Building a Multi-Layered Defense for Your IBM i Security
Syncsort
50 views
31 slides
Jun 04, 2024
Slide 1 of 31
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
About This Presentation
In today's challenging security environment, new vulnerabilities emerge daily, leaving even patched systems exposed. While IBM works tirelessly to release fixes as they discover vulnerabilities, bad actors are constantly innovating. Don't settle for reactive defense – secure your IT with a...
Slide Content
Building a Multi-Layered Defense for Your IBM i Security Bill Hammond | Director, Product Marketing Boris Breslav | Principal Technology Architect Denise Tabor| Senior Product Management Director
Today’s Topics Security threats are constantly evolving Security vulnerabilities Real world example of a security vulnerability on IBM i Solutions: holistic approach to security and layered defense Assure Security enhancements Q & A 2
Evolving Security threats
Security Landscape Business-Driven Security Multi-Factor Authentication Business impacts No longer a siloed IT concern. It's a critical business service and security teams are measured on how well they protect business outcomes Not just for financial institutions... Expect to see more biometric authentication methods alongside traditional passwords and codes Boardroom Focus Cloud Integration Rising costs of data breaches driving boards to demand more strategic approaches to risk management Expect continued focus on tighter integration between z/OS security and IBM's cloud security offerings. This would allow for a more holistic view of security posture across hybrid environments. 4
Security Landscape Artificial Intelligence Product Consolidation Double edged sword – AI can assist both security professionals and the bad actors developing new threats Individual security point products being combined into broader platforms that offer a more holistic approach Regulations Driving Change Quantum-Safe Cryptography New regulations are mandating a stronger security posture, forcing organizations to invest in expertise and improve their overall cyber resilience Current encryption solutions will become vulnerable with the broader usage of quantum computing solutions. 5 Marketplace drivers
IBM i security challenges 6 Perception of Impregnability : A false sense of security can exist due to the platform's strong foundation. Organizations may neglect essential security practices like regular updates, user access controls, and penetration testing. Integration Challenges : IBM i environments often integrate with newer, more open systems. These connections can introduce vulnerabilities if security isn't carefully managed across all platforms. Skilled Staff Shortage : Finding IT security professionals with specific IBM i expertise can be difficult. This can make it challenging to maintain a strong security posture and keep up with the latest threats. Evolving Attack Landscape : Cybercriminals are constantly developing new methods to exploit vulnerabilities. While IBM i is inherently secure, attackers may target weaknesses in custom applications, open-source integrations, or user errors. Keeping Up with Updates : Balancing the need for stability with the importance of applying security patches can be a challenge. Downtime for updates can disrupt critical business operations.
Security Vulnerabilities
(1) Wikipedia Security Vulnerabilities 8 Vulnerabilities are discovered all the time and it’s a matter of time until the next vulnerability is revealed. Any software, not just IBM i OS A zero-day is a vulnerability or security hole in a computer system unknown to its owners, developers or anyone capable of mitigating it. Until the vulnerability is remedied, threat actors can exploit it in a zero-day exploit, or zero-day attack (1)
IBM i Security Bulletin Notifications 9 Subscribe to Security Bulletin Notifications https://www.ibm.com/support/pages/node/718119 Select the IBM i product Select Flash and Security Bulletin document types Examine the notification and determine severity and relevance A look at an X-Force Vulnerability Report Cybersecurity objectives Hacking methodology
(1) Slightly modified NIST glossary definition Cybersecurity Objectives Cybersecurity definition Prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its confidentiality, integrity and availability (1) The CIA triad Confidentiality – authorized access only Integrity – information is consistent and accurate Availability – information is readily accessible 10
Hacking Methodology 11 Reconnaissance Enumeration and Scanning Gaining access Privilege escalation Maintaining access Cleanup
Real world example of a security vulnerability on IBM i
IBM X-Force Exchange 13 X-Force Exchange is a threat intelligence sharing platform that can be used to rapidly research the latest global security threats, aggregate actionable intelligence, consult with experts and collaborate with peers (1) IBM X-Force Exchange is intended primarily for security analysts, but anyone in the security space can get value from XFE, including members of a security operations center (SOC), network security operators, security managers, and Chief Information Security Officers (1) (1) IBM X-Force Exchange FAQ
Presentation name Vulnerability Report 14
Solutions
Holistic Approach to Security 16 Security program Formalized, continuous, and measurable security strategy Documented by policies, standards, procedures and guidelines Patch and Configuration Management Standard Define a response time criteria for different CVSS Base Score levels Risk Management Layered defense as part of the risk mitigation response More about the holistic approach to security https://static.sched.com/hosted_files/powerup2024/16/What%20Does%20a%20Full-Featured%20Security%20Strategy%20Look%20Like%20-%20COMMON%202024.pdf
