iTech Solutions Group, LLC. Introduces New IBM i Security Framework and Onboarding Service at Regional Seminar Series in February 2018

DANBURY, CT — iTech Solutions Group, LLC. Introduces new IBM i Security Monitoring Service

At an upcoming regional seminar series, iTech Solutions Group will unveil a service unlike anything else in the industry. This new framework covers in detail all the mandatory and advisory security controls needed, with a dominant focus on the IBM i Server. This new Framework provides a security baseline for the community.. To complement this, iTech has built an onboarding methodology centered on best practice IBM iSecurity Controls Policies, which sets out the terms under which your system will be protected. The methodology also describes the procedures governing how you will achieve compliance and ongoing change control.

The seminar schedule dates are:
February 5 – Providence, RI
February 6 – Framingham, MA
February 7 – Waitsfield, VT
February 8 – Manchester, NH
February 12 – Westbury, LI
February 13 – Norwalk, CT
February 14 – New York City
February 15 – Fairfield, NJ

Pete Massiello, President and CEO of iTech Solutions Group, said “One of the key principles of the new service is to create momentum to drive improvements in security and risk management. Using this service will allow clients to drive their business forwards without worrying about a lack of inside skills, multiple tool configurations and increasingly more stringent legislation. This service is 100% designed to support clients’ current cyber-risk management processes and enhance where appropriate.”

Key Features of the new iTech IBM i Security Service:

    • Monitor the system security: To identify any security breaches and threats and unwanted/unauthorized access or access attempts.
    • Fully control and apply all the security needs and recommendations: To have full control on all security areas and to be able to close any breaches or potential threats from inside and outside the system.
    • Control access to the server: Especially through TCP/IP connections (ODBC, .NET, DDM, FTP…etc).
    • Event Monitoring: Monitor any critical system aspects that may lead to major system crash or performance degradation and send direct alerts to concerned people via SMS and e-mail to be able to take quick actions in order not to affect business continuity.
    • Reporting: Customizable, user-friendly reports bringing all security events to the forefront
    • Capability to close all major audit findings related to security and system monitoring on IBM i.
    • Compliance Reporting: Compliance policies configured and violations reported.

According to Phil Pearson, Chief Information Security Officer, “iTech is hosting customer security workshop sessions entitled Taking Back Control of your IBM i in order to guide and support IBM i customers in understanding how to better improve their security posture and help prepare for compliance and audit reporting”. To register for an upcoming seminar, please refer to the Events section of the website at:


iTech Solutions Group, LLC. Is an IBM Premier Business Partner helping its clients achieve the highest performance, utilization from their IBM POWER Systems (AS/400, iSeries) running IBM i. As an IBM Premier Business Partner, it delivers solutions and services to IBM i clients throughout the world. The company’s President and CEO, Mr. Pete Massiello, has been working with the AS/400, iSeries, and IBM i since 1989, focusing on systems management and technical support. He is a member of IBM’s certification test writing team, an IBM Certified Systems Expert with certifications in IBM i design, administration, LPAR, virtualization, implementation, and HMC management.

Published on:

Spectre and Meltdown – What Do You Do for IBM i?

Spectre And Meltdown Threats

The Spectre (Variant 1 & 2) and Meltdown (Variant 3) threats that target speculative execution on all CPU’s will affect IBM Power7, Power7+, Power8, and Power9 systems and IBM has stated that it will have firmware patches for Power Systems available but does not state if its patches will cover all three variants of the vulnerabilities. IBM has not issued fixes for Power6, Power6+, and Power7 systems.

What is not known at this time is what kind of performance impact the fixes for Spectre and Meltdown will have. It will probably depend on the nature of the CPU

architecture, the way the memories are isolated and checked to keep users out of kernel space, and the way the applications make use of speculative execution.

It is possible that systems that are CPU or memory bound are going to thrash after the fixes are applied. Our advice is to benchmark the throughput of your system for some period of time before applying the patches, apply the patches and then run the tests again so that you fully understand and can document the impact.

As of January 13th, IBM has released operating system patches for IBM i 7.1, 7.2 and 7.3 to compliment the firmware patches for POWER7+, and POWER8 processors already released. The specific PTF’s required by release are as follows: Release 7.1 – MF64553, Release 7.2 – MF64552, Release 7.3 – MF6 4551.  Both the IBM i and firmware patches must be applied in order to mitigate the Spectre and Meltdown vulnerabilities.

Don’t leave your keys in the lock!  Know how to protect your company from threats.

As well, please keep watching the PSIRT blog for further developments.

The good news is that you have to be an authorized user in order exploit these vulnerabilities. Security from the IBM i level to your firewall is more important than ever. While there has been no documented case of someone breaching IBM i security without a user ID and password, there are many ways to gain access to an IBM i partition if adequate security measures are not followed. Hardening IBM i isn’t just moving from QSECURITY level 30 to 40. A properly hardened system should include, but certainly not limited to, the following basic measures:

Password level security – Ensure your system can use up to 128 characters for a password. The default 10 character limit of QPWDLVL 0 is not good enough.

NetServer – Ensure that no guest account exists for IBM NetServer. This will allow anyone access to your IBM i partition file shares without a user ID and password. This, combined with sharing the root (/) of your IFS can be extremely dangerous. Furthermore, if you’re on 7.1 or older version of IBM i then you are using the SMB1 protocol for file sharing. SMB1 has been deemed insecure for many years now.

Encryption – If you communicate to and from your IBM i in plain text then the length of your password does matter. There is no excuse not to encrypt your IBM i communication for any service accessed over the network which passes user IDs, passwords or other confidential information.

PTF and operating system currency –Technology that has not been patched or updated runs the risk of being compromised. This is especially true if you use open technology such as Java, OpenSSL and Apache. Java 6 and Apache 2.2 went out of support two weeks ago…have you removed Java 6 yet? Have you upgraded to 7.2 to move to Apache 2.4?

The Spectre and Meltdown vulnerabilities are perhaps the biggest security problems in the history of modern computing, but if you’re not covering the basics you may have bigger and more pressing security problems to worry about.

iTech Solutions will be applying these PTF’s for all Managed Services and OS Subscription customers in their next PTF cycle.  If you need help with your PTF’s or OS upgrades please contact us.