SecureMyi Security Newsletter for IBM i
Newsletter Archives - Updated March 19, 2019
|
|
Newsletter Main Topics |
Date of Issue |
1) Invisible Data Theft on IBM i - Preventing the Invisible
2) Specifying Object Authorities for Newly Created Objects |
March 19, 2019 |
1) Preventing Matching Passwords in IBM i V7R2M0
2) CL Program Source Code to Save all Spooled Files |
March 5, 2019 |
1) The RESETUSER Command - Use Adopted Authority for Password Resets
with Needed Safeguards
2) Caveat when using Adopted Authority - What you Can't do with Adopted Authority |
October 30, 2018 |
1) Just What is 'User Limited Capabilities', Really?
2) Auditing Changes to your Job Schedule - WRKJOBSCDE |
October 15, 2018 |
1) Do you Every Really Logoff? IBM i Access with CWBLOGON
2) Audit Newly Created Objects and IFS Contents using QAUDJRN |
August 1, 2018 |
1) Ban All Default Passwords using System Values *LMTPRFNAME and *ALLCRTCHG
2) Control Language Program to Save All your Spooled Files (Source Code Included) |
July 18, 2018 |
1) *SECOFR User Class Does NOT make you Powerful
2) Copying Private Authorities from one User to Another
|
July 4, 2018 |
1) Common Misconceptions about Using Authorization Lists
2) Using Authorization Lists for Dynamic Object Authority Assignment
|
March 1, 2017 |
1 When was your Last SAVSYS SAVCFG and SAVSECDTA, and Where are They?
2) *SECOFR User Class does not make for a Powerful User
|
February 22, 2017 |
1) Stealing User Profiles
2) Using Remote Command for running Multiple CL Commands - RMTCMD i/ filename
|
December 28, 2016 |
1) Invisible Data Access
2) Save All Your Spooled Files
|
December 28, 2016 |
1) Network Access Control and Logging with Exit Programs - Source Code Included
2) FTP Exit Point Program Can Provide a Major Logon Exposure
|
August 12, 2015 |
1) Tracking Access to Your Sensitive Files
2) Save Spool File Reports - CL Program Source Code Included
|
July 15, 2015 |
1) Securing Sensitive CL Commands from Abuse
2) When Securing Commands, Don't Miss any Command Users
|
May 27, 2015 |
1) Easily Manage Journals with RMVJRNRCV - Source Code Included
By Carsten Flensberg
2) QSECURITY - Security Level System Value - The Auditor Fake Out
|
May 13, 2015 |
1) Create Real-Time Alerts for CL Command Execution - Source Code Included
2) Command Exit Programs - Part 2 - Source Code Included
|
April 22, 2015 |
1) When was your last SAVSECDTA, SAVSYS, SAVCFG?
2) Library List Potential Danger - Libraries above QSYS
|
March 25, 2015 |
1) The Command Line Restriction - Limited Capabilities Functionality & Misconceptions
2) Video Presentation - Understanding Limited Capabilities
|
March 11, 2015 |
1) Setting up the Intrusion Detection System on IBM i
2) Control IDS from CL Commands - Source Code Included
By Carsten Flensburg
|
February 11, 2015 |
1) Fixing Save/Restore Authority Problems
2) Copy User Authorities
|
January 14, 2015 |
1) Auditing Exit Point Security and WRKREGINF
2) Tracking Changes to the Job Schedule
|
December 10, 2014 |
1) Create User Profile - Enforce Rules in Exit Programs - Source Code Included
2) Who's in that Group? Analysis of Group Profiles
3) Video - Is your System Vulnerable to Virus Worms Malware?
|
November 12, 2014 |
1) I Can Be You! Exploiting a User Profile Authorization Flaw
2) Using The Windows IBM i Access Remote Command Client - RMTCMD Options
3) Video - I Can Be You - Hijacking a User Profile
|
October 22, 2014 |
1) Are Your Sensitive Reports Secure?
