Over recent years I’ve become increasingly focused on connecting IBM i Systems to the Internet – aka cloud for you trendy peeps. We live in an internet connected world and the requirements for business to plug their back office Power Servers into this big cloud is rapidly becoming a standard.
With the huge increase in mobile development and webservice focused business even IT Departments that have never thought about internet connection are now considering the consequences.
This leads to many of my friends, clients and random drunken strangers I meet in a pub, asking me the same question:
HOW SECURE IS IBM I (AS400/iSERIES) INTERNET CONNECTION?
Well, the simple answer is “IBM i has world class security levels, a great firewall and terrific authority auditing tools. It’s tried and tested. But you must assume that it will never be 100% secure”
There are just too many bad guys out there in the murky corners of the internet. Bad guys who like to try and break into companies servers to steal, to prove they could do it and sometimes just for fun.
There are squillions of website resources so I’m going to list a few to use as library I can easily point people at:
“The IBM® i operation system (formerly IBM i5/OS®) is considered one of the most secure systems in the industry. From the beginning, security was designed as an integral part of the system. The System i® platform provides a rich set of security features and services that pertain to the goals of authentication, authorization, integrity, confidentiality, and auditing. However, if an IBM Client does not know that a service, such as a virtual private network (VPN) or hardware cryptographic support, exists on the system, it will not use it.
In addition, there are more and more security auditors and consultants who are in charge of implementing corporate security policies in an organization. In many cases, they are not familiar with the IBM i operating system, but must understand the security services that are available.
This IBM Redbooks® publication guides you through the broad range of native security features that are available within IBM i Version and release level 6.1. This book is intended for security auditors and consultants, IBM System Specialists, Business Partners, and clients to help you answer first-level questions concerning the security features that are available under IBM.”
This is essential reading. It’s from IBM. I’ve attached a copy of the PDF to this blog.
“This comprehensive Guide to OS/400 and i5/0S security is your one-stop resource for securing the information assets of your business. Written by two of the industry’s most knowledgeable security experts, Carol Woodbury and IBM’s Patrick Botz, this book is your ticket to a secure enterprise. You’ll learn the A-Z of OS/400 security, including important new features available in OS/400 Version 5 Release 2 plus a complete rundown on the security enhancements in IBM’s “next generation” of OS/400: i5/OS V5R3. You’ll find detailed descriptions of system values, user profiles, object authorization, and more. Special chapters address several critical areas of OS/400 security: writing a security policy, service tools security, securing the IFS, Internet security, and OS/400-i5/OS single sign-on.”
I have recently been reviewing our company’s security implementation in light of Sarbanes Oxley. This book has helped has been a tremendous help. This book explains what actually happens when you select a security option.
I also like the writing style of this book. It doesn’t matter whether you are an IBm i / iSeries / AS400 expert or novice, the advice and recommendations will enable anyone to secure their system and meet their unique requirements.
“Security issues related to the Internet are significant. This topic provides an overview of IBM i security strengths and security offerings. When you connect your System i platform to the Internet, typically one of your first questions is, “What should I know about security and the Internet?” This topic can help you to answer this question. What you need to know depends on how you want to use the Internet. Your first venture into the Internet is to provide your internal network users with access to the Web and Internet e-mail. You might also want the ability to transfer sensitive information from one site to another. Eventually, you can plan to use the Internet for e-commerce or to create an extranet between your company and your business partners and suppliers.”