By Rich Loeber
During this time of Covid-19 crisis, most of our customers are reporting in that they are working from home and will probably be doing so for several months. We are working independently here too where I find myself the only one in the office.
With so many people working with remote access, what are the security risks to your IBM i as a result? If you aren't mindful of security during this crisis, you could expose your system unnecessarily and create issues for you that will last a lot longer than the current crisis.
Here are a few that come to my mind right away ....
If your users/programmers/system administrators are using 5250 terminal sessions to access your system, make certain that they are all using SSL for the connection. Last month, I posted an update to a prior blog post on this topic. If your terminal sessions are not using SSL, then your user profiles and passwords are traveling over the Internet as plain text. Given that programmers and administrators tend to have super user profile privileges, this could be catastrophic. In my opinion, this should be your number one concern. http://www.kisco.com/ibm-i-security-tips/?p=312
Browser Based Applications
When you are in the office and working on browser based applications hosted on your IBM i system, you might consider yourself to be safe if you are running the application using an HTTP address. While that may be true, when you run that same browser based application from home using HTTP, the data that transfers back and forth to your desktop environment will be sent in plain text. Since most applications require a sign-on process, then your user profile and password are again exposed while in transit.
The solution is to update your HTTP application to use HTTPS protocols. By making this change, the browser data streams will be encrypted, adding the necessary security that you will need. Several years ago, I posted a tip here on how to make that change.
File Transfer Protocol (FTP)
While working in the office and hiding behind a firewall, bringing up a quick FTP session on your desktop to transfer IBM i information to/from your personal computer is a quick and easy way to get things done. Doing that same thing while working remotely can, like telnet and the browser applications, expose your user profile and password as open text.
The solution is to change your access to use SFTP (Secure File Transfer Protocol). The good news is that IBM i supports SFTP. I found this article at an IBM website on how to set this up for your use.
This quick tip just scratches the surface of these issues. These were the issues that came to mind as being highest on a list of concerns. I would love to hear from any of my readers who have more ideas on areas where we should have serious concerns.
If you have questions about details of this tip, feel free to contact me directly by email: rich at kisco.com.