2) Are You Saving QAUDJRN Security Audit Journal Data?
|
October 8, 2014 |
1) Forensic Analysis - Track Changes to your Database
2) Library List Potential Danger - Libraries Above QSYS
|
September 24, 2014 |
1) Forensic Analysis - Auditing and Reporting on CL Command Usage
2) CL Commands - Take a Quick Look at Group Profiles
3) Video - Understanding Limited Capabilities - Features and Misconceptions
|
September 10, 2014
|
1) Adopted Authority and the Mysteries of the QUSEADPAUT System Value
2) Easy Reporting on User Profile Attributes
|
August 27, 2014 |
1) Restricting Access to the System Request Key - Why?
2) When was your previous SAVSYS?
|
August 13, 2014 |
1) Save and Restore Reports - The Mysteries Revealed
2) Auditing in QSYS and in the IFS
|
July 23, 2014 |
1) I Know Your Password! The Default is at Fault!
2) Configuring User Profile Expiration and Activiation Schedules
|
July 9, 2014 |
1) Why Use Authorization Lists?
by Carol Woodbury
2) Changing Database Journaling Options on the Fly
|
June 11, 2014 |
1) CL Command Exit Pgms Part 1 - The Command Analyzer Change Exit Point
Source Code Included
2) Understanding Library Authorities
|
May 28, 2014 |
1) The CHGPRF Command - Change my own Profile, Really?
2) All Numeric Passwords and User IDs
3) Video - Is your system infected by Virus Worms or other Malware
|
May 14, 2014 |
1) Don't Be Fooled by the use of an Authorization Lists?
2) Dynamic Flexibility when using Authorization Lists
3) Video - Misconceptions when using Authorization Lists
|
April 23, 2014 |
1) Understanding User Limited Capabilities?
2) Take a Quick Look at Group Profiles
3) Video - Understanding Limited Capabilities - Features and Misconceptions
|
April 9, 2014
|
1) The Threat - Invisible Data Theft on IBM i
2) Get a Full Backup of your Spooled Files - Source Code Included - SAVESPLF
|
March 26, 2014 |
1) Using Adopted Authority for Password Resets and Profile Changes
Source Code Included - RESETUSER
2) Adopted Authority Cannot Do Everything - Limitations When Using Adopted Authority
|
March 12, 2014 |
1) Do you Ever Really Log-Off? Using CWBLOGON for Shut Down
Source Code Included LOGOFF.BAT
2) Blocking Password Changes - The System Values QPWDRQDDIF & QPWDCHGBLK
|
February 26, 2014 |
1) Working with CL Command Security Attributes - Source Code Included WRKCMDSEC
By Carsten Flensburg
2) Stop/Stop Adopted Authority Using the MI built-in function MODINVAU
|
February 12, 2014 |
1) User Profile Security - and SST/DST Service Tools UserID Security
2) QINACTITV PTF Updates - The Inactivity Time-Out Update to be More Exact
3) Video - Top New Security Features for IBM i
by Carol Woodbury
|
January 8, 2014 |
1) Tracking Database Changes - Database Journals and Monitoring Tools
2) QINACTITV Misconceptions - The Inactivity Time-Out
See January 8 Issues for Correction
|
December 11, 2013 |
1) Forensic Analysis - Using QAUDJRN to Track Access to Sensitive Files
2) Setting the Authority for New Objects
3) Video - Is IBM i Vulnerable by Virus, Worms or other Malware
|
November 13, 2013 |
1) Understanding the IDS - Intrusion Detection System on IBM i
2) Control the Intrusion Detection System using custom CL Commands
Source Code Included CTLIDS Command
By Carsten Flensburg
|
October 23, 2013 |
1) Discovering Problems in Private Authorities
2) Analysis of User Profiles
3) Video - The "Hidden" Security Options for IBM i
Exploring WRKFCNUSG and Application Administration
|
September 25, 2013 |
1) Misconceptions of the User Profile's User Class - What does it do?
