|
Data security software is mainly about protection against threats and identifying events that may be breaches in security. Risk assessment security, sometimes overlooked, has an important place in evaluating the controls which are implemented in an organization's information systems.
|
|
|
Bsafe Information Systems has developed a software tool for security risk assessments on IBM i. It is called the Bsafe SAT - Security Assessment Tool and complements Bsafe's range of data security software products for IBM i. mainframe, and multiple platforms.
|
|
IT Risk Assessment using the Bsafe SAT
|
|
|
The Bsafe Security Assessment Tool is dual-platform software application with components residing on both the IBM i and your local PC. Operated entirely from the Windows GUI, it makes an easy to understand information security risk assessment which it presents as an executive summary, a simplified statistic list and in graph form.
|
|
|
|
|
|
Security Audit Definitions
|
|
|
The first part of the Bsafe SAT IBM i information security assessment deals with OS/400 security definitions, a selection of security system values covering essential OS/400 security areas such as password constraints, and power users. The password system values include length, special characters and password replacement policy whereas the power user definitions include a statistical view of the number of user profiles that have been granted special authorities of the various different types. A comparison of made against recommended values.
|
|
Network Security Risk Assessment
|
|
|
The second part of the Risk Assessment Security tool's operation is a series of attempted penetrations to the IBM i server. This is done by using several different methods of connecting to the IBM i and, if successful, carrying out a number of actions for each connection path. The first is FTP, a highly popular form of network connection - and a common vulnerability. If a connection is successfully made, an attempt is then made to upload and download files between the IBM i and the client PC. Next, the remote command server is accessed through IBM Client Access to perform system commands remotely and the third form of network security risk assessment is connection via the database server of the IBM i to perform a number of basis database functions.
|
|
Risks From Open Ports
|
|
|
A view of currently open ports on the IBM i server is also included, indicating the status of each open port.
|
|
|
For more information about Bsafe risk assessment security and auditing software products, contact us today.
|
|
