Batch Scheduling Enhances Compliance Monitor 3

PowerTech announces the addition of batch scheduling and automated report distribution to Compliance Monitor, its popular security auditing solution.

Compliance Monitor is the premier IBM i audit solution, providing consolidated reporting across partitions, compliance scorecards, powerful filtering, and forensic analysis of audit journal events. The addition of batch scheduling gives you the option to run audit reports at off-peak hours to avoid interfering with production systems. Plus, automated audit report distribution ensures managers have the reports they want to see when they arrive at work.

Batch scheduling joins the valuable features already part of Compliance Monitor 3, including:

• A powerful browser-based interface that makes it easy to specify report requirements and display the collected information.
• Several new reports, including a predefined report category designed to help gaming organizations comply with Nevada’s Minimum Internal Control Standards (MICS). Other new reports cover security system values added in IBM i 6.1 and 7.1, native and IFS object reports, and authority adoption information.
• An “intelligent” pre-checker utility that can verify the server meets the requirements for installation.
• An automated install process so you can start auditing your system sooner.

Learn more about Compliance Monitor 3.

—————————————————————————————-

When Good Guys Turn Bad

By Robin Tatam, Director of Security Technologies

I frequently preach to security audiences about the dangers of “insider threat,” and I think it’s something that can’t be emphasized enough.

While many organizations assume that a breach of their perimeter defenses represents the greatest risk, studies show that the majority of data that’s lost, stolen, or damaged, happens as a result of an authorized user operating inside the firewall. On IBM i, this can be attributed partly to the fact that many organizations base their security on the legacy model of menus and command line restrictions. Unfortunately, with IBM i support of powerful TCP/IP services, a user isn’t always presented with a menu or restricted from executing commands. A user simply has to supply a user profile and password—something that most users are given as soon as they’re hired—to gain full access to the data assets. Each year, our “State of IBM i Security” study shows that many companies use easily decipherable user profile naming conventions and require only simple passwords. Too often, administrators leave doors to their systems open by allowing numerous enabled profiles with default passwords.

While we might acknowledge the possibility of an application user exceeding their authority to access restricted data, or using authorized data in an unapproved way (for example, downloading information to a USB device), what happens when a trusted IT employee goes rogue?

Dealing With Rogue Employees Isn’t Always Easy
A recent article by Tam Harbert in Computerworld magazine, “When Trusted IT Pros Go Bad,” gave some shocking real-world examples that illustrate how the most dangerous users in any environment are those with powerful access and the knowledge to use it. When a user holds a position of trust, it can be that much more difficult to identify and remedy the situation.

The article highlighted the challenges faced by some employers when they were unable to simply fire an employee who possessed the virtual keys to the kingdom. One company went as far as concocting a ruse to send a rogue employee on an urgent cross-country flight! This provided a window of several hours for other staff to change passwords and secure the IT assets he had administrator access to. Such extreme measures became necessary after it came to light that the employee owned a company that had sold more than a half-million dollars in pirated software to his employer.

Another company made the mistake of incorrectly handling the firing of an extremely powerful employee after they discovered evidence of various illegal activities. While the employee’s manager and a security guard hurried to his office, a human resources representative called the employee to tell him to stay put. Unfortunately, suspecting he had been discovered, the employee had time to delete an encryption key ring. This ring contained the only copies of encryption keys for about 25 employees in the legal and contract departments. (The article pointed out the irony in that many companies don’t back up this type of information due to its sensitive nature!) This had the effect of permanently encrypting the data and amounted to an estimated 18 person-years of lost productivity.

Corporate embarrassment can be an additional challenge posed by rogue employees. Companies prefer not to shine a spotlight on the fact that their controls were breached by one of their own. Take the case of the system administrator who brought down a Fortune 500 company with “logic bombs” designed to cause entire banks of servers to crash. Originally a star performer in the IT department, the employee was granted immunity from prosecution in return for her help in fixing the issue, and also with the agreement to never speak publicly about the incident. According to Larry Ponemon, a renowned security researcher, the company didn’t want her “going on Oprah and talking about how she broke the backbone of a Fortune 500 company.”

What Motivates a Rogue Employee?
The motivation for any employee to turn rogue typically falls into one of two categories: financial gain and revenge. When that user operates within the “circle of trust,” it can be difficult to detect illegal activities as they often have greater access and can cover their tracks. Examples of employees seeking financial gain include hacking ATMs to dispense cash but not record the transaction (Bank of America), and stealing valuable computer code (Goldman Sachs). Revenge usually manifests itself in internal damage to the infrastructure or data assets. Attacks in recent years have included code set to destroy data on nearly 5,000 servers (Fannie Mae), and a disgruntled worker who included logic that affected 1,000 computers and caused about $3 million in damages (UBS PaineWebber).

It’s unlikely you’ll ever be able to totally eradicate the risk of malicious intent by powerful and trusted internal users, but you can implement strong controls to ensure that these people are treated with the same caution as any other user. People are human, and a powerful title does not (or rather should not) place someone above reproach or suspicion. That’s certainly a lesson that corporate America has learned the hard way during recent years!

Control Powerful Users With Authority Broker
PowerTech Authority Broker can help you control and manage powerful profiles on IBM i systems. By reclaiming the excessive power and freedom that these administrator-class users often enjoy, and by providing an audit trail of their activities, it becomes easier to build in the necessary safeguards to ensure that you are not the next victim of one of these horror stories.

Editor’s Note: Robin often blogs about the latest security breaches in the news. Follow his blog for his thought-provoking look at the state of security in companies today. He usually includes some pretty cool photos, too.

—————————————————————————————-

Q & A with Paulie Culin

Dear Paulie,
Can I save my report with custom filters in Compliance Monitor, and run it again?

A: Yes! Compliance Monitor is very flexible and allows you to save your custom filters, columns, and sort criteria so you can use them again and again.

The easiest way to get started is to select an assessment that is available through Compliance Monitor. First, run the assessment and, when the report is ready for viewing, open the completed report in the Compliance Monitor browser. Use the Columns/Sorting tab to add or remove columns in the report, and adjust the Sort by options to determine the first, second, or even third level of sorting. Next, use the Filters tab to display the default filters available for this report. You also can create a new filter or copy existing filters to further customize your report.

Once you’ve selected the columns and sort criteria and added your filters, the report displays with your changes. When you close the report, you’ll be prompted to save your changes with a custom name in a custom report group. After you’ve saved your changes, you can request your new custom report to run in the future or schedule it using the new Batch Assessments/Reporting feature of Compliance Monitor 3.

Learn more with PowerTech Webinars and online training.

Request a demo.