Ebook

An Introduction to IBM i Security Risk Assessment

A deep level of understanding is required to assess compliance and implement security controls across your enterprise given today’s expanding landscape of regulations that require protection of financial data, personally identifiable information and other sensitive corporate data. Continuous assessment of security risks is necessary to understand not only your initial or current security posture, but to ensure that security controls continue to be set in a way that protects the sensitive data stored on your servers.

A common misconception that can leave IBM i systems open to data breaches is that addressing physical and network security is enough to keep systems and data safe. Though controlling physical access and ensuring network security is important, the most common vulnerabilities in IBM i environments come from improper security configurations.

To understand security risks on your IBM i, it is essential to review security settings and configurations throughout the system. However, performing a risk assessment on an IBM i server requires significant knowledge of dozens of IBM i capabilities and their related configurations. Reviewing an IBM i security configuration also requires in-depth knowledge of the implementation of each specific system capability. If you are considering performing your own assessment, it is crucial to be aware of the critical aspects of your IBM i system’s configurations that you should inspect. This eBook overviews just some of these important areas and shares how Precisely can help with your assessment needs.

Operating System Security Settings

There are dozens of security-related system values and network attributes that must be assessed to ensure your IBM i system is configured with secure settings. Reviewing these higher-level security settings is an essential step in evaluating your security configuration.
To view the security-related system values on IBM i, you can use the WRKSYSVAL(*SEC) CL command.

Security Level – System value QSECURITY controls the security level of your IBM i Server.  This system value must be set to 40 or 50 to ensure a secure IBM i
runtime environment.

Password Settings – System values exist to control both password composition and expiration intervals. The configuration of these QPWDxxx system values
must be examined to ensure they enforce strong password policies on your IBM i.

Audit Level – The QAUDxxx system values control audit support on your IBM i server.  These values must be evaluated as part of your security risk assessment
to ensure that auditing is active on your system and that the appropriate level of audit data for your enterprise is being captured in the QAUDJRN
audit journal.

If you are considering performing an IBM i security assessment, it is crucial to be aware of the critical aspects of your IBM i system’s configurations that you should inspect. Download this eBook for an introduction to key areas to examine as part of your assessment, and learn how Precisely can help.

IBM i Security Risk Assessment by Precisely