Layered Defense with Assure Security Suite 17 Network security Use Assure SAM and Assure MFA to control access to services and applications System security Use Assure AMR to monitor system events and system configuration, for example, user profiles and their authority to execute tasks on the system Use Assure EAM to give access to system resources based on the least privilege concept Use Assure SAM to restrict access to specific commands Object security Use Assure AMR to monitor object authority Use Assure EAM to give access to objects based on the least privilege concept Data security Use Assure Encryption to protect data from unauthorized access
Layered Defense for Zero-day Vulnerability 18 Privilege escalation phase IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call A malicious actor could cause user-controlled code to run with administrator privilege The malicious actor has already gained access to the IBM i command line Layered defense Use Assure SAM and MFA to control access to the system so the attacker would not be able to exploit IBM Performance Tools for i Use Assure SAM to restrict access to the create program commands and file transfer Use Assure AMR to monitor security audit journal for access to commands and sensitive files Use Assure AMR to object authority to user profiles with special authority Use Assure EAM to monitor admin sessions on production systems Use Assure Encryption as the last line of defense to prevent data theft
Assure Security Enhancements
20 Enhancing the User Interface and streamlining the implementation of security policies Offering an advanced encryption mode to bolster the protection of sensitive data Facilitating licensing support for Cloud environments through the allowance of LPAR Mobility Provide tighter controls and monitor more potential exposure in IBM i environments Precisely - Internal Use Only
Modern User Interface Benefits Reduced learning curve Faster task completion GUIs are typically more intuitive and easier to learn than complex command line interfaces. Users can often grasp basic functionality without extensive training. Step-through wizards guide the user through complex tasks Visual representations of data, drag-and-drop functionality, and readily available menus can streamline common tasks compared to memorizing and typing commands. Reduced errors Increased accessibility GUIs often provide visual cues and error checking that can help prevent mistakes during data entry or command execution. GUIs can be more accessible for users with disabilities through features like icons and keyboard shortcuts. 21
Assure Security User Modern UI’s 22
Improving Encryption Stronger encryption Encrypt while active Updated the encryption algorithm being used in Assure Security (SP 7.0.15). Customers will need to adopt as the old algorithm will be deprecated next year. This solution is designed to help our customers reduce downtime significantly while providing a more streamlined and automated process for rotating encryption keys. Reduced errors Protecting the data through encryption and secure file transfer is a critical element of security and compliance for the IBM i 23 Best Practices Regular rotation of Encryption Keys is recommended
Supporting licensing for the cloud 24 Licensing Grace Period We are now providing a built-in LPAR mobility option: Keys allow a 7-day grace period for moving LPARs to unknown serial numbers. Eases Transition Grace period allows you to save and restore Assure Security to a different system effortlessly. Ensures Continuity During this grace period, Assure Security will run on the new system without any interruptions Key Regeneration Users will have the opportunity to obtain a new set of keys, ensuring that security standards remain uncompromised Grace Period Activation The Grace Period is automatically activated under certain conditions, which are detected through the LAKEVIEW/DSPSYSINF system information display.
Q & A
Presentation name Suggested Timeline 27 Checkpoint for slides May 29 Recording date June 3 Broadcast date June 5
Today’s Topics Security threats are constantly evolving Security Vulnerabilities Real world examples of security vulnerabilities on IBM i Solution: Implementing a strong security posture Assure Security enhancements Q & A 28
Vulnerability (Example 2) 29
Layered Defense for Zero-day (Example 1) 30 Privilege escalation phase IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call A malicious actor could cause user-controlled code to run with administrator privilege The malicious actor has already gained access to the IBM i command line Layered defense Use Assure SAM and MFA to control access to the system so the attacker would not be able to exploit IBM Performance Tools Use Assure SAM to restrict access to the create program commands and file transfer Use Assure AMR to monitor security audit journal for access to commands and sensitive files Use Assure EAM to monitor admin sessions on production systems Use Assure Encryption as the last line of defense to prevent data theft
Layered Defense for Zero-day (Example 2) 31 Gaining access phase OpenSSH could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of shell metacharacters By sending a specially crafted request using expansion tokens, an attacker could exploit this vulnerability to execute arbitrary commands on the system The vulnerability allows a remote attacker to execute commands on IBM I while bypassing authentication Layered defense Shutdown the SSHD server if you don’t use it and use Assure SAM to control listening ports Use Assure SAM to restrict access to the SSHD server from specific IP addresses Use Assure SAM to reject reverse shell connections Use Assure AMR to monitor security audit journal for access to commands and sensitive files Use Assure Encryption as the last line of defense to prevent data theft
Tags
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 50
- Slides 31
- Age 545 days
Related Slideshows
1
DTI BPI Pivot Small Business - BUSINESS START UP PLAN
MeljunCortes
29 views
1
CATHOLIC EDUCATIONAL Corporate Responsibilities
MeljunCortes
30 views
11
Karin Schaupp – Evocation; lançamento: 2000
alfeuRIO
29 views
10
Pillars of Biblical Oneness in the Book of Acts
JanParon
26 views
31
7-10. STP + Branding and Product & Services Strategies.pptx
itsyash298
28 views
44
Business Legislation PPT - UNIT 1 jimllpkggg
slogeshk98
31 views