We’ve said it before, and we will continue to say your IBM i may not be secure. There’s a lot of misconception about the IBM i and whether your system can become infected with a virus or ransomware attack. Let me be clear, your IBM i can get infected, and your data can be encrypted. We’ve seen it happen. We’ve done it to prove a point, and we’ve helped customers recover. It’s highly securable; however, you need to do the work to ensure adequate controls and solutions to help protect your data.
Protecting your IBM i requires a layered approach where you implement system controls, user controls, and object controls and put solutions in place to help identify potential risks and even take action to resolve them. There isn’t one size fits all solutions, and there isn’t a magic bullet for getting it done. It requires some analysis and planning to ensure that the users can do what they need to, but they have the least authority.
Protecting your IFS from anti-ransomware attacks and viruses was something we thought we didn’t need to worry about with the IBM i. We thought the IBM I database was protected. It was at one time, but now the IFS creates a new vulnerability and one that people didn’t even realize existed: root shares. With a root share, someone can access the entire IBM i. That’s right, and they can get to your IBM file systems. From there, they can destroy your data.
The good news is that you can implement solutions to help protect your data from those who wish to harm your business. Raz-Lee provides both Anti-Virus and Anti-ransomware solutions for IBM i. iTech has been selling this solution to our customers to help them implement another layer of protection around their data
Anti-virus and Anti-ransomware solve separate issues.
Viruses are malicious code that attaches itself to a file. Viruses can be automatically executed through websites or files and even spread across networks. You should never click on a link in an email from an unknown source, and even then, you need to verify it’s a credible link.
Ransomware attacks encrypt your files, and the contents of mapped drives and cloud storage, preventing you from being able to access your data. The purpose of the attack is to get you to pay for the key to unencrypt your data. One customer reported that the ransomware first encrypted their backup files and then the rest of the system, making it impossible to recover. While they could recover the IBM i side of the business, some of the other areas were not so lucky.
Since we face different issues, we need different solutions to solve each problem. Anti-virus software can automatically protect you and take automated actions. The anti-virus scans all accessed files, marks, quarantines, and deletes any infected files. The solution offers automatic database updates keeping your virus file current. One of the nice things is the solution can run entirely on the IBM i and doesn’t require any additional third-party anti-virus solutions. However, if you have restrictions on being able to connect their IBM i to the internet or if performance is a concern. You can run the solution with an ICAP client.
When run on the IBM i, anti-virus software scans can affect performance. One solution is the ICAP client which reduces the load for scanning files on the IBM i and passes it to an external ICAP server. This allows you to use your Anti-Virus provider (Symantec, McAfee, Kaspersky, Sophos, etc.) It also eliminates the need to have internet access on IBM i to update file definitions and keep them current.
Anti-ransomware software works differently but offers similar benefits through automated actions. The solution identifies any malicious activity, stops the attack, can disconnect the intruder, and raise an alert. Since the IFS is a mapped drive, your IFS files are exposed. Implementing an anti-ransomware solution can help protect your data by detecting threats and isolating them. The idea is to protect your files from being infected in the first place.
Unlike anti-virus, which can affect system performance, anti-ransomware software does not. There is no overhead scanning your system. Ransomware definitions are automatically updated by web or by proxy if you are not allowed to have your system connected to the internet.
What about new attacks?
The solution can protect you from known threats, such as the WannaCry. The virus definitions for the known threats, help protect your system in real-time. However, that doesn’t mean you are exposed to zero-day attacks. When a new ransomware version is released, this is known as a zero-day attack. Anti-ransomware uses behavioral threat detection to prevent encryption by unknown ransomware and can take automated actions to prevent your data from being encrypted. So either way, your data is protected.
The IBM i no longer stands alone, and as a result, we need to ensure that we protect it like we do the rest of the network. Implementing anti-virus and anti-ransomware solutions can help protect your IFS and your IBM i data. It’s the right thing to do.
More from this month:
- Do You Know Where Your Audit Journals Live On Your System?
- Information Technology – Proactive or Reactive Perspectives
- iTech iTip Videos
- Sips & Tricks: Coffee with iTech
- iBasics: IBM i Education for the Beginner System Administrator
- Let iTech Take You Out to the Ballgame ⚾
- Upcoming Events
- iTech Spotlight
- IBM i, FSP, and HMC release levels and PTFs (May 2022)