the easy button for provisioning ibm i users
TRANSCRIPT
All trademarks and registered trademarks are the property of their respective owners.© HelpSystems LLC. All rights reserved.
The “Easy” Button forProvisioning IBM i Users
© HelpSystems. All rights reserved.
• Introduction
• The Profile Challenge• Why Policy Matters• Power Admin Demonstration• Security Scan
Today's Agenda
© HelpSystems. All rights reserved.
ROBIN TATAM, CISM CBCA PCI-PDirector of Security Technologies
Today's Speakers
© HelpSystems. All rights reserved.
PAUL CULINSr. Information Security Engineer
Today's Speakers
© HelpSystems. All rights reserved.
• Expansive Multi-Platform Software Portfolio.• Comprehensive Professional Services.• World-Class Security Experts:
– Robin Tatam, CISM CBCA PCI-P– Carol Woodbury, CRISC
• Member of PCI Security Standards Council.• Authorized by NASBA to Issue CPE Credits for Security Education.• Publisher of the Annual “State of IBM i Security” Report.
About HelpSystems’ Security Investment
© HelpSystems. All rights reserved.
Comprehensive Security Solutions
© HelpSystems. All rights reserved.
Best of Breed Security Products
© HelpSystems. All rights reserved.
Data Security Lifecycle
Professional Security Services
© HelpSystems. All rights reserved.
• Introduction• The Profile Challenge
• Why Policy Matters• Power Admin Demonstration• Security Scan
Today's Agenda
© HelpSystems. All rights reserved.
The State of IBM i Security Study
HelpSystems uses anonymous audit data from our Security Scan tool to compile an annual study of security statistics.
This study (available online) provides a picture of what IBM i shops are currently doing with their security controls.
And, year after year, it shows that there is definitely still room (and a need) for improvement!
(The study sample consists of security-aware environments.)
© HelpSystems. All rights reserved.
• Special authorities are only for administrators!– *ALLOBJ: Complete control of the system
– *SAVSYS: Save, restore, and delete anything
– *SPLCTL: Complete control of spooled files
– *SERVICE: Alter hardware, storage, and clear disks
– *SECADM: Create and delete user profiles
– *JOBCTL: Manage jobs, PWRDWNSYS, and more
– *IOSYSCFG: Configure communication services, TCP/IP
– *AUDIT: Modify system audit values
• Learn more at:www.helpsystems.com/resources/guides/managing-privileged-users-ibm-i
Special Authorities: What's So Special?
© HelpSystems. All rights reserved.
2016 State of IBM i Security Study
*ALLOBJ *SECADM *IOSYSCFG *AUDIT *SPLCTL *SERVICE *JOBCTL *SAVSYS0
50
100
150
200
250
300
350
400
450
500
Type of Authority
No. o
f Use
rs (A
vera
ge)
© HelpSystems. All rights reserved.
2016 State of IBM i Security Study
Default passwords are banned by compliance mandates, and for GOOD reason! Review and resolve using ANZDFTPWD
Not the fault of the “end” user
© HelpSystems. All rights reserved.
• Introduction• The Profile Challenge• Why Policy Matters
• Power Admin Demonstration• Security Scan
Today's Agenda
© HelpSystems. All rights reserved.
• Legislatures create laws– Sarbanes-Oxley, HIPAA, Gramm-Leach-Bliley, SB1386, and more
• Laws are open to interpretation– Sarbanes-Oxley Section 404:
“Perform annual assessment of the effectiveness of internal control over financial reporting…”
“…and obtain attestation from external auditors”
• Auditors are the interpreters
Legislative Reactions
© HelpSystems. All rights reserved.
• Auditors interpret regulations:– Auditors focus on frameworks and processes
– Auditors have concluded that IT is lacking when it comes to internal controls
• Executives tend to follow auditor recommendations
The Auditor's View
© HelpSystems. All rights reserved.
• Distributed Provisioning:– Ensure that users are created on (and only on) the necessary systems
Programmers only onboarded on development partitions Rapid deployment of new users in defined roles Audit and realignment during profile lifecycle Simple end-of-life processing
The Auditor's View
© HelpSystems. All rights reserved.
• Resolve Inconsistencies:– Ensure that users are created using a standardized template
Special authorities Command line restrictions Initial program and menu Accounting code
The Auditor's View
Applicable to both uni- and multi-partition servers
© HelpSystems. All rights reserved.
Endless News Reports of Insider Breaches
© HelpSystems. All rights reserved.
ROLE-BASEDSECURITY
EVENT HISTORYAND REPORTING
HIGHLIGHTPOLICYEXCEPTIONS OR UNAUTHORIZEDUPDATES TOPROFILES
Solution: Power Admin
TEMPLATE-BASED MANAGEMENT
© HelpSystems. All rights reserved.
• Government regulators and IT auditors demand accountability.• Legislatures have created laws that require us to prove that our IT
infrastructure is secure.• Non-compliance penalties range from public disclosure and fines to
prison sentences for executives.• Executives are finally taking IBM i security very seriously.
Why Power Admin?
© HelpSystems. All rights reserved.
• Allows you to reclaim the user lifecycle to ensure a consistent, managed profile environment– Power Admin lets you specify where and how users are deployed.
– Power Admin removes the complexity and costs associated with managing profiles across many virtual machines.
– Power Admin works with IBM i security to correctly protect assets.
– Power Admin audits the configuration of users between their creation and deletion.
Why Power Admin?
© HelpSystems. All rights reserved.
• Introduction• The Profile Challenge• Why Policy Matters• Power Admin Demonstration
• Security Scan
Today's Agenda
© HelpSystems. All rights reserved.
• Introduction• The Profile Challenge• Why Policy Matters• Power Admin Demonstration• Security Scan
Today's Agenda
© HelpSystems. All rights reserved.
YOUR PC YOUR IBM i SERVER YOUR VULNERABILITIES
Automated Vulnerability Testing
© HelpSystems. All rights reserved.
• IT Security has executive attention– This is the best opportunity to solve long-standing problems
– Gain management approval now
• Control users with broad authority to production data– Leaving user configuration to chance is both an audit exception and an
accident waiting to happen
• Limit the deployment of powerful profiles– Monitor and report when profiles are non-compliant
– Consistent provisioning of users
Summary
© HelpSystems. All rights reserved.
• Please visit www.helpsystems.com to access:– Demonstration Videos & Trial Downloads
– Product Information Data Sheets
– Guides & Technical Articles
– Customer Success Stories
– How-To Articles
– To request a FREE Security Scan
Additional Resources
www.helpsystems.com(800) 328-1000
© HelpSystems. All rights reserved.
Questions
© HelpSystems. All rights reserved.