The Truth About Viruses on Power Systems - Powertech

All trademarks and registered trademarks are the property of their respective owners.© HelpSystems LLC. All rights reserved.
The Truth About Viruses
on Power Systems

HelpSystems Corporate Overview. All rights reserved.
Your Presenter
Robin Tatam, CBCA CISM
Director of Security Technologies
+1 952-563-2768
robin.tatam@powertech.com

• What Are the Threats?
• Why Should We Act?
• Power System and Windows Viruses – Is My System at Risk?
• Virus Prevention and Protection
• PC-Based Scanning vs. Native Scanning
• Some Additional Myths Debunked
• Next Steps
Objectives

UP NEXT...
What are The Threats?

• Computer viruses
• Worms
• Trojan Horses
• Spyware & Adware
• Rootkit
• Ransomware
• Malware
• More…
Types of Threats

• Unauthorized applications (infected web links etc.)
• Code hidden and buried inside a different object
• A program that is masquerading as something else (usually
something innocent)
Source of Threats

• FBI warns that ransomware and malware attacks are growing
exponentially.
• 30% increase in ransomware victims in Q1 2016 compared to Q4
2015 (reported by security vendor Kaspersky Lab)
• 61% increase in the number of unique malware families over the
first half of 2016 (Check Point Software Technologies’ June Threat Index)
• Nearly 1 million malware threats are released every day (CNN, 2015)
• Viruses like Locky and CryptoLocker are mutating (CNBC, June 2016)
The Threat is Growing

The Threat is Ever Evolving

Often, Because We Have No Choice
Why Do We Act?

Virus Protection and Regulatory Compliance
PCI DSS
Payment Card Industry Data Security Standard (PCI DSS)
Requirement 5
If you deal with payment card information, PCI DSS requires that all servers
in your network that are ‘in scope’ must have virus protection.

HIPAA
Health Insurance Portability and Accountability Act (HIPAA)
§ 164.306 Security Standards: General Rules
 Ensure the confidentiality, integrity, and availability of all electronic
protected health information the covered entity creates, receives,
maintains, or transmits.
 Protect against any reasonably anticipated threats or hazards to the
security or integrity of such information.
 Implement security measures sufficient to reduce risks and
vulnerabilities to a reasonable and appropriate level.

GLB Act
Gramm-Leach-Bliley Act
§ 501: Protection Of Nonpublic Personal Information
 To ensure the security and confidentiality of customer records and
information
 To protect against any anticipated threats or hazards to the security
or integrity of such records
 To protect against unauthorized access to or use of such records or
information which could result in substantial harm or inconvenience to
any customer

But We Should All Take Note
Why Do We Act?

• Not everyone has to deal with a formal compliance mandate
– Not publicly traded
– Don’t process credit card information
– No personally identifying information
• But virtually everyone uses computers to run line-of-business
applications and being infected with viruses can lead to:
– Disrupt service
– Corrupt data
– Infect other devices and servers
– Disclose credentials
Lest We Not Forget: “Best Practices”

• Infections can spread across the network
• Confidential files can be sent to third parties
• Costly downtime
• Loss of professional reputation
• Legal liability as a result of data breaches
• Loss of data
What if I Don’t Scan my Power System?

UP NEXT...
Power Systems and Windows Viruses
Is my system at risk?

Power Systems and Windows Viruses
How is my system at risk?
Myth: The majority of viruses exploit flaws in Microsoft Windows
where only a Windows-based PC can be harmed.
Fact: A virus doesn’t need to target a specific OS in order to wreak
havoc on your operations!
– An infected PC with connections to your Power Server can perform any
action for which that PC has authority.
 Files can be deleted
 Settings and objects can be modified
 Your server could be shut down!

Good
• Fact: Viruses cannot hide inside RPG and CL programs.
• Fact: Viruses cannot hide inside physical and logical files.
• Fact: IBM i cannot run .exe files [that may contain viruses].
Bad
• Fact: Viruses can hide inside Java and Unix stream files.
• Fact: IBM i can run Java and UNIX executables.
• Fact: A Virus can rename / delete / encrypt ‘native’ objects.
I was told IBM i was Immune?!

UP NEXT...
Virus Prevention and Protection

The following are all helpful security layers but cannot guarantee that
Power Servers will not become infected or operate as the “perfect
host”
• Mail scanning
• Virus scanning on PC clients and other servers
• Firewalls
• Ignoring the risk
Security Measures That Won’t Protect Your Power System

• Implement and enforce security policies.
• Shut down unused services.
• Avoid oversharing.
• Limit access to servers.
• Enable auditing.
• Monitor so you will know right away [timeliness is the key].
• Get good backups.
• Scan for viruses regularly.
Virus Protection For Your Power System

How to Implement Anti-Virus on IBM i
• Purchase and install an AV engine.
• Decide whether to perform real-time scanning, and scheduled scans.
• Integrate with IBM-supplied exit points [real-time].
• Configure QSCANFS and QSCANFSCTL system values.
• Configure job schedule entries for AV engine and signature updates.
• Review logs.
Done!

How to Implement Anti-Virus on AIX
• Purchase and install an AV engine.
• Schedule avupdate to retrieve daily signature updates.
• Schedule avscan to perform scan on desired directories.
• Scheduling on AIX can be done with cron tab, or a third party scheