Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Essential Layers of IBM i Security: Security Monitoring and Auditing

Taking a holistic view of your security profile is critical to success. Grouping together security best practices and technologies into six primary layers, where each layer overlaps with the others, provides multiple lines of defense. Should one security layer be compromised, there’s a good chance that another layer will thwart a would-be intruder.

Our final webinar in this series focuses on monitoring the IBM i and automatically alerting administrators and security officers whenever suspicious activity is detected, as well as logging all security-related events for the purposes of tracking and auditing.

  • Sé el primero en comentar

Essential Layers of IBM i Security: Security Monitoring and Auditing

  1. 1. Layers of Security Security Monitoring and Auditing Dawn Winston – Product Management Director Bill Hammond – Product Marketing Director
  2. 2. Housekeeping Webinar Audio • Today’s webinar audio is streamed through your computer speakers • If you need technical assistance with the web interface or audio, please reach out to us using the Q&A box Questions Welcome • Submit your questions at any time during the presentation using the Q&A box Recording and slides • This webinar is being recorded. You will receive an email following the webinar with a link to the recording and slides
  3. 3. Today’s Agenda • Layers of Security Overview • Security Monitoring and Auditing • System-audit journaling • File journaling • Monitoring database-read activity • Analyze, report and generate alerts • Save data for compliance • Forward data to a SIEM solution • Q & A 3
  4. 4. Layers of Security 4
  5. 5. Security Monitoring and Auditing Log security-related events for the purposes of tracking, documentation, and to automatically alert administrators and security officers whenever suspicious activity is detected. 5
  6. 6. IBM i Security Monitoring and Auditing 1 System-audit journaling 2 File journaling 3 Monitoring database read activity 5 Analyze, report and generate alerts 6 4 6 Save data for compliance Forward data to a SIEM solution
  7. 7. System-audit journaling
  8. 8. System-audit journaling 8 • IBM i OS System auditing provides comprehensive monitoring and control of any changes made to system, object, or security configurations • System auditing is configured at three different levels: • System-wide / all users - CHGAUD • Specific objects - CHGOBJAUD • Specific users - CHGUSRAUD • Configuration details are defined using QAUD* system values • Detailed audit records are written to the QAUDJRN system- audit journal • The Display Journal (DSPJRN) command enables direct review or output to a database file for use in analytics and security applications.
  9. 9. File journaling
  10. 10. File journaling 10 • IBM iOS file journaling monitors for any changes made to Db2 (*FILE) or stream file (*STMF) objects. • A journal entry is written to record any change to monitored file data • Combines with QAUDJRN for complete file-access and data- change audit trail • Be sure that Authority designation is set to “PUBLIC (*EXCLUDE)” for any *FILE or *STMF objects containing sensitive data! • Also used by: • HA/DR Software packages • Application Development teams for Commitment Control
  11. 11. Monitoring database-read activity
  12. 12. Monitoring database-read activity • Extremely sensitive data requires fine-grained monitoring • Third-Party tools can supplement and refine iOS capabilities • Examples: • Did a user view particularly sensitive data — regardless if the data was changed? • Was a Credit-Limit field changed by over 10%? • Was a Wage and Salary database accessed outside of normal business hours? • Tools exist that can monitor and log at this level, and provide a snapshot showing the precise data the user viewed 12
  13. 13. Analyze, report and generate alerts
  14. 14. Analyze, report and generate alerts 14 • Regular and timely journal review, reporting and alerting are all essential • iOS journaling entries are recorded in a cryptic, hard-to-read format • Example: • Even basic journal reporting and analysis can be difficult and labor intensive, real-time alerting even more so • Third-party solutions can simplify and automate these critical tasks
  15. 15. Save data for compliance
  16. 16. Save data for compliance 16 • Many regulations require secure archiving of unaltered transaction and data-change records to support audits and other actions • In addition, some regulations require saving system logs for multiple years • System-audit and file journal records are stored within iOS system objects called “journal receivers” • Absolutely accurate and accessible HA/DR backup and archival retention of journal receivers is business critical!
  17. 17. Forward data to a SIEM solution
  18. 18. Forward data to a SIEM solution 18 • Today’s IT complexity makes security automation a basic requirement • IBM i security capabilities are extensive and powerful, but the journal data is all but inaccessible for use in other systems • Without IBM i security data, enterprise-wide SIEM, ITOA systems are rendered incomplete, and the entire organization more vulnerable • Third-party tools enable and streamline IBM i journal data access, filtering, re-formatting and delivery for SIEM/ITOA integration • Support information sharing and collaboration across teams
  19. 19. What Can You Detect with a SIEM? • Data movement – Across multiple systems; inbound/outbound FTP • Dataset access operations • Determine potential security threats based on unauthorized access attempts • Ensure only authorized users are accessing critical datasets • Privileged/non-privileged user activity monitoring • Unusual behavior pattern – off hours connections • High number of invalid logon attempts • Attack detection – intrusion, scans, floods • Authentication anomalies – e.g. entered the building at 08:30 but logged on from another country at 09:00 • Network Traffic Analysis – high data volumes from a device/server • And much more 19
  20. 20. Top Takeaways • You can’t monitor what you aren’t watching! • Turn on auditing, save journal receivers, and take advantage of everything the operating system can log for you. • Use Monitoring, Reporting and Alerting Tools to gain full visibility into security issues! • Pass your next audit by ensuring you meet system logging and journal retention regulatory requirements. • Gain real-time analysis of security alerts with a SIEM’s holistic, unified view into policy compliance and log management. 20
  21. 21. Layers of Security 21
  22. 22. Download the White Paper The six layers of IBM i security and how Precisely can help 22 layers-of-ibm-i-security
  23. 23. Layers of Security Webinar Series 23 Topic 1 Topic 2 Topic 3 access on Resource Center Topic 5 Topic 6Topic 4 today
  24. 24. Q & A