New IBM i Security Study Reveals User Provisioning Oversight and Network Access Exposures

May 22, 2013

The 10th anniversary of the annual State of IBM i Security Study comes a year after the largest data breaches in U.S. history.

Minneapolis, MN, May 22, 2013—PowerTech, a division of Help/Systems, announces the release of the 2013 State of IBM i Security Study.

The 2013 findings show that IBM i user provisioning is a significant source of vulnerability, with averages that include:

  • 79 users had default passwords—50 percent of which are enabled for use
  • 197 enabled users had command line permissions
  • 31 servers didn’t require users to change passwords
  • 9 servers permitted an unlimited number of sign-on attempts

“Every year I expect the results to improve,” explained Robin Tatam, PowerTech Director of Security Technologies and the study’s author. “But 10 years after the first release, we are still finding vulnerabilities from poor profile management and little to no IBM i network security.”

In addition to IBM i user provisioning errors, the study also found that 79 percent of servers don’t monitor network access, which means that anyone with an enabled user profile can directly access business-critical data via interfaces such as FTP and ODBC without authorization.

The 2013 findings were compiled from over 100 Compliance Assessment audits on IBM i servers of varying sizes and across multiple industries, including financial, retail, and manufacturing.

“It’s critical to recognize that security for the server does not come preconfigured,” said Tatam. “IBM i remains one of the most securable platforms, but this ‘load-and-go’ perception puts organizations at risk for data loss, fraud, or worse.”

Tatam emphasized that the weaknesses identified in the study can—and should be—corrected with proper configuration settings, administration, and an IBM i security policy.

About PowerTech:

PowerTech is a Help/Systems company. Help/Systems, LLC is a leading provider of systems management, security, and business intelligence solutions. Help/Systems software reduces data center costs by improving operational control and delivery of IT services. Founded in 1982, the company has 14 offices worldwide and over 7,000 customers from small businesses to Fortune 100 companies. Based in Minneapolis, Minnesota, Help/Systems sells its solutions directly and through strategic partners worldwide.

Help/Systems sells the following brands: Robot, SEQUEL Software, PowerTech, Skybot Software, Safestone, CCSS, InterMapper, ShowCase, and Bytware. For more information, visit www.helpsystems.com.

Colleen Kulhanek
Director of Global Marketing
(952) 563-2798
colleen.kulhanek@helpsystems.com

Recent News

News
August 7, 2018

Policy Minder has been expanded to empower security monitoring for data stored on Amazon S3, giving IT professionals peace of mind any misconfigurations or oversights will be detected and rectified.

News
July 17, 2018

This update to Vityl Capacity Management brings all pieces of a capacity management practice into one tool. Users can now take business developments, IT changes, industry factors, and more into account to create capacity plans in an intuitive workflow. The newest release also supports container monitoring, an essential when move applications from one platform to another.

News
June 16, 2018

CEO Chris Heim took over one of the Twin Cities’ largest software and IT-services firms in 2014. Before joining HelpSystems, Heim was CEO of Axium Software, a Portland, Ore.-based software company that was sold to Deltek in 2014. From 2007 to...