×
The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.
Fantastic list! Do all of those things.
Adding to that more frequency in your backups is important and I'm not
talking replication either be that MIMIX, PowerHA, or even Db2Mirror for
i! Remember that any of those replication technologies simply would
replicate the encrypted object to the backup system some just would do
that faster than others!!
Now you could also do journaling and this would be a good thing anyway
for a number of reasons including: "I sell disk. :-) "
Reason would be that in an emergency keeping your feathers numbered is a
prime requirement. Recover the system prior to the disaster and then
apply the journal receivers up to the point where the problem began.
This may be one of the best ways to recover to a known point. Of course
one would need to keep all your journal receivers, preferably locally on
tape or VTL. As always, you cannot recover from something you do not have.
One of my customers has PowerHA and uses that to do a flashcopy and then
backs up the flash copy. They do this flashcopy at their backup site so
no performance impact whatever to production.
More better still even, the first of these flash copies backs up
everything but through the day they refresh the flashcopy and back up
their IFS files. Currently they are getting 6 flash copies per day which
is giving them 6 recovery points should ransomware or other 'bad things'
affect their IFS. They have 'A LOT' in the IFS.
Another thought was passed to me by a rather short woman who is very
tall in security who suggested : "So you know those exit points meant to
be used for virus scanning? Yeah those don't have to be restricted to
only that. Perhaps you set up a process that every time an IFS object is
placed or changed that exit point saves a copy of it somewhere."
Somewhere could be an image catalogue or a constantly mounted tape in a
VTL or let your brain wander. This way you get backup copies 'el quicko'
the instant any IFS object changes.
And to the person who claims that such things cannot happen to IBM i.
NotSoFast Rabbit. Just because a traditional 'virus' is less likely
(some say impossible) on IBM i does NOT mean that such a program could
not be written and placed by an employee, contractor, or software
vendor. Yes I hear you saying that "NO Larry, you CANNOT simply encrypt
PAYMAST in PRLIB because it's an object oriented system and that simply
cannot be done." Correct with that, but I COULD write a simple enough
program that rolls through PAYMAST and encrypts key data fields in there
or perhaps I'm silly, and I write the program with a fixed record length
and simply encrypt the entire buffer. Oh sure lots of things will break
but I rather don't care because my goal is to disrupt your business at
that point isn't it? And I don't necessarily have to encrypt, maybe I
just multiply every number by a random and rotate text fields by a
random number of characters. Less things bomb that way but the data is
just as FOOBAR isn't it? And yeah replication made the backup server
look just as bad nearly instantly. And since most of you have PUBLIC
*USE as the default on nearly every table on the system this program
could probably be run by the janitor.
- L
On 1/19/2021 2:09 PM, Steve Pitcher wrote:
Hi Larry,
Ideal protection against ransomware (or any other malware) entails:
1. Only share what you must through NetServer. Share not needed? Delete it.
2. Shares you create must be protected by proper object authority on the underlying directories
3. Do not share the root, /QIBM, /QOpenSys
4. Do not use Guest NetServer profiles
5. Reduce *ALLOBJ to the bare minimum
Everything else is reactive. Be proactive. This is risk reduction, plain and simple.
Steve Pitcher
iTech Solutions Group, LLC
p: (203) 744-7854 Ext. 176 | m: (902) 301-0810
www.itechsol.com | www.iInTheCloud.com
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxxxxxxxx] On Behalf Of Ketzes, Larry
Sent: Tuesday, January 19, 2021 2:46 PM
To: midrange-l@xxxxxxxxxxxxxxxxxx
Subject: Ransomware on Power
Hello all,
I'd like to know what strategy folks are using for ransomware on Power. I think IBM has a product available if you are using IBM storage. Any other alternatives people are using?
Thanks, Larry
Larry Ketzes | Director, Midrange Engineering | Foundational Engineering | MetLife
101 MetLife Way, Cary, NC 27513 | T. 919-907-5229 | M. 302-382-1316 | lketzes@xxxxxxxxxxx<mailto:lketzes@xxxxxxxxxxx>
The information contained in this message may be CONFIDENTIAL and is for the intended addressee only. Any unauthorized use, dissemination of the information, or copying of this message is prohibited. If you are not the intended addressee, please notify the sender immediately and delete this message.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: https://url.emailprotection.link/?bAncuoXZnqCUcaMP1y9_Vy4mA238WJyRc0I8PCKF6U9fHOB7USL8o9LIjNnrhOJEAi3TdOb-G5vau-B83VyfmjkcCaxU0pJleTMyCCTW9Gu_cvvOIO3HD73g0V2T8lSNs
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at https://url.emailprotection.link/?bg3JjUAS7FimdYyLHsRj55dyDH2GIgsXgg_1-7Sba-glStbGmeg_qPpBRVN13Yniv2RhSUJ8GiBJ_EYDWbUA6qQ~~.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.
Help support midrange.com by shopping at amazon.com with our affiliate link: https://url.emailprotection.link/?bw8w48TccQ5CGr-yc6E2hKHQEBExR0kQBX7bTe_H0E2zpd8tD53U-Vab_twbySYxaxCFGDnSUOyTTYRM3hwrj-Q~~
midrange.com
