Identify Potentially Dangerous Changes to Your Operating System
Vendors' "patched" programs can expose your System i to security holes.
by Mike Grant
It's no secret that vendors sometimes play around with i5/OS to achieve functionality beyond that supported by a given release level. But what is less widely understood is that this practice of "patching" programs can introduce instabilities and security exposures to your System i.
Hackers or disgruntled employees can also use patched programs to harm operations or create back doors for data extrusion. Not all patched programs are bad, but even good intentions can have negative side effects. Identifying alterations that patched programs have made to IBM's digital signatures is critical to maintaining the health and security of your system.
Acting upon user requests, IBM began digitally signing OS objects in V5R1 and built a command into that release to allow operators to run a check on digital signatures to ensure that they are still valid. (Developers can also sign their own objects and use the command to check those as well.) The command lacks the ease-of-use of commercial anti-virus, spyware, or malicious code detection applications, however, and the tool has not been widely known nor the issue of alterations widely understood.
With the introduction of regulatory legislation such as Sarbanes-Oxley, the need to identify and document alterations that could create security exposures became critical. To help users easily manage this aspect of system maintenance, Bytware added Object Integrity Scanning (OIS) functionality to its StandGuard Anti-Virus solution.
Building upon object integrity and digital signature APIs that IBM has included in OS/400 since V5R1, OIS provides an easy way to identify patched programs and modifications to the operating system, allowing managers to decide what action—if any—they should take.
This article was originally published on MC Press Online.