Run SQL Scripts- Automating Your Analysis

Of course, by now you should realize that you don’t have to re-create your SQL. You can use the Save function in Run SQL Scripts to save your work. What I suggest you do is put all of the SQL that you need to run regularly into a separate Run SQL Script file; then run …

NETSTAT – Securing the Connection to IBM i

One way to look at all connections is to use the Work with TCP/IP Network Status (WRKTCPSTS) command, aka NETSTAT. Choosing to look at the IPv4 and IPv6 connections will show you the established connections and which server they’re connected to. The server name will indicate whether the connection is secure, typically by adding either …

Controlling Who Can Use SSH – Securing the Connection to IBM i

One of the servers I am going to spend a bit of time on is Secure Shell (SSH) because it’s become widely used and SSH clients are readily available. If you’re not controlling what can be installed on your users’ desktops, an SSH client such as PuTTY can be download, installed, and in use in …

Controlling Access to New Nav- Implementing Function Usage (Application Administration)

Let’s take a look at how controlling New Nav and ACS is accomplished. One thing I really like about this new version of Function Usage is that it’s far easier to control access to the New Nav categories. In Heritage Nav, you couldn’t control access at the category level. You had to set the controls …

Final Recommendations for Reducing Risk in the IFS:- Tips for Securing the IFS and Avoiding Malware

A Green-Screen Method to Manage NetServer Security Obviously, the purpose of this entire book is to help you use more modern interfaces. But in the interest of getting you to use these updated features of the NetServer as well as for those organizations that limit the use of web interfaces, there’s a green-screen menu that …

Control Access to a Specific File Share- Tips for Securing the IFS and Avoiding Malware

The addition of this support brings file-share support more in line with the Windows concept of a file share, where you can control who can use the actual share and not have to rely on the users’ permission to what’s being shared. This ability is again implemented using an authorization list, and again, it does …

Step #3: Set the appropriate permissions to IBM-supplied directories.- Tips for Securing the IFS and Avoiding Malware

At this point, you’ve removed unnecessary shares, probably had to remap some users from a share to root to some other share defined closer to the objects being accessed, and set shares to Read-only where possible. For all remaining shares, the next step is to review the permissions on the object being shared with the …

Steps to Reducing the Risk- Tips for Securing the IFS and Avoiding Malware

You can take three steps to greatly reduce the risk of devastating malware/ransomware infections. Step #1: Examine who is using the file shares and eliminate ones that are no longer in use. To see the list of file shares defined on the partition, launch New Nav, click on the File folder icon, and choose File …

Reworking the Authority Scheme of an Entire Application- Successfully Securing Objects by Using Authority Collection, IBM i Services, and Auditing

I cover this topic extensively in chapter 17 of IBM i Security Administration and Compliance, Third Edition, but I wanted to mention a few things here. That chapter was originally written prior to Authority Collection being available. Some might wonder if I’d replace that guidance with the use of Authority Collection. The answer is no. …

Dynamic SQL- Adopted Authority

Finally, dynamic SQL is used quite frequently today, and it’s often the case that the dynamic SQL statement within the program should adopt authority just as the program it’s in adopts authority. The problem is that that doesn’t happen by default. Even when the program’s User profile attribute is set to *OWNER, the dynamic SQL …