If you don't keep track, you'll never know what's going on in your yard. You could be getting attacked on a regular basis and never know it.
NAT stands for "Network Address Translation". Among other things, NAT will allow you to provide public access to your system even though it sits behind a firewall.
Thanks to our SafeNet/i exit point network control software, we successfully thwarted all unauthorized accesses. Of these, 351 were attempts to gain access via FTP and another 6,009 attempts were to get a Telnet signon session during the analysis period.
To review the current contents of the system job scheduler, use the i/OS command Work with Job Schedule Entries (WRKJOBSCDE). This command will display information about every job in the system job scheduler. It will tell you what the job is, how it is invoked and when it is next scheduled to run.
Recently, we identified a new phenomenon where a hacker (or hackers) are attempting to break into our system using Telnet. The pattern is always the same. Exactly twenty seven attempts are made to open a Telnet session on the server. The attack lasts for 2-3 minutes and then stops.
In the IBM i world, it has always been possible to track access to the system by user profile. It is just a simple matter of activating and configuring the system audit journal and sitting back to wait for some information to be accumulated. Then, using the DSPJRN judiciously, you can get a list of who signed on to your system and when they did so.
The thing that makes remote work possible is the Internet and remote access technology. But, as you think about it, while you have access remotely to off site computing resources, so does anyone else who is connected to the Internet. That is a huge security exposure to your IBM System i. Even the much touted security on this exceptional system will have exposures.
For the full year, our server posted close to 1 million network transactions. This is nothing in today's computing environment, some of our customer's servers can record that level of activity in just a few minutes. But, taken as a whole for the year, 0.5% of those network access attempts were not authorized by us.
there are lots of good reasons why you want to allow FTP access to your system. So, don't be afraid of it, but use it wisely.
During this quarter, we saw that brute force FTP attacks using a large number of different common user profiles disappeared. In its place, we are seeing repeated attempts to gain access using very common user profiles but cycling through multiple passwords on each attempt.
A few weeks ago, I published a tip about the security exposure that FTP represents on your IBM i platform. That tip has generated some interesting feedback along with some ideas from readers on how they address the issue. This tip features some additional ideas for you to protect yourself from FTP abusers.
With FTP on your IBM i, you can transfer files to other systems, including other IBM i's, with ease. You can also use it to move programs and files between systems, all with relative ease. But, increasingly, FTP is also becoming the hackers weapon of choice when cruising the Internet. And, with FTP's QUOTE command (among others), a knowledgeable hacker could do some serious damage to your system.
RECENT POSTS
CATEGORIES
© 2021 KISCO SYSTEMS LLC
54 Danbury Rd. | Suite 439 | Ridgefield, CT 06877
