their job to outwit the latest cybersecurity fixes and strategies. And few companies can devote the same kind of full-time resources to system security.
Several vendors offer IBM i security solutions. They have very good monitoring and remedial products, Ford says. “However, they tend to be high-level and do not go deep enough,” he adds. “Because of this, clients are sometimes given a false sense of security when they may have unknown configuration items such as with DDM or SSH, leaving their system at risk.”
Monitoring tools can help. But if an assessment hasn’t identified a weak point, “it means the weakness is still present,” Ford notes. “A comprehensive assessment solution with monitoring can help clients determine the extent of their weaknesses and provide information for a proper root cause analysis in remediating the weakness.”