Share this post:
Multiple security advisories in the recent past have shown how tirelessly security researchers work to identify and address vulnerabilities. With the extensive reach of the Internet, the digital space has become a hacker’s world.
Keeping your IT environment protected is an important part of any enterprise IT strategy. Having a vulnerability doesn’t necessarily mean something is compromised. However, it’s important (1) to ensure vulnerabilities are addressed immediately, and a safe and secure environment is provided for business, and (2) to enable comprehensive security layers within the data center so that a breach is prevented or, in the worst case, detected and eliminated immediately.
The old adage “Prevention is better than cure” applies to IT security as much as anything else today. So how do you make sure your business is secure enough?
Preventing IT security risks
IT security has multiple components. From simple things like subscribing to security alerts to complex things like engaging legal hackers to test your environment, there are many ways to proactively secure an IT environment. Server security is a crucial aspect of this. How can you prevent unauthorized access into your application and data environments?
A few years ago, clients weren’t very interested in security audits, but with a quick compliance check we could show them their vulnerabilities and make a strong case for taking better security hardening measures.
For example, during one migration project for a client we ran AIXpert (a bundled tool on the IBM AIX operating system for security compliance and hardening) and found a few vulnerabilities, including weak passwords, passwords that wouldn’t expire, users that had super user access and so forth. The organization’s head of IT was impressed at the efficiency of the tool, gave us a go-ahead to start a hardening project and provided a list of compliance rules that are important for their business. The resulting assessment and hardening activity ensured a secure and compliant environment.
We’ve come a long way in recent years, and today many clients request regular security checks. In IBM Power Systems, the focus on security is very high, and we take it seriously. IBM PowerSC was created a couple of years ago and has rich set of security features that provide security at various levels on IBM Power Systems.
How can IBM PowerSC help?
One important feature of PowerSC is that it provides ready-made hardening profiles based on security standards like PCI-DSS, HIPAA, SOX-COBIT and so forth. Complying with these standards is a mandatory requirement for most organizations, and system administrators often struggle to keep their systems compliant as these standards can be complex to understand. PowerSC security profiles prove to be handy since a system administrator can quickly deploy them to achieve the desire hardening. The profiles can be deployed as is or customized based on organizational needs. Hardening is not a one-time activity because systems may get out of compliance either accidentally or maliciously. PowerSC helps administrators to not only harden their systems, but also continuously monitor them and generate real-time alerts if the system goes out of compliance. Administrators will have peace of mind since they know they’ll get an immediate alert the moment there’s a compliance violation.
PowerSC also provides an automated patch management feature. Administrators no longer need to worry about questions like, is there is a new vulnerability announced? Does it affect my systems? How do I download the fix? How to patch? All this is automated by PowerSC. PowerSC automatically downloads patches, sends notifications to administrators, and if desired automatically patches the affected systems. Administrators can happily focus on other critical activities and leave the patch management task to PowerSC.
PowerSC has many other advanced security features, such as:
- Centralized log management
- Tracking changes to sensitive files
- Implementing firewall rules
- Detecting malware and rootkit attacks
Finally, PowerSC provides a user-friendly interface (GUI) to help you manage its features so you don’t have to learn new commands in order to implement security. The interface provides dashboard-style reporting, which helps administrators get a view of the security configuration of an entire data center in a few minutes.
IBM Systems Lab Services helps conduct security audits on IBM Power Systems and assists in implementing the features discussed here. If you’re interested, please reach out to us.