× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



As usual this thread has gone on a tangent a bit but was useful.

To summarise our security folks have made the following suggestions.

1. We need to PEN test the border so that includes the web site and all VPN
connection
2. We need to put a PEN tester on the network to see if they gain access to
IBMi. That is a bit more challenging (but determined hackers can do this)
since the IBMi instances are behind application firewalls. Somebody said if
ports are open on the firewall for SSH, FTP, SFTP etc. then they are
potential vulnerabilities. The fact that the firewalls have specific source
and target IP's in the rules are not relevant since a hacker can spoof IP
(if they actually can find out the IP rules)
3. We need to put them in front of a IBMi logon screen and see what they
can do. This is the hardest part since we are not having much luck finding
people who have those skills

On Thu, Jul 23, 2020 at 5:11 AM Steve Pitcher <SPitcher@xxxxxxxxxxxx> wrote:

I'm actually agreeing with you. Most audits like this are a joke. Probably
a reason why this poll shows nobody believes their system is "wide open."
Statistically speaking it's much higher than that.

https://www.linkedin.com/feed/update/urn:li:activity:6690989921118769152/



Steve Pitcher

iTech Solutions Group, LLC

p: (203) 744-7854 Ext. 176 | m: (902) 301-0810

www.itechsol.com | www.iInTheCloud.com




-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxxxxxxxx] On Behalf
Of Patrik Schindler
Sent: Wednesday, July 22, 2020 12:21 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: Penetration testing IBMi 7.3?

Hello Steve,

Am 22.07.2020 um 14:15 schrieb Steve Pitcher <SPitcher@xxxxxxxxxxxx>:

You know how many times I've been asked to remove track/trace on the
default Apache server that nobody uses? Pen test tools used are far more
effective if someone has knowledge of IBM i.

Seen from another view: You did the same wrong over and over again. ;-) No
offense...

:wq! PoC

PGP-Key: DDD3 4ABF 6413 38DE -
https://url.emailprotection.link/?bwL73q0RjoVPtKNJ8X8bsO-hdY3FStOPdH6LzYCLGCrDSyQ5eKWtZGglwaRYBjqd6bR2NluV9w1fU8QoOFj6Y_Q~~


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit:
https://url.emailprotection.link/?bAncuoXZnqCUcaMP1y9_Vy4mA238WJyRc0I8PCKF6U9fHOB7USL8o9LIjNnrhOJEAi3TdOb-G5vau-B83VyfmjkcCaxU0pJleTMyCCTW9Gu_cvvOIO3HD73g0V2T8lSNs
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://url.emailprotection.link/?bg3JjUAS7FimdYyLHsRj55dyDH2GIgsXgg_1-7Sba-glStbGmeg_qPpBRVN13Yniv2RhSUJ8GiBJ_EYDWbUA6qQ~~
.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link:
https://url.emailprotection.link/?bw8w48TccQ5CGr-yc6E2hKHQEBExR0kQBX7bTe_H0E2zpd8tD53U-Vab_twbySYxaxCFGDnSUOyTTYRM3hwrj-Q~~

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.