Nov 20 2008 11:59AM GMT
Posted by: Leah Rosin
Security – alerts – compliance,
Web sites/resources
Businesses with 100 to 1,000 employees may want to take a look at a free security assessment tool that has been released by the Aberdeen Group and IBM. A sample report representing what you can expect to get after filling out the survey is provided. The report shows how your organization stacks up against similar organizations (over 30,000) that have also been evaluated. This information could be helpful in determining what to focus on in your security set-up. Of course, by filling out the survey you allow IBM and Aberdeen to contact you regarding your security infrastructure.
Let us know if you take the survey and find any surprises or what your opinion is about this tool.
Jul 28 2008 8:26AM GMT
Posted by: Mark Fontecchio
Security – alerts – compliance,
Humor,
System i software
The second episode of MoshiMoshi, an interactive Web game sponsored by System i vendor Bytware, is coming to a close this week (July 30, to be exact). We here had written pretty extensively about the first episode, which follows the trials and tribulations of various characters in a fictional corporation as they come across various dilemmas involving IT security.
It’s a good diversion from a typical, mundane day, and there’s a chance you could win prizes such as free consulting or software licenses.
Apr 14 2008 3:43PM GMT
Posted by: Jeannette Beltran
AS/400,
Security – alerts – compliance
A recent PowerTech Group study of System i shops concludes that many companies are lagging behind when it comes to implementing proper security measures on their systems. Rich Loeber, president of iSeries security product provider Kisco Information Systems Inc., shares his thoughts on the study.
Over the years, IBM has done a good job of selling the public on the idea that the System i is “the most secure processor available today.” However, the company has not done nearly as good of a job explaining how to make the system secure. Doing that takes work, some of which is not necessarily intuitive. Someone needs to be put in charge of the security setup of the system and design an approach to security for the installation. Often, security takes a back seat to other more pressing needs for the company … until a disaster happens.
Another observation I have is that security efforts are very much focused on the network and keeping outsiders out of the system. But studies clearly reveal that nearly as many security breakdowns happen from inside sources as from outside hackers. Too often it is the insider with too much access to the system who compromises sensitive information. With the advent of convenient storage media, some that you can pass off as a fob on a key chain, the inside threat cannot be ignored.
The system is only as secure as the implementation of the security features. I5/OS may be the most secure operating system around, but if it is not used correctly, you might as well have any OS in place. I have customers who’ve purchased our network security product, SafeNet/400 and have had it in place for years without activating it to control access. They’re just logging activity, when the software has the ability to control activity and prevent unauthorized access attempts. When I hear of one of these accounts, I try to chide them into taking the software up to the next level of protection, but I’ve had little success with these attempts.
One of these days, there is going to be a TJ Maxx or Hannaford security breakdown that’s tracked to System i, and all those who’ve been touting the box’s strong security are going to be back-pedaling like mad.
I don’t really know what to do about this except to sing this song over and over again. I write a monthly column on System i security for Search400.com and I regularly raise these basic issues with my readers. I think that may be my small contribution — educating System i users on what they have and how to use it.
Mar 19 2008 11:50AM GMT
Posted by: Mark Fontecchio
Security – alerts – compliance,
COMMON,
System i software
Bytware, the System i security software company that brought you the i5virus game, has another ad campaign in the works that will include some interactive Flash games.
MoshiMoshi (”moshi moshi” is a traditional telephone greeting in Japan) will be launched at the Common conference in Nashville later this month, and will follow the trials and tribulations of the various characters in a fictional corporation. As the different characters come across various dilemmas involving IT security, users playing the game can decide what the characters will do. Some of the characters have humorous names — the accountant’s last name is “Sudoku,” for example, while the boss’s last name is “Ono.” As people play the game, their decisions for what the characters should do will affect how the game continues and ends.
The games will take place in eight episodes over eight weeks — one a week — with prizes awarded each week to users who play the game. Some potential prizes will include educational literature, free software licenses, and free security consulting.
Jan 29 2008 9:53AM GMT
Posted by: Mark Fontecchio
Security – alerts – compliance,
System i software
System i5 security vendor Bytware Inc. has wrapped up its i5 online game, where contestants navigated YouTube videos and searching for clues on different Web sites to solve a fictional System i security mystery, all the while learning about PHP and i5/OS security.
The grand prize winner, who gets a Nintendo Wii, was Anna Musella-Chiasson, a senior iSeries analyst with Canadian company CGI. There were also four winners of $100 gift certificates at Apple: Kristina Alcorn, a senior systems engineer at the Automotive Retail Group in Troy, Mich,; Suzanne Dahms, the executive VP at Union Bank in Lake Odessa, Mich.; John Pfitzner, a programmer at EFCO Corp. in Monett, Mo.; and Patrick Sczypiorski, an applications systems manager at Velvac in New Berlin, Wis.
The game will remain online, although Bytware didn’t say for how long.
Dec 12 2007 5:30PM GMT
Posted by: Mark Fontecchio
Networking,
Security – alerts – compliance
Most people know that the System i and i5/OS are known for solid security features, but do you know what those features are?
I’m sure plenty of you do, but a new IBM Redbook details i5/OS’s native network security features, as well as envisioning some scenarios for network security, password elimination, i5/OS IP packet filtering, and more.
Dec 5 2007 11:02AM GMT
Posted by: Mark Fontecchio
Security – alerts – compliance,
System i software
There is only one week remaining in the i5 virus game, an interactive game developed by Bytware to raise awareness of System i security and using PHP on the platform.
The game, which The iSeries blog wrote about earlier this month, got its start at the Common Focus event in October. It starts out with a YouTube video and takes players to various Web sites, including Bytware, IBM, McAfee and php-security.org. The goal is to crack a System i security mystery involving an imaginary financial services firm. Solving the mystery could win you a Nintendo Wii and iTunes gift cards.
Nov 26 2007 9:24AM GMT
Posted by: Mark Fontecchio
Security – alerts – compliance,
System i software
The i5virus: A Game of Espionage and System i Security is a game developed by Bytware to get its name out there and perhaps liven up the days of System i administrators.
The mystery game, which started last month, offers contestants a chance to unravel the clues and win prizes such as an iPod and a Nintendo Wii. The story follows a fictional company whose System i server has been hacked into. Players follow clues by visiting different Web sites, watching videos on YouTube, and learning about PHP and i5/OS security. It’s a process that Bytware is hoping will lead you not only to the end of the game but also to its System i security software products.
The game begins with a YouTube video.
Nov 13 2007 9:29AM GMT
Posted by: Mark Fontecchio
Security – alerts – compliance,
System i software
The PowerTech Group Inc. has long banged the drum on System i security, saying that most lapses in the space have to do with people, not the hardware or software.
The System i security software company has done System i security surveys in recent years. One last year looked at data from 177 security assessments on System i, iSeries and AS400 boxes, and found a few things:
- 95% have more than 10 users with root authority, threatening data on the system.
- 77% have more than 20 users whose passwords are the same as their user names.
- 91% don’t control or audit changes made through PC access.
These are lapses you want to avoid. On Wednesday (that’s tomorrow), PowerTech will host a free 30-minute webcast on meeting requirements of auditors who want companies to better manage user access. You need to register with PowerTech to join.
