Securing IBM i Series and AS400 Systems

Even today, IBM iSeries is among the top reliable system architectures used by several organisations. According to the Enlyft report, over 6,626 companies use the IBM i series. Most companies using this series are from the United States. The latest modified version has excellent OS and documentation.

Security Today released the yearly cost of a Data Breach Report. It has shown that the data breach has reached $4.45 million in 2023. This report was record-breaking, with a 15% increase in the past 3 years. The escalation costs have increased by 42%, which has shown the highest breach costs. And it indicates an inclination for complex breach investigations. This has become a matter of concern for organisations using the i series.

So, here are the proven tips and best practices for securing the IBM i Series and AS400 Systems.

Log Audit Journal Activity

The IBM i series comes with a log for auditing that lets you log major activities of the system. But, the fact is not every organisation gets access to these audit logs. Also, they lack monitoring, tracking, and reporting on suspicious activity in real-time. The logs provided are not simple and of a confusing nature, which makes it difficult to get the required security information.

But, the good news is the organisation can use third-party applications or platforms. It offers extra usability. Apart from this, enterprises can use key IBM i log data for SIEM solutions. It will help them get a deep insight into suspicious security events.

Regularise Cleaning Inactive User Profiles

Inactive user profiles are those profiles which have not been in an active state for 30 to 60 days. It was noticed there are a huge number of inactive profiles. This can lead to significant security exposure, which can lead to data breaches. The organisations should follow regular cleaning and removal of inactive profiles. This task must be done as the top priority. In addition, there are tools available to offer automated assistance in this process. It will eventually ease the administrative efforts.

Implementation of Strong Password Policies

Organisations should make sure their password policies are strong and follow safety protocols. The standard policy must include frequent password expiration and the use of highly secured and strongest passwords. The Mainframe Operation Support will help in performing special backups in case the password is forgotten.

Also, make sure to check the usage of default passwords because the IBM i series is integrated with standard defaults. Keep in mind that hackers target these default passwords. So, the enterprises should change them. Make sure to implement Multi-Factor Authentication, which will be a layer of security for suspicious users.

Do Not Confuse Compliance with Security

Auditors will say that the organisation has met compliance with the regulatory or internal policies. However, this statement does not give a surety that your entire system is secured. Securing is considered an ongoing process that will not result in positive terms on an audit report.

Organisations must understand where their key assets are. Also, they know what factors pose the greatest business exposure to the organisation. In addition, organisations have to be proactive in addressing potential risks. Along with this, Mainframe Operation Support services will offer 24/7 end-to-end mainframe monitoring.

Automation of Compliance and Security Checking

When managing security becomes troublesome or difficult for organisations, everything can fall apart. It can lead to complex issues and risks for the entire organisation. This is why it is important to follow automated security practices. You will find services offering tools and platforms that ease the burden on admins with automation. Moreover, you can also run automated compliance checks on a daily basis for security policies to make sure everything is good and under control.

A proper schedule is necessary to run and check security and compliance. If you are not capable of doing it for your organisation, third-party solutions are available to help your business with automation technologies.

Secure your IFS to minimise risk from malware and Ransomware attacks

IBM i could be compromised by malicious activity targeting IFS. The Mainframe for the 21st Century will offer an advanced approach offering protection against unauthorised access. 

Don’t grant excessive permissions to IFS, especially at the root level. Additionally, consider an antivirus solution for  IFS so it cannot harbour malware that could infect your other systems.

Power User Profiles Audit

The most crucial consideration for organisations is to audit their power user profiles. It will help to understand the changes in your business environment. Your organisation will have power user profiles that have specific controls on security systems. Only they will have the control to access the assigned systems for numerous operational processes.

But this does not mean that your entire internal system is safe. These power profiles can become a threat to your system in a compromising situation. So, organisations should have to minimise their power users. The profiles must have high authorisation levels. The Mainframe for the 21st Century and i series services will be helpful in performing audit controls.

Auditing must be done for every activity of the power profiles. This is because cyber criminals make these profiles their target. So, proven authority techniques and extensive user profile authorisation must be implemented for various tasks. Make sure the complete profiles are audited periodically.  

Implementation of Exit Programs

This is implemented for auditing network-based activities. Over the past 10 to 15 years, TCP/IP-based services were used to get access to storage data in the IBM i series. For example, ODBC and FTP.

OS400, which is called the IBM i operating system or i series, provides exit points. Earlier, the traditional method was implemented to get access to the iseries as400 in India. It was done by directly connecting terminals and managing the menu access controls.  It lets external access but doesn’t fully audit access to these services. However, the organisation can use third-party exit point solutions for collecting the right level of information about the security. It is necessary to satisfy most auditors’ requirements.

Major Practices for IBM i Series and AS400 Systems

  • Encryption of every communication with TLS 1.2.
  • Limitation of special or power authorities. This is necessary for “All Objects” authority. Keep in mind that special power authorities can only be assigned when necessary.
  • Organisations should avoid sharing roots. When it is necessary, go for read-only mode. You can also create a hidden share to the share name.
  • The application of object-level security is important instead of depending on menu-based restrictions.
  • Opt to run QSECURITY at a higher level of 40.
  • Limit the use of default passwords in your internal system. Conduct testing for default passwords.
  • Make sure the creation of new user profiles is done from scratch instead of copying any existing profile.
  • The passwords should be changed regularly.
  • Set “Limited capacity” (LMTCPB) to “YES” for most users. When the value is set to “NO” (by default in “Create User Profile,” this allows the user to execute commands via a command line.
  • Make sure that audit controls are always turned on.
  • Make sure that the guest profile is not assigned to NetServer by setting “Guest User ID” to an empty value in the NetServer properties settings.

Final Thoughts

The above are the tips and best practices for safeguarding IBM iseries as400 in India. The IBM i series security challenges were always a major concern for organisations. With all these advanced practices, they can securely use the i Series without facing any security hassles. Explore the Megamax Services iSeries and Mainframe Services, which provide the business with higher operational efficiency and reduce the risks.

Leave a Comment