With thousands of configuration settings and permissions to manage inside of AIX systems, it can seem overwhelming to ensure these systems maintain proper compliance. From users, password services, file, and directory permissions to how file systems are mounted and configured, there are countless elements to be on the lookout for. As you expand this into many different systems and start adding in Linux machines, which have the same compliance rules, and then add in your Windows machines with the same compliance rules, you quickly understand the tremendous scope you are managing, even in a small configuration with a few dozen systems.
The vast majority of systems that HelpSystems works with are not securely configured when we first start our engagements. This does not mean these systems can’t be secured, but instead it means that people typically do not initially set up these configurations using a recommended method. Luckily, once we’re enlisted, we have the opportunity to make these required changes and implement a more secure solution.
When examining this graph with the different types of security incidents and their related causes over the last few years, we can see that simple misconfiguration of the computer systems was the source of a large percentage of security incidents. After the big burst of everyone reporting these misconfigurations, there was a lull. However, this only indicates a lull in reporting these mistakes, not necessarily a decrease in actual misconfiguration-based incidents.
Despite this trend, even throughout 2016 and 2017, there were still a considerable number of reported misconfigurations. With the continuous stream of big databases breached as reported in the news last year, whether from the wrong configuration on the cloud or misconfiguration in the S3 bucket, and based on our extensive experience, we know that incorrect configurations are still a major problem. Our goal with this course is to help get people and organizations on a path to optimized configuration of their AIX systems, aiming to put a long-term plan in place to avoid these simple errors.