2) Using RMTCMD.exe for muliple commands - Security Implications
|
September 12, 2013 |
1) Exit Program for Create User Profile - Set Ownership and *PUBLIC Authority
Source Code Included for CRTPRFEXIT CL program
2) Auditing Changes to the Exit Point Registry - WRKREGINF ADDEXITPGM etc.
|
August 28, 2013 |
1) Dangers of Sensitive Spooled Files Reports that are Not Secured
2) Using GRTUSRAUT command to Copy Authorities from One User to Another
|
August 14, 2013 |
1) Intelligent Control of Sensitive CL Commands
2) Dynamically Changing Journaling Options
|
July 10, 2013 |
1) 5 Ways to Control Access using Application Administration
by Carol Woodbury
2) Yes, I have a Numeric UserID and Password. And You?
|
June 26, 2013 |
1) What is an Exit Program? Detailed information on Exit Point Programs
Source Code Included - FTP Logon Exit Point Program to Accept/Reject Logon
2) Exit Program Exposures - Logon to the IBM i - No UserID or Password Required
|
June 12, 2013 |
1) QAUDJRN - Auditing User Activity
2) Polular Misconceptions on Authorities to Libraries
3) Video - Misconceptions When using Authorization Lists
|
May 22, 2013 |
1) QAUDJRN - Auditing Control Language Command Usage
2) QAUDJRN Information Extraction Methods
3) Video - Yes, I Can Steal Your User Profile!
|
May 8, 2013 |
1) IBM i Mysteries of Restoring Spooled Files and Output Queues
2) Watch out for CHGPRF! Change Your Own User Profile!?
|
April 24, 2013 |
1) What is FIELDPROC for IBM i 7.1 and Why Do I Care?
By Patrick Townsend
2) Setting the Authority for New Objects
|
March 27, 2013 |
1) Secure TCP/IP and Host Servers
And Changing the IBM Supplied Commands STRTCPSVR and ENDTCPSVR
2) Protect your Exit Points - Registered Exit Programs Some Vulnerabilities?
|
March 13, 2013 |
1) Protecting Security Related System Values from Modification using System Service Tools (SST/DST)
2) Auditing the Exit Points and WRKREGINF - Using QAUDJRN
3) Video - Misconceptions of User Profile Limited Capabilities - LMTCPB(*YES)
|
February 27, 2013 |
1) Are you Saving the Right Stuff?
2) Important Objects that May Be Improperly Excluded from your Backup Process
3) Video - Common Misconceptions - Using Authorization Lists
|
January 23, 2013 |
1) John Earl Memorial Tribute - To our Friend and Mentor
2) Tracking QSECOFR with the IBM Security APIs (Swap Profile) - With Source Code
by John Earl
3) Where Does *PUBLIC Get All That Authority?
by John Earl
|
January 9, 2013 |
1) The "Hidden" Security Options - WRKFCNUSG - Application Administration
2) Numeric UserIDs & Passwords
3) Video - The "Hidden" Security Options
|
December 5, 2012 |
1) The World's Easiest IBM i Heist?
By Robin Tatam
2) Auditing New Objects
3) Video - The Pitfalls of Relying on a 1982 Security Scheme
|
November 14, 2012 |
1) "Hijack" a User Profile on IBM i
2) Setting the Authority for New Objects
3) Video - "Hijack" a User Profile on IBM i
|
October 24, 2012 |
1) Avoid Unsanctioned 'Drive by' Access to IBM i - and CWBLOGON Script
2) Misconceptions on Authorities to Libraries
|
October 3, 2012 |
1) Watch Out! Detecting New Adopting Objects
2) Save all Spooled File Reports - Source Code Included - SAVESPLF
|
September 12, 2012 |
1) Fixing your Save/Restore Inconsistencies in Private Authorities
2) Copying Authorities from one User to Another - CL Command GRTOBJAUT
|
August 15, 2012 |
1) Work with Command Security - Command WRKCMDSEC - Source Code Included
by Carsten Flensburg
2) When was your last SAVSYS, SAVCFG, SAVSECDTA?
3) Video - Common Misconceptions - Using Authorization Lists
|
August 1, 2012 |
1) Top 5 Security Questions for IBM i
By Carol Woodbury
2) Restricting Access to System Request - SYSRQS
3) Video - The "Hidden" Security Options - WRKFCNUSG - Application Administration
|
July 18, 2012 |
1) Misconception - Command Line Access and "Limited Capabilities" Users
2) Watch out for the CHGPRF command!
