Kisco Systems

Kisco U

Free training to secure every IBM i

We sell software, but we give away knowledge for free!
Sign up to receive an email update when we add new content to Kisco U


  • Basic Authentication Credentials are Encrypted with TLS

    You may have heard claims that HTTP “basic” authentication leaves credentials unencrypted and exposed. While it’s true that basic auth itself doesn’t encrypt credentials, this doesn’t matter in practice. Modern sites and APIs should be using HTTPS, which encrypts everything over the wire, protecting basic authentication credentials in transit.

    Read more

  • Controlling FTP with IBM i Function Usage

    The IBM i OS includes a feature called Function Usage that will let you control FTP. Function Usage controls who is allowed to connect with your system using FTP from a remote location, what FTP commands they are allowed to use and who can initiate an FTP session from your IBM i to a remote server.

    Read more

  • Journaling Data Areas

    Because data areas can be handled by multiple programs, it is often difficult to understand how a setting changed and when it happened. Did you know you can use IBM i journaling technology on data areas? Find out how to set this up and interpret the data.

    Read more

  • IBM i Remote Program Security Loopholes

    Users with limited capabilities can STILL execute IBM i commands and programs in various network connected contexts such as ACS "Run SQL Scripts" and FTP.

    Read more

  • Audit journal record types

    As with any journaling technology from IBM, the audit journal data can be incomprehensible. And IBM logs a lot of data points. The entries are logged as various record types with a two character type code. From a security monitoring and alerting perspective, we only really care about a subset of these records.

    Read more

  • Subscribe to IBM notifications for IBM i

    IBM i best practice for security starts with keeping your system current. IBM publishes notifications about OS updates, security alerts and more. Here's how to subscribe.

    Read more

  • i2Pass webinar: IBM i MFA with DUO authentication [video]

    In this product update webinar for version 4 of i2Pass, we talk about MFA for IBM i, the advantages of MFA authentication with DUO, and how we have integrated mobile authenticator apps into our MFA products.

    Read more

  • Red Alert - High Risk Profiles

    Certain combinations of user profile configurations create a very insecure, high-risk condition that should be rectified immediately. Here's how to find out if you are exposed.

    Read more

  • IBM i Security Fundamentals: Disaster Recovery [video]

    Justin Loeber, from Kisco Systems, and Ed Moon, CTO of Absolute Performance, discuss disaster recovery for the IBM i. Topics include business case, technical definitions, strategies and tips for selecting a vendor.

    Read more