The Essential Layers of IBM i Security
The six layers of IBM i Security and how Precisely can help.
The increased frequency of high-profile breaches and the corresponding rise of new and expanded regulatory compliance requirements is putting enormous pressure on IT departments to assure their corporate executives that business-critical systems and data are secure. One particular statistic from a recently conducted Precisely survey of IT professionals is revealing in that 69% of respondents said they were only “somewhat confident” (or worse) in the effectiveness of their company’s IT security program. Given today’s rapidly evolving security threats, even being “somewhat confident” doesn’t cut it.
Improving confidence in one’s IT security posture requires a solid understanding of all potential vulnerabilities as well as the most effective best practices and technologies in order to minimize the possibility of a breach. To help, Precisely has created this white paper as a roadmap, grouping together important security best practices and technologies into six primary categories or “layers.” These layers cover physical devices, networks, configuration of the IBM i OS, access to systems, protection of data at the file and field level, and monitoring and auditing of systems. The reason it’s particularly helpful to view these security categories as “layers” is that, to some extent, each category overlaps with the others to provide multiple lines of defense. In other words, should one security layer be somehow compromised, there’s a good chance that another layer will thwart a would-be intruder. The six layers of IBM i security are summarized in
the following diagram and are detailed in the remainder of this white paper.
The networks to which an IBM i is connected must be carefully secured, and if any of these networks are connected to the Internet, extra vigilance is required as Internet-connected networks often see thousands of access attempts each day by bots, sniffers, and hackers.
- Firewalls — By examining the flow of data entering a network, firewalls prevent unauthorized traffic by allowing only network traffic that meets predefined firewall rules.
- Intrusion-detection system (IDS) and intrusion-prevention system (IPS) — These technologies go beyond traditional firewall capabilities by analyzing traffic within the network itself for suspicious patterns of activity and then triggering alerts when such activity is detected. IPS goes a step further than IDS by acting to prevent the suspicious activity from affecting the network.
- Network segmentation — A network-security best practice is to avoid putting all IT assets together within a single network. By grouping together within each network only the systems and components that are related to one or more specific applications, only those assets would be compromised should a breach occur.
Download this white paper to learn more about the six layers of IBM i security and how Precisely can help you build and optimize your own layers with our best-in-class security software solutions.