SecureMyi.com Security and Systems Management Newsletter for the IBM i             March 26, 2014 - Vol 4, Issue 5
Security Training from SecureMyi.com

Security software from Powertech


Skyview Partners


Security Training from The 400 School

Feature Article

The Threat - Invisible Data Theft on IBM i

By Dan Riehl - SecureMyi.com

How many times has your most sensitive data file been downloaded today?

For most of us, the honest answer is "I Don't Know".

That's Exactly Right! How could you possibly know?

Our great IBM i (iSeries and AS/400) has long been considered a security strongbox—a hacker's worst nightmare. Some even consider it to be unhackable. This gross misconception has caused some of us to become complacent in our due diligence related to the security and integrity of our systems and sensitive data. But IBM i security cannot rely upon it's perceived obscurity as sufficient protection in a world of potentially malicious insiders and highly trained and well-financed cyber criminals.

According to the Open Security Foundation Data Loss Database, since 2013, almost a billion people have had their personal or credit card information hacked, stolen, lost, or misplaced. Hundreds of high profile computer-related data thefts occur every year; often numerous occurrences per day. To view those of public record, you can visit the OSF's Data Loss Database. According to their Data Loss Database's published list of compromised companies, we can tell that some of these major incidents are occurring at IBM i shops, both large and small.

Securing the data on the IBM i is made especially difficult by our ubiquitous tools(e.g. FTP, ODBC, DDM) that access our data but leave no footprints. How can you reasonably expect to protect the sensitive information in your care when it can be accessed without your knowledge?

Invisible Data Access Methods

When a thief steals your car, you know it. But how can you know when someone has stolen a sensitive database file? The file is still there and there are no traces of any access to the file. But, that doesn't prove that the file hasn't been breached or stolen.

IBM ships the IBM i with a variety of data access tools, many of which access data invisibly. We often add third-party data query tools, and we even write our own data access methods using socket programs and the database APIs. Although non-IBM data access tools might reside on your systems, I want to focus this article on the built-in IBM-supplied tools that access data, and do not leave a trace of the activity.

If I download a database file using FTP or the IBM i Access for Windows file transfer facility, there's no built-in audit trail of that activity. There is no FTP log for the FTP server and no logging or history of IBM i Access for Windows file transfers. These file transfers are invisible, even to the system administrator. If I use one of these common tools to download an employee personnel file, a payroll file, a customer file, or any other file to my PC, you can't know it. Neither the IBM FTP server nor the IBM-supplied file transfer facility makes or keeps a record of that activity.

What about using ODBC applications, Distributed Data Management (DDM), and other data access methods shipped as part of IBM i? All data movement using these services is invisible.

Read More

In This Issue


Featured Article - Invisible Data Theft

Security Shorts - Save Spooled Files

Industry News and Calendar

Security Resources

Quick Links


Search Security Site for IBM i and i5/OS

SecureMyi Website

Security Training from The 400 School

SecureMyi Newsletter Home/Archives


Our Newsletter Sponsors


Platinum Sponsor

    The 400 School, Inc


Gold Sponsor

    PowerTech

    Skyview Partners, Inc

Silver Sponsor

    Cilasoft Security Solutions

IBM i Security Resources

IBM i Security Videos - SecureMyi

SecureMyi Newsletter Archives

Search Security for IBM i

IBM i Security Ref - 6.1

IBM i Security Ref - 7.1

QAUDJRN Entries By AUDLVL

QAUDJRN Entry Layouts

RedBook - Security Guide IBM i


OSF - DataLoss DB

PCI Data Security Standard

COBIT - ISACA

HIPAA Resources

HITECH Enforcement

CISSP - Certification


Follow SecureMyi on Twitter

Follow SecureMyi on YouTube


Software from Cilasoft


Security Training from The 400 School
Security Services from SecureMyi.com
Security news and Events


Live Security Related Webcasts and Training for IBM i

March Events

Five Things Your Security Administrator Should Tell You
Live Webcast - Presented by Powertech
Wednesday, March 26 1:00pm CT
More Information and Register to Attend

Automatic Encryption with FIELDPROC
Live Webcast - Presented by Townsend Security
Wednesday, March 26 1:00pm CT
More Information and Register to Attend


April Events

Coffee with Carol: Cloud Security Review
with Carol Woodbury

Live Webcast - Presented by Skyview Partners
Wednesday, April 2 10:00am CDT
More Information and Register to Attend

Live Hands-On - Expanded Security Workshop for IBM i
with Dan Riehl

Training Workshop - April 8-11
Dan Riehl presents this 4-Day Live Online Hands-on Workshop.
More Information and Register to Attend


May Events

May 4-7 - COMMON - A User Group
2014 Annual Conference and Exposition - Orlando, FL
More Information and Register to Attend

Coffee with Carol: with Carol Woodbury
Security Considerations for Application Development including PCI Requirements

Live Webcast - Presented by Skyview Partners
Wednesday, May 14 10:00am CDT
More Information and Register to Attend


June Events

Live Hands-On - IBM i System Administration and Control Workshop
with Dan Riehl

Training Workshop - June 2-6
Dan Riehl presents this 5-Day Live Online Hands-on Workshop.
More Information and Register to Attend


Security software from Powertech

Skyview Partners

Security Training from The 400 School

Security Shorts - Get a Full Backup of your Spooled Files

By Dan Riehl

Even when you use the SAVE Menu option to "Save the Entire System", your Spooled Files are NOT saved. None of the bulk SAVE operations on the IBM supplied SAVE menu will save your spooled files. If you need to restore your system, or a specific spooled file, you are "toast" if all you use is the SAVE menu option.

