|   | ||
| SecureMyi.com Security and Systems Management Newsletter for the IBM i   
              June 12, 2013 - Vol 3, Issue 30 | ||
|   | ||
|       | 
  Feature Article | |
| In This Issue
 Quick Links
 Our Newsletter Sponsors
Platinum Sponsor | IBM i Security ResourcesJohn Earl Memorial Tribute - Jan 2013 IBM i Security Videos from SecureMyi.comSecureMyi Newsletter Home and Archives Search Security Site for IBM i and i5/OS IBM i Security Reference - IBM i 6.1 IBM i Security Reference - IBM i 7.1 QAUDJRN Audit Types By AUDLVL 6.1 QAUDJRN Entry Type Record Layout 6.1 RedBook - Security Guide for IBM i 6.1  Open Security Foundation - DataLoss DB PCI SSC Data Security Standards       |     | 
| IBM i Security Calendar of Events
 |       | |
| Featured YouTube Educational VideoIBM i Security  Cannot Access YouTube from your office? Download the video in wmv format.   | ||
|   | ||
| 
Security Shorts -By Dan Riehl Did you know that it may be possible to logon to your IBM i using a non-existent UserID and no password? One such method is by using a variant of "Anonymous FTP". Anonymous FTP is typically implemented in such a way that the FTP user logon prompt is answered with a userID of ANONYMOUS, and the password prompt is replied with an email address like user@mydomain.com. The user is then logged-on and is typically restricted to sending or receiving files from a PUBLIC directory. Some companies use this ANONYMOUS FTP technique to allow public downloads of product manuals, software fixes, public documents, etc. You can implement ANONYMOUS FTP on the IBM i by writing or buying specialized FTP server exit point programs that interface with the IBM i FTP server. In order to implement this ANONYMOUS FTP logon, the exit program attached to the FTP logon process must instruct the FTP server to bypass UserID and Password checking. ANONYMOUS and user@mydomain.com are typically not a valid IBM i UserID and Password combination. With this in mind, it is possible for an FTP LOGON exit program to completely circumvent the security of your system. If a nefarious technician can add an exit program to your FTP server Logon process, that program could potentially allow a non-existent UserID to logon through FTP as a system administrator with *ALLOBJ authority without providing a valid UserID or Password. In the above Feature Article "What is an Exit Point?", I discussed the FTP server Logon exit point program. In that article you can glean the information needed to allow a user to bypass user and password checking, and to redirect the server to logon a user as any valid user profile including powerful *ALLOBJ system administrator users. This information is also available in any article or document that discusses the implementation of ANONYMOUS FTP on the IBM i. The purpose of the Feature Article was to show how to audit all FTP logon attempts and to sound the alarms when a suspicious Logon attempt occurred. Protect your System!Since the FTP logon exit program can bypass user and password checking, you must be vigilant in protecting the exit point as well as the other network logon exit points from rogue programs. To check to see if there may be an FTP Logon exit program in place on your system, use the command WRKREGINF(Work with Registration Information) and find the entry for the Exit Point named QIBM_QTMF_SVR_LOGON. This is the exit point for the FTP server Logon process. Select option 8 to see if a program is registered for this point. If a program is listed, you need to make sure you know exactly what the program is doing. If you do not know what the program is, or what it is doing, you really need to find out, or remove it until you can verify what it is. Note: If you are running a commercial network exit point product, there will be a program listed here. If you remove the program from the exit point, you may be removing some protections and auditing capabilities that are provided by the security software vendor's exit program. If you want to monitor your system for any changes to the system exit point program registry, you can turn on auditing for any changes to the exit points. This will allow you to monitor for the addition or change of any exit point programs. For information on how to audit the exit point program registry see my article 'Who Removed My Registered Exit Program' in the Security Shorts section of the January 4, 2012 issue of the SecureMyi Security Newsletter. | Sponsored Links
    IBM i, iSeries and AS/400 | |
|   | ||
|   | ||
| Send your IBM i Security and Systems Management News and Events! Send your Questions, Comments, Tips and Stories Copyright 2013 - SecureMyi.com, all rights reserved SecureMyi.com | St Louis MO 63017 | ||