Course Outline ProTech Professional Technical Services, Inc.

IBM i (iSeries, AS/400) Security Audit and Vulnerability

Assessment Workshop

Course Summary

Description

This live four-day hands-on workshop provides a guided walk-through of a security audit and vulnerability
assessment performed on the IBM i (AS/400, iSeries). The workshop is designed for those that need to
know how to detect security weaknesses and perform vulnerability assessments on the popular IBM i
(iSeries, AS/400) platform.

Students will learn the assessment methodologies, techniques and the IBM supplied tools used by
leading security experts. The workshop will guide the student through the in-depth assessment process,
focusing on the student's own ability to properly assess security vulnerabilities, and understand the risks
associated with vulnerabilities.

Workshop student materials include the workshop student guide, assessment checklists and numerous
security assessment reference materials including the book "PowerTips for IBM i Security".

Topics

 System i Assessment Overview

 Assessing System Level Security
 Assessing Security of User Accounts
 Use of Adopted Authority
 Object Oriented Architecture
 Using the Security Toolkit for Reporting
 Work Management Security
 Evaluating Application Security
 Evaluating Network Security
 Using System Auditing Capabilities
 Using the IBM i Navigator for Windows

Audience

This course is designed for those that need to know how to detect security weaknesses and perform
vulnerability assessments on the popular IBM i (iSeries, AS/400) platform.

Prerequisites

Before taking this course, you should have basic knowledge of IT security concepts.

Duration

Four days

Due to the nature of this material, this document refers to numerous hardware and software products by their trade names. References to other companies and their products are for
informational purposes only, and all trademarks are the properties of their respective companies. It is not the intent of ProTech Professional Technical Services, Inc. to use any of these
names generically
Course Outline ProTech Professional Technical Services, Inc.

IBM i (iSeries, AS/400) Security Audit and Vulnerability

Assessment Workshop
Course Outline
I. System i Assessment Overview VI. Using the Security Toolkit for Reporting
A. The Assessment Process Overview A. Using SECTOOLS/SECBATCH Menus
B. Auditor User Account Requirements B. Security Jobs in the IBM Job Scheduler
C. Generating and Accessing Reports
D. Importing reports into Excel and Word VII. Work Management Security
A. Examine Sign-on Screen Vulnerabilities
II. Assessing System Level Security B. Checking for Library List Vulnerabilities
A. Evaluating Security System Values C. Checking for Trojan Horse Programs
B. Other Important System Values to D. Checking Job Description Vulnerabilities
Inspect
C. Review SST Access, SST Users/PWD VIII. Evaluating Application Security
D. Review QSECOFR Account Access A. Review Vendor Supplied Security
E. Review 3rd Party Tool Software Schemes
B. Examine and Understand Database
III. Assessing Security of User Accounts Security
A. Extract and Reporting on Account C. Examining the use of Database
Information Journaling
B. Understanding User Profile Properties D. Examining Program Security
C. Password Rules and Restrictions E. Security for Other Application Objects
D. Identifying Dormant User Accounts F. Security of Sensitive Reports
E. Special Authority Assignment G. Checking the Status of System Backups
F. Limited Capabilities Usage
G. Usage of Group Profiles IX. Evaluating Network Security
H. Examine possibility of User Profile A. DSPNETA to review IBM i Access
Hijacking Security
I. Examine User Initial Programs B. TCP/IP and Host Server Security
J. Common mistakes in User Profiles 1. TELNET, FTP, ODBC, RMTCMD
C. Hidden Security Options of
IV. Use of Adopted Authority WRKFCNUSG
A. Understanding Adopted Authority D. Review NetServer Shares and the IFS
B. Finding Adopting Back-Door Programs E. Determining Network Servers in use
F. Evaluating the Exit Point Registry
V. Object Oriented Architecture G. Reviewing DDM Security
A. Identify In-Scope Libraries and
Directories X. Using System Auditing Capabilities
B. Evaluate Library and Object Authorities A. The Security Audit Journal - QAUDJRN
C. Evaluate IFS Directory Authorities B. Auditing Access to Sensitive Files
D. Review Object Ownership C. Auditing User Activity
E. Understanding Private Authorities D. Auditing the use of Sensitive
F. Understanding *PUBLIC Authority Commands
G. Examine the Use of Authorization Lists E. Auditing Security Related Events
H. Common Authorization List Errors F. Reporting from QAUDJRN

XI. Using the IBM i Navigator for Windows

Due to the nature of this material, this document refers to numerous hardware and software products by their trade names. References to other companies and their products are for
informational purposes only, and all trademarks are the properties of their respective companies. It is not the intent of ProTech Professional Technical Services, Inc. to use any of these
names generically