IBM i Audit

Overview

Usually, security policies are implemented using the in-built IBM i tools, the most important of these being the embedded, object-based authorization system. Granting or revoking object access to certain users can secure the system but nevertheless, there are many different ways in which the user can circumnavigate the authorization system. Here are some examples:

The application can have undetected holes within its security authorization scheme
Programs may inherit access privileges that are higher than the individual user
A user can get access to an unsecured command that can grant them more privileges
A password for a powerful user profile can be obtained or left in use on an unattended terminal
A programmer may use an unauthorized interface as a Data File Utility (DFU) to modify a sensitive file

No matter how well designed and deployed you believe your security auditing schema to be, you must verify that nothing can compromise it. For example, something a simple as a system value change may render your security schema useless. Modern hackers use various techniques to pose as employees, system administrators or help desk personnel to get user names and passwords from innocent users. Also, consider the case of the dissatisfied employee who may be tempted to delete application objects or copy confidential data and publish it on a website.

The Event Manager IBM i template uses IBM auditing mechanisms to provide you with real-time and historical system auditing and detects any activity that you consider you be suspicious. You can set customized policies at a very detailed level, receive real-time alerts and automatically execute actions when a problem arises (such as disabling access for a particular user). This helps you continuously evaluate your security planning and policies, identify weaknesses and cover limitations, specifically:

Ensure that your security policy adequately protects your company’s resources
Detect unauthorized attempts to access your system and your company’s confidential data
Detect attempted security violations and application problems relating to authorizations
Reduce average time for problem resolution
Detect system vulnerabilities
Plan migration to a higher security level
Monitor the use of sensitive objects, such as confidential files

IBM i Security Auditing

IBM i can log security events that occur on your system. These are recorded in special objects called journal receivers.

The security auditing function is optional so you must take specific steps to set it up. Please refer to your IBM i documentation for guidance on how to do this. System values and specific commands control which events are logged.

Copyright © Fortra, LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.
Version: 6.9 | April 2024