When was your Last SAVSECDTA, SAVSYS, SAVCFG? And Where are They?

Tweet
SecureMyi.com Security and Systems Management Newsletter for the IBM i March 25, 2015 - Vol 5, Issue 4

	Feature Article When was your Last SAVSECDTA, SAVSYS, SAVCFG? And Where are They? By Dan Riehl - SecureMyi.com Backup and Recovery is an area that is critical to the security and integrity of our systems. If someone accidentally wipes out a file, or in the event of a large scale disaster, it's critical we have all of the pieces needed to recover the file, or the entire system. We typically have a pretty good handle on when we last backed up our User Libraries, our Document Library objects, and the root '/' file system. But what about the last save of the operating system? And what about our user profiles and security data and our system configuration objects? When was that data last backed up? And what tape or other media contains the last backup? If you need to recover your system, and the Last Save of Security Data(Including User Profiles) was 3 months ago, that is your recovery point for User Profiles and Passwords, Authorization Lists and Private Authorities. Can you recall what your password was 3 months ago? And your End-Users Passwords? You potentially have a real mess on your hands. When we save a library using the SAVLIB command, objects are marked with the save date and save device information, as long as we specify UPDHST(YES). But when we save the operating system, the objects that are saved are not marked with the save information. The same is true when we save user profiles and configuration data. The saved objects are not updated with the last save date. IBM has supplied some special purpose data areas in the QSYS library that are updated with the save date and save device information when we perform certain save operations. When we save our security data (including user profiles) using the command Save Security Data (SAVSECDTA), the special data area QSAVUSRPRF in QSYS is updated to reflect the save date and time and save device information. Below is a list of various SAVE commands and the associated QSYS data area. Upon execution of the command, the data area is updated. Read More*
In This Issue Featured Article - Your Last SAVSECDTA? Secureity Shorts - Libraries Before QSYS? Industry News and Calendar Security Resources Quick Links Search Security Site for IBM i and i5/OS SecureMyi Website Security Training from The 400 School SecureMyi Newsletter Home/Archives Our Newsletter Sponsors Platinum Sponsor The 400 School, Inc Gold Sponsor PowerTech Skyview Partners, Inc Silver Sponsor Cilasoft Security Solutions	IBM i Security Resources IBM i Security Videos - SecureMyi SecureMyi Newsletter Archives Search Security for IBM i IBM i Security Ref - 6.1 IBM i Security Ref - 7.1 QAUDJRN Entries By AUDLVL QAUDJRN Entry Layouts RedBook - Security Guide IBM i Open Security Foundation - DataLoss DB National Vulnerability Database - NIST PCI Data Security Standard COBIT - ISACA HIPAA Resources HITECH Enforcement CISSP - Certification

Live Security Related Webcasts and Training for IBM i March Events Live Hands-On - Expanded Control Language Programming Workshop with Dan Riehl Training Workshop - March 30-April 3 - Presented by The 400 School, Inc. Dan Riehl presents this 5-Day Live Online Hands-on Workshop. More Information and Register to Attend April Events Live Hands-On - IBM i, iSeries System Administration and Control Workshop with Dan Riehl Training Workshop - April 20-24 - Presented by The 400 School, Inc. Dan Riehl presents this 5-Day Live Online Hands-on Workshop. More Information and Register to Attend 2015 COMMON Conference and Expo - Anahein, CA COnference and Expo - April 26-29 More Information and Register to Attend Live Hands-On - Expanded System Operations Workshop for IBM i, iSeries, AS/400 with Dan Riehl Training Workshop - April 27- May 1 - Presented by The 400 School, Inc. Dan Riehl presents this 5-Day Live Online Hands-on Workshop. More Information and Register to Attend May Events Live Hands-On - Security and Vulnerability Assessment Workshop for IBM i with Dan Riehl Training Workshop - MAY - Dates TBD - Presented by The 400 School, Inc. Dan Riehl presents this 4-Day Live Online Hands-on Workshop. More Information and Register to Attend

Security Shorts Danger - Any Libraries Higher than QSYS By Dan Riehl - SecureMyi.com If you, or your software provider, places a library higher than QSYS on the system library list, like ALTQSYS, make sure that the library authority is set to no higher than PUBLIC AUT(USE). This will restrict PUBLIC users from placing new objects into the library. Since we rely heavily on resolving object references using the job's library list, any object in a library ahead of QSYS can override the expected functioning of the operating system and your application software. In this respect, programs and commands can act as a Trojan Horse on your system. Using a tool as simple as Query for i (WRKQRY), a Query user can create an output file in a library to which they have CHANGE or ALL Authority. What happens when a well-meaning user creates the Query Output file named PAYMST in a library ahead of QSYS? This PAYMST will be resolved, and used in place of your actual production file PAYMST. Ouch! Numerous 3rd party software vendors require a library ahead of QSYS, but do not secure the libraries with PUBLIC AUT(USE). Instead, they are mostly installed as PUBLIC AUT(CHANGE), or even PUBLIC AUT(ALL). Check with your vendor for their solution to the potential integrity vulnerability they have introduced onto your system. If you have created an alternate QSYS library and placed it above QSYS in the System Library List, make sure it is secured as PUBLIC AUT(*USE).		Sponsored Links IBM i, iSeries and AS/400 Security Services from SecureMyi IT Security and Compliance Group In Depth Security Assessment of IBM i Upgrade to QSECURITY level 40 or 50 Forensic Research and Analysis Audit Assistance and Remediation Security Training for IT and Audit Staff Software Selection & Configuration Security and Systems Programming LIVE Training from The 400 School, Inc Customized IBM i (iSeries, AS/400) Training - Presented Live at your offices LIVE Online Hands-On Workshops Security and Auditing Workshops System Operations Workshops System Administration and Control ILE RPG IV Programming ILE COBOL Programming Control Language Programming IBM i Concepts and Facilities Query Workshop


Send your IBM i Security and Systems Management News and Events! Send your Questions, Comments, Tips and Stories Copyright 2015 - SecureMyi.com, all rights reserved SecureMyi.com \| St Louis MO 63017