MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » May 2014

Re: i5 Security info and training



fixed

(sorry about hte empty posts - mouse issues)

I either missed the posts or surprised no one mentioned the Redbooks

Security Guide for IBM i V6.1 http://publib-b.boulder.ibm.com/abstracts/sg247680.html?Open
IBM System i Security: Protecting i5/OS Data with Encryption http://publib-b.boulder.ibm.com/abstracts/sg247399.html?Open

there are a dozen others going back to the 90's - and much of the networking & firewall redbooks are good for understanding concepts

other manuals

a little dated but relevant - Configure Your System /or Common Criteria Security http://publib.boulder.ibm.com/infocenter/iseries/v5r3/topic/books/sc415336.pdf

current - IBM i Intrusion Detection
http://pic.dhe.ibm.com/infocenter/iseries/v7r1m0/topic/rzaub/rzaub.pdf

current - IBM i Security Reference 7.1
http://pic.dhe.ibm.com/infocenter/iseries/v7r1m0/topic/rzarl/sc415302.pdf


Carol Woodbury & Patrick Botz's book as others have mentioned

and finally - not knowing your personality - but for those who think "why would anyone do that....?"
go to Barnes and Noble bookstore magazine section - buy the little magazine 2600 (many who follow this think buying this with a credit card puts you on a FBI list) - it's full of dumb stuff, but also interesting to see what people think about, and the stuff they do for unfathomable reasons. Understand that a common game is to call your employees, impersonate someone, and give that person access - they make youtube videos out of it! Walk in as the printer repairman, and plug into your network (and take a picture to prove they were there...)

If your a secadmin only for the Power i - then also worry about anything that touches your machine - every pc or similar device that logs on is a potential gateway in. Set up a simple honeypots on the i (if the term is unknown-read wiki for the term).

Always have the security journals on (most of them).
Run at sec level 50 if vendor code allows it, and if not, work to replace it.
Always assume you've already been at least viewed.
As IBM found out the hard way(long ago), make sure your future projects have a security review early in the project (not later or never).
Paranoid is good (to a point).
Your most likely hack is from an employee or contractor...

Jim Franz

----- Original Message ----- From: "Ketzes, Larry" <lketzes@xxxxxxxxxxx>
To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
Sent: Thursday, May 01, 2014 11:54 AM
Subject: RE: i5 Security info and training


Pro's and con's I suppose.

I like electronic books which allow url links to work nicely, but I also prefer hardcopy books so I can highlight and access easy and I may be oldschool, but I just like flipping through a book rather than flipping electronically. Having said that, I do have a kindle reader which I like for books that I just simply read from start to end. Any real flipping, and I like a real book!

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Steinmetz, Paul
Sent: Thursday, May 01, 2014 11:47 AM
To: 'Midrange Systems Technical Discussion'
Subject: RE: i5 Security info and training

Larry,

Good book, still available.
Also available on line.
How do on-line books work, never bought one.

Paul

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Ketzes, Larry
Sent: Thursday, May 01, 2014 10:42 AM
To: Midrange Systems Technical Discussion
Subject: RE: i5 Security info and training

1) buy Carol Woodbury's great book IBM I Security - Administration and Compliance if you can still get a copy.
2) Attend security classes at the IBM Technical Conference, which I believe is in Vegas this year.



-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Steinmetz, Paul
Sent: Thursday, May 01, 2014 10:23 AM
To: 'Midrange Systems Technical Discussion'
Subject: i5 Security info and training

I need to become an i5 security expert.
I'm looking for training, classes, webcasts, whatever.
Little too late, but I was just approved to go to COMMON, maybe next one.

Thank You
_____
Paul Steinmetz
IBM i Systems Administrator

Pencor Services, Inc.
462 Delaware Ave
Palmerton Pa 18071

610-826-9117 work
610-826-9188 fax
610-349-0913 cell
610-377-6012 home

psteinmetz@xxxxxxxxxx<mailto:psteinmetz@xxxxxxxxxx>
http://www.pencor.com/

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.

The information contained in this message may be CONFIDENTIAL and is for the intended addressee only. Any unauthorized use, dissemination of the information, or copying of this message is prohibited. If you are not the intended addressee, please notify the sender immediately and delete this message.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.

The information contained in this message may be CONFIDENTIAL and is for the intended addressee only. Any unauthorized use, dissemination of the information, or copying of this message is prohibited. If you are not the intended addressee, please notify the sender immediately and delete this message.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.







Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact