SecureMyi.com Security and Systems Management Newsletter for the IBM i iSeries and AS/400 - January 5, 2016 - Invisible Data Access on IBM i

Tweet
SecureMyi.com Security and Systems Management Newsletter for the IBM i January 5, 2016 - Vol 6, Issue 1

	Feature Article Invisible Data Access on IBM i By Dan Riehl - SecureMyi.com How many times has your most sensitive data file been downloaded today? For most of us, the honest answer is "I Don't Know." That's Exactly Right! How could you possibly know? Our great IBM i (iSeries and AS/400) has long been considered a security strongbox—a hacker's worst nightmare. Some even consider it to be unhackable. This gross misconception has caused some of us to become complacent in our due diligence related to the security and integrity of our systems and sensitive data. But IBM i security cannot rely upon it's perceived obscurity as sufficient protection in a world of potentially malicious insiders and highly trained and well-financed cyber criminals. Securing the data on the IBM i is made especially difficult by our ubiquitous tools(e.g. FTP, ODBC, DDM) that access our data but leave no footprints. How can you reasonably expect to protect the sensitive information in your care when it can be accessed without your knowledge and without leaving ANY footprints? Invisible Data Access Methods When a thief steals your car, it's very easy to tell. Ug, it's not in your driveway. But how can you know when someone has stolen a sensitive database file? The file is still there and there are no traces of any access to the file. But, does that prove that the file hasn't been breached or stolen? Obviously NO. IBM ships the IBM i with a variety of data access tools, many of which access data invisibly. We often add third-party data query tools, and we even write our own data access methods using socket programs and the database APIs. Although non-IBM data access tools might reside on your systems, I want to focus this article on the built-in or otherwise IBM-supplied tools that access data, and do not leave a trace of the activity. If I download a database file using FTP or the IBM i Access for Windows file transfer utility, there's no built-in audit trail of that activity. There is no FTP log for the FTP server and no logging or history of IBM i Access for Windows file transfers. These file access and transfers are invisible, even to the system administrator. If I use one of these common tools to download an employee personnel file, a payroll file, a customer file, or any other file to my PC, you can't know it. Neither the IBM FTP server nor the IBM-supplied file transfer facility makes or keeps a record of that activity. What about using ODBC applications, Distributed Data Management (DDM), and other data access methods shipped as part of IBM i? All data movement using these services is also invisible. *Read More*
In This Issue Featured Article - Invisible Data Access Security Shorts - Save Spooled Files Industry News and Calendar Security Resources Quick Links Search Security Site for IBM i and i5/OS SecureMyi Website Security Training from The 400 School SecureMyi Newsletter Home/Archives Our Newsletter Sponsors Platinum Sponsor The 400 School, Inc Silver Sponsor Cilasoft Security Solutions	IBM i Security Resources IBM i Security Videos - SecureMyi SecureMyi Newsletter Archives Search Security for IBM i IBM i Security Ref - 6.1 IBM i Security Ref - 7.1 QAUDJRN Entries By AUDLVL QAUDJRN Entry Layouts RedBook - Security Guide IBM i OSF - DataLoss DB PCI Data Security Standard COBIT - ISACA HIPAA Resources HITECH Enforcement CISSP - Certification

