Category Archives: IBM i Security

Remember the Heartbleed bug of a few years ago? Once you fixed it, you thought you were in great shape, right? Well guess again. Heartbleed was just a symptom of much deeper issues with OpenSSL. Perhaps the most dangerous are … Continue reading

Posted in IBM i Security | Tagged , , | Leave a comment

Back in the ‘80s, President Reagan said of a missile treaty with the Soviet Union, “Trust, but Verify.” That phrase is very apt for information security too; especially as it relates to securing data on your internal systems.

Posted in IBM i Security, Info Security Mgmt, User Authority | Tagged , , , , | Leave a comment

I thought it would be interesting for my first Security Bytes post of 2107 to pull together the most popular posts from 2016 based on number of readers. As an added attraction, I’ve also included the most popular post in … Continue reading

Posted in IBM i Security, Single Sign-On (SSO) | Tagged , , , , | Leave a comment

You may have noticed that I often recommend that folks just get started doing a little something to address information security. Don’t let everything else you should be doing get in the way of taking steps to secure your system. … Continue reading

Posted in IBM i Security, Info Security Mgmt | Tagged , , , | Leave a comment

A common web server setup with an uncommon SSO hiccup Last week an SSO stat! customer called me needing some help. They had the Apache Web server on IBM i configured to use Kerberos authentication, and it had been working … Continue reading

Posted in Authentication, IBM i Security, Single Sign-On (SSO) | Tagged , , , , , | Leave a comment

In the latest version of her well-known IBM i security reference, IBM i Security Administration and Compliance, Carol Woodbury hits the ball out of the park. Not only does the book provide valuable technical information, it also introduces the reader … Continue reading

Posted in Announcement, IBM i Security | Tagged , , , , , | Leave a comment

OR… How to Recognize the Threat in the Seedling You regularly read news of security breaches, right? So why are all these businesses – large and small – getting hacked, cracked, and/or extorted by ransomware?

Posted in IBM i Security, Info Security Mgmt, Security Breach | Tagged , , , | Leave a comment

You may have heard that IBM included an interesting new security-related enhancement in the V7.3 release. Called authority collection, it provides information intended to help security administrators minimize the amount of authority to objects granted to users on a system.

Posted in Announcement, IBM i Security, User Authority | Tagged , , , , , , | Leave a comment

“Security by obscurity” means relying on lack of knowledge of how a thing is protected as the sole means of preventing unauthorized access to that thing. There’s been a debate going on over at the Midrange-L discussion forum about the efficacy of this … Continue reading

Posted in Encryption, IBM i Security | Tagged , , , , | Leave a comment

Verizon’s “Data breach digest. Scenarios from the field.” document includes a description of a successful attack on a water utility running on an “AS/400” (a.k.a. IBM i.)  It describes how a suspected Syrian “hacktivist” group broke into an IBM i … Continue reading

Posted in IBM i Security, Info Security Mgmt | Tagged , , , , | Leave a comment