IBM i Security and Reliability is Best of Breed
The IBM i has an enviable reputation in the world of business servers for its security and reliability. In these areas alone, few would question it as being one of the best in the world. It has no known viruses and a ridiculously low number of breach reports when compared to Windows or UNIX based servers. Some might use the low-hanging-fruit argument to explain this – arguing that the pervasiveness of Windows PCs and servers simply makes that platform a far more attractive target for hackers and virus writers. This position ignores the fact that, regardless, there are a large number of IBM i systems (and its AS/400, iSeries, & System i predecessors) around the world, many of which are with banking and finance institutions (naturally attractive targets for criminals), and there are a sizeable number of people with the technical knowledge required to cause trouble. This suggests that there is something more fundamental to the operating system’s reputation.
Much of the IBM i’s security credentials are due to it being designed as an object based, and not a file based, system. Everything in the operating system is defined as an object – whether a user profile (*USRPRF), a compiled program (*PGM), a database file (*FILE), a library (*LIB), a command (*CMD) or … the list goes on. And access to each object, who has access and what they can do, is very finely grained via authority lists and authority controls. In addition to this object approach, security is further enhanced because the system’s security is built below the machine-level interface layer. The actual security implementation is included in the microcode of the operating system, below a place where anyone can get at it and tamper with it. To tamper with security settings an attacker would have to get a hold of the service tools, but of course access to such powerful tools should be restricted.
Opening the IBM i to New Technologies Has A Security Cost
There is no doubt that the IBM i is an incredibly secure machine. In fact, in its earliest days, in the days of twinax cables and dumb terminals, it was a fortress. Alas, we live in a very different, interconnected world, these days, and the number of companies operating their IBM i servers in purely that mode is diminishing. And for good reason – businesses want to take advantage of the IBM i’s latest powerful features and connect it with the rest of the world.
With the connection of the first PC to the AS/400 many years ago, it is probably fair to say that the server could no longer be considered a fortress – there was a new way to get into the system. With the subsequent transformation of the platform into a server, and now hosting web, Domino, and NT systems, a flood of new potential security problems were introduced into the operating system. Problems that remain with us to deal with today. E-business has maintained IBM i relevance and success, but not without a security cost.
Vulnerabilities - IFS
There are a number of areas where the IBM i is particularly vulnerable, and to those attackers who know little about the platform, the IFS makes a good starting point. When IBM first introduced the Integrated File System (IFS) with the release of V3R1 in 1994, they introduced a directory structure that would be recognized throughout the industry, and they built it over the QSYS library system. The advantage was that it allowed all objects on the system to be accessed and viewed using industry standard path-names, and ultimately to enable new file types to be stored on the server, such as images used in web pages running through the IBM i HTTP server, or database extracts into XLS files that could then be downloaded to PCs, or … anything! Including simply storing files like you would on any network server.
The IFS is an incredibly powerful and relevant feature on today’s IBM i, but it has introduced some significant security and reliability concerns. Given that the IFS is built over the QSYS library, this most important of libraries simply appears like a regular directory to a PC, which means that the operating system itself can actually be access, and modified, using paths names. This introduces the risk that a malicious program running on an administrators PC could easily delete objects in any library, disabling programs, copying data, or even bringing the operating system itself down.
And it does not stop there. Do you want to be surprised by what is on the IFS and what could be damaged? Here are a few things to contemplate:
- TCP/IP configuration files are stored in the /QIBM/Userdata directory. If a malicious client sitting on a PC client modified or deleted these files then TCP/IP services could fail, disabling connections;
- Client Access files are stored in /QIBM/Proddata directory. When users update Client Access automatically, they are running the setup.exe file associated with it. If this setup.exe were to be infected this would infect all PCs when they run Automatic Update
- HTTP server admin and configuration files are stored in /QIBM/Userdata directory. If these files are deleted or modified then the HTTP server could be brought down and the entire web site require a complete re-install
The list of potential problems with the IFS goes on.
Vulnerabilities - Not Just The IFS
Security concerns with the IBM i are not aligned with the IFS alone. Perhaps the biggest risk to data theft and potential impairment of the server comes from those who know the system well, and have access to it – whether as legitimate users and technical staff, or as outsiders who have sniffed out user profiles, passwords, and addresses and have found their way into the server. Anyone with the necessary skills, the necessary access, and the necessary authority could do a lot of damage. And when we think about legitimate users, we need to be aware that this category can be split into those with illicit intent and those simply making mistakes – if you asked a roomful of experienced IBM i techies if they had ever accidentally deleted an important file or object, then it is quite likely that everyone (bar the overly embarrassed) would raise their hand.
This discussion on IBM i security is not exhaustive, but does show some of the problem areas that user need to be aware of.
IBM i is Highly Secureable
Even taking into account the discussion in the previous paragraphs, to this day the IBM i still enjoys an enviable reputation for its security and reliability. And rightly so! However, users do tend to overestimate the operating system’s inherent security and, as a result, do not take the necessary precautions to prevent an attack or data breach.
Without locking the system down completely, thus rendering most of its powerful features useless, the best way to mitigate security concerns related to the IBM i is through the strong definition and implementation of an organisation’s Security Policy, and the implementation of solid object access controls, virus protection, encryption, and auditing.
The IBM i is highly securable – with securable being the key word. To keep it secure, the IBM i platform’s inherent security weaknesses need to be continually managed.
While the IBM i has a number of features that go some way towards addressing its inherent weaknesses, 3rd-party solutions are available to enable companies to manage their security policies, object access controls, virus protection, encryption, and auditing in a far more efficient and reliable manner than the platform provides out of the box. For further information, contact is using the form below.