Live Security Related Webcasts and Training for IBM i January Events Live Hands-On - QAUDJRN Auditing and Forensic Analysis Workshop with Dan Riehl Training Workshop - January 6-7 Dan Riehl presents this 2-Day Live Online Hands-on Workshop. More Information and Register to Attend Live Hands-On - IBM i System Operations Workshop with Dan Riehl Training Workshop - January 11-13 Dan Riehl presents this 3-Day Live Online Hands-on Workshop. More Information and Register to Attend Live Hands-On - Expanded System Operations Workshop for IBM i with Dan Riehl Training Workshop - January 11-15 Dan Riehl presents this 5-Day Live Online Hands-on Workshop. More Information and Register to Attend Live Hands-On - Security Audit and Vulnerability Assessment Workshop with Dan Riehl Training Workshop - January 19-22 Dan Riehl presents this 4-Day Live Online Hands-on Workshop. More Information and Register to Attend Live Hands-On - IBM i (iSeries AS/400) Concepts with CL Programming Workshop with Dan Riehl Training Workshop - January 25-29 Dan Riehl presents this 4-Day Live Online Hands-on Workshop. More Information and Register to Attend February Events Live Hands-On - IBM i System Administration and Control Workshop with Dan Riehl Training Workshop - February 22-26 Dan Riehl presents this 5-Day Live Online Hands-on Workshop. More Information and Register to Attend March Events Live Hands-On - Expanded Security Workshop for IBM i with Dan Riehl Training Workshop - March 8-11 Dan Riehl presents this 4-Day Live Online Hands-on Workshop. More Information and Register to Attend
Security Shorts - Get a Full Backup of your Spooled Files By Dan Riehl Even when you use the SAVE Menu option to "Save the Entire System", your Spooled Files are NOT saved. None of the bulk SAVE operations on the IBM supplied SAVE menu will save your spooled files. If you need to restore your system, or a specific spooled file, you are "toast" if all you use is the SAVE menu option. Since V5R4 we have had the capability to save the spooled file reports residing in our output queues. Prior to V5R4, when you saved an output queue, or saved a library containing output queues, only the output queue object itself was saved, not the contents(the spooled file reports) in the output queue. Since the V5R4 upgrade, many of us have not updated our backup routines to take advantage of this new support. Instead, when we save a library or an output queue, we still only save the output queue object, but not the spooled files contained in the output queue. The following command saves all objects in the PRODLIB library, including all the spooled files in all the output queues that reside in the library: *SAVLIB LIB(PRODLIB) DEV(TAP01) SPLFDTA(ALL)** When you do a SAVLIB(Save Library) or SAVOBJ(Save Object) command, you must specify SPLFDTA(ALL) in order to save the spooled files in the saved output queues. The parameter SPLFDTA(ALL) is the key to saving the spooled files. I encourage you to update your backup routines to begin saving your spooled files. But, perhaps you are using the IBM supplied SAVE menu to perform your backups, and not a home grown backup program. Or perhaps your vendor supplied backup software does not give you the option to save your spooled files. If that is the case, then here is a simple solution. Below is the source code for a Control Language program you can use that will save all of the output queues on your system and will save all of the spooled files in those output queues. This would be a nice program to add to your weekly backup routine. Note: In this program you must replace 'TAP02' with the name of your backup device. PGM /* Save Spooled Files / DCL VAR(&MSGID) TYPE(CHAR) LEN(7) DCL VAR(&MSGF) TYPE(CHAR) LEN(10) DCL VAR(&MSGFLIB) TYPE(CHAR) LEN(10) DCL VAR(&MSGDTA) TYPE(CHAR) LEN(100) DCLF FILE(QADSPOBJ) MONMSG MSGID(CPF0000) EXEC(GOTO ERROR) DSPOBJD OBJ(ALL/ALL) OBJTYPE(OUTQ) + OUTPUT(OUTFILE) OUTFILE(QTEMP/QADSPOBJ) OVRDBF FILE(QADSPOBJ) TOFILE(QTEMP/QADSPOBJ) LOOP: RCVF MONMSG MSGID(CPF0864) EXEC(GOTO CMDLBL(ENDIT)) SAVOBJ OBJ(&ODOBNM) LIB(&ODLBNM) DEV(TAP02) + OBJTYPE(OUTQ) SPLFDTA(ALL) GOTO LOOP ENDIT: RETURN ERROR: RCVMSG MSGTYPE(LAST) MSGDTA(&MSGDTA) MSGID(&MSGID) + MSGF(&MSGF) SNDMSGFLIB(&MSGFLIB) MONMSG CPF0000 /* Just in case / SNDPGMMSG MSGID(&msgid) MSGF(&msgflib/&msgf) MSGDTA(&msgdta) + MSGTYPE(ESCAPE) MONMSG CPF0000 /* Just in case */ ENDPGM When it comes time to recover a deleted spooled file, or an entire output queue, you can use the command RSTOBJ(Restore Object) to restore the saved output queue, including the spooled files.		Sponsored Links IBM i, iSeries and AS/400 Security Services from SecureMyi Expert IBM i Security Consulting IT Security and Compliance Group. LLC In Depth Security Assessment of IBM i Upgrade to QSECURITY level 40 or 50 Forensic Research and Analysis Audit Assistance and Remediation Security Training for IT and Audit Staff Security Software Selection & Configuration Customized Security/System Programming Live Training from The 400 School, Inc Customized IBM i (AS/400) Training - Presented Live at your offices Live Online Hands-On Workshops Intro RPG IV Programming Intro RPG/400 Programming IBM i COBOL Programming Interactive Programming Workshops Introduction to System Operations Expanded System Operations Workshop System Administration and Control Expanded Security Workshop Control Language Programming IBM i Concepts and Facilities Concepts & Control Language Query Workshop


Send your IBM i Security and Systems Management News and Events! Send your Questions, Comments, Tips and Stories Copyright 2014 - SecureMyi.com, all rights reserved SecureMyi.com \| St Louis MO 63017