Since V5R4 we have had the capability to save the spooled file reports residing in our output queues. Prior to V5R4, when you saved an output queue, or saved a library containing output queues, only the output queue object itself was saved, not the contents(the spooled file reports) in the output queue.

Since the V5R4 upgrade, many of us have not updated our backup routines to take advantage of this new support. Instead, when we save a library or an output queue, we still only save the output queue object, but not the spooled files contained in the output queue.

The following command saves all objects in the PRODLIB library, including all the spooled files in all the output queues that reside in the library:

SAVLIB LIB(PRODLIB) DEV(TAP01) SPLFDTA(*ALL)

When you do a SAVLIB(Save Library) or SAVOBJ(Save Object) command, you must specify SPLFDTA(*ALL) in order to save the spooled files in the saved output queues. The parameter SPLFDTA(*ALL) is the key to saving the spooled files.

I encourage you to update your backup routines to begin saving your spooled files. But, perhaps you are using the IBM supplied SAVE menu to perform your backups, and not a home grown backup program. Or perhaps your vendor supplied backup software does not give you the option to save your spooled files. If that is the case, then here is a simple solution. Below is the source code for a Control Language program you can use that will save all of the output queues on your system and will save all of the spooled files in those output queues. This would be a nice program to add to your weekly backup routine.

Note: In this program you must replace 'TAP02' with the name of your backup device.


            PGM        /* Save Spooled Files  */       
            DCL        VAR(&MSGID) TYPE(*CHAR) LEN(7)     
            DCL        VAR(&MSGF) TYPE(*CHAR) LEN(10)   
            DCL        VAR(&MSGFLIB) TYPE(*CHAR) LEN(10)          
            DCL        VAR(&MSGDTA) TYPE(*CHAR) LEN(100)          
            DCLF       FILE(QADSPOBJ)                             
                                                                   
            MONMSG     MSGID(CPF0000) EXEC(GOTO ERROR)            
                                                                 
            DSPOBJD    OBJ(*ALL/*ALL) OBJTYPE(*OUTQ) +            
                         OUTPUT(*OUTFILE) OUTFILE(QTEMP/QADSPOBJ) 
                                                                   
            OVRDBF     FILE(QADSPOBJ) TOFILE(QTEMP/QADSPOBJ)      
                                                                   
LOOP:       RCVF                                                  
            MONMSG     MSGID(CPF0864) EXEC(GOTO CMDLBL(ENDIT))    
                                                                   
            SAVOBJ     OBJ(&ODOBNM) LIB(&ODLBNM) DEV(TAP02) +     
                         OBJTYPE(*OUTQ) SPLFDTA(*ALL)      
                                                                   
            GOTO LOOP                                                       
                                                                             
ENDIT:      RETURN                                                         
                                                                             
ERROR:      RCVMSG     MSGTYPE(*LAST) MSGDTA(&MSGDTA) MSGID(&MSGID) +       
                         MSGF(&MSGF) SNDMSGFLIB(&MSGFLIB)                   
            MONMSG     CPF0000 /* Just in case */                           
            SNDPGMMSG  MSGID(&msgid) MSGF(&msgflib/&msgf) MSGDTA(&msgdta) + 
                         MSGTYPE(*ESCAPE)                                   
            MONMSG     CPF0000 /* Just in case */                           
                                                                             
            ENDPGM                                                                 

When it comes time to recover a deleted spooled file, or an entire output queue, you can use the command RSTOBJ(Restore Object) to restore the saved output queue, including the spooled files.

Sponsored Links

IBM i, iSeries and AS/400
Security Services from SecureMyi

Expert IBM i Security Consulting
IT Security and Compliance Group. LLC


In Depth Security Assessment of IBM i
Upgrade to QSECURITY level 40 or 50
Forensic Research and Analysis
Audit Assistance and Remediation
Security Training for IT and Audit Staff
Security Software Selection & Configuration
Customized Security/System Programming




Live Training from The 400 School, Inc


Customized IBM i (AS/400) Training -
    Presented Live at your offices


Live Online Hands-On Workshops

Intro RPG IV Programming
Intro RPG/400 Programming
IBM i COBOL Programming
Interactive Programming Workshops
Introduction to System Operations
Expanded System Operations Workshop
System Administration and Control
Expanded Security Workshop
Control Language Programming
IBM i Concepts and Facilities
Concepts & Control Language
Query Workshop




Security Training from The 400 School
Security Training from SecureMyi.com

Send your IBM i Security and Systems Management News and Events!           Send your Questions, Comments, Tips and Stories

Copyright 2014 - SecureMyi.com, all rights reserved

SecureMyi.com | St Louis MO 63017