3) Video - Misconceptions of User Profile Limited Capabilities
|
July 10, 2012 |
1) Mysteries of the QUSEADPAUT System Value
2) Caveat - Managing User Profiles Under Adopted Authority - Limitations
|
June 20, 2012 |
1) Invisible Data Access - Undetectable Data Theft on IBM i
2) Stronger Enforcement of Password Differences in IBM i 6.1 - QPWDCHGBLK and QPWDRQDDIF
3) Video - Are your User Profiles Vulnerable to Profile Hijacking?
|
June 6, 2012 |
1) Exit Points and Exit Programs - Explained and Illustrated - Source Code Included
2) CL Command to Manage the Intrusion Detection System - Source Code Included
by Carsten Flensburg
3) Logon to the IBM i - No UserID or Password Required (Within the FTP Exit Program)
|
May 23, 2012 |
1) Forensic Analysis using QAUDJRN Part 2 - Tracing User Activity
2) Alternative to Extracting and Formatting QAUDJRN
3) Video - Misconceptions on Ownership and Authority to User Profiles
|
May 9, 2012 |
1) A Tale of Leaky Data - UnSecured Spooled Files
2) Protecting Sensitive Data But - Where is it?
3) Video - The Pitfalls of Relying on a 1982 Security Scheme
|
March 28, 2012 |
1) Managing the Online Retention of Audit Data - Source Code Included RMVJRNRCV
by Carsten Flensburg
2) Registered Exit Programs - What You Dont Know Can Hurt You !
3) Video - IBM i Security - Function Usage - The Secret Security Options
|
March 14, 2012 |
1) Controlling IBM Query/400 Output Files - Source Code Included RMVJRNRCV
by Carsten Flensburg
2) *SECOFR User Class Does Not Make A User Powerful
3) Video - Misconceptions on User Limited Capabilities LMTCPB(*YES)
|
February 29, 2012 |
1) Why use Authorization Lists?
by Carol Woodbury
2) Changing Database Journaling Options on the Fly
3) Video - Common Misconceptions - Using Authorization Lists
|
February 15, 2012 |
1) Forensic Analysis using QAUDJRN - CL Command Usage
2) The Truth About Library Authorities
|
February 1, 2012 |
1) Protecting Your Security System Values from Modification - SST Lock
2) Stronger Enforcement of Password Differences in IBM i 6.1 - QPWDCHGBLK
3) Video - How to Identify and Fix Your Vulnerable User Profiles
|
January 18, 2012 |
1) The IBM i Intrusion Detection System - IDS
2) Who Removed my Exit Program? QAUDJRN and WRKREGINF
3) Video - The Pitfalls of Relying on a 1982 Security Scheme
|
January 4, 2012 |
1) The Problem With Too Many IBM i Private Authorities
2) Stop Adoption of Authority in the Calling Program - MODINVAU
3) Video - Misconceptions on User Limited Capabilities LMTCPB(*YES)
|
December 20, 2011 |
1) Correctly Securing Powerful and Sensitive Commands
2) My IBM i UserID is 77 and My Password is 123456
3) Video - Is the IBM i Vulnerable to Virus, Worms and other Malware?
|
December 6, 2011 |
1) Customizing the IBM 'Create User Profile' Process by Adding Your Own Logic
2) Watch out for CHGPRF!
Did you know that your end users and staff can change their own user profile?
3) Video - Common Misconceptions - Using Authorization Lists
|
November 22, 2011 |
1) Close the 'Open Pipe': Flush your Signon Server Credentials
2) Auditing Newly Created Objects
3) Video - The Hidden Security Configuration Options
|
November 8, 2011 |
1) Invisible IBM i Data Access - Undetectable Data Theft
2) Quick Reporting on User Profiles
3) Video - Popular Misconceptions - Authority to, and Ownership of User Profiles
|
October 25, 2011 |
1) IBM i Hidden Configuration Options
2) Insight into your Group Profiles
3) Video - Popular Misconceptions on User Limited Capabilities
|
October 11, 2011 |
