LATEST CONTENT
The Apache-based IBM HTTP Server for i is a vital defense in web and API security for IBM i. As such, it requires regular attention.
Use this procedure to check the version of libwebp or any other open source package on IBM i.
You may have heard claims that HTTP “basic” authentication leaves credentials unencrypted and exposed. While it’s true that basic auth itself doesn’t encrypt credentials, this doesn’t matter in practice. Modern sites and APIs should be using HTTPS, which encrypts everything over the wire, protecting basic authentication credentials in transit.
The IBM i OS includes a feature called Function Usage that will let you control FTP. Function Usage controls who is allowed to connect with your system using FTP from a remote location, what FTP commands they are allowed to use and who can initiate an FTP session from your IBM i to a remote server.
Because data areas can be handled by multiple programs, it is often difficult to understand how a setting changed and when it happened. Did you know you can use IBM i journaling technology on data areas? Find out how to set this up and interpret the data.
Users with limited capabilities can STILL execute IBM i commands and programs in various network connected contexts such as ACS "Run SQL Scripts" and FTP.
As with any journaling technology from IBM, the audit journal data can be incomprehensible. And IBM logs a lot of data points. The entries are logged as various record types with a two character type code. From a security monitoring and alerting perspective, we only really care about a subset of these records.
IBM i best practice for security starts with keeping your system current. IBM publishes notifications about OS updates, security alerts and more. Here's how to subscribe.
In this product update webinar for version 4 of i2Pass, we talk about MFA for IBM i, the advantages of MFA authentication with DUO, and how we have integrated mobile authenticator apps into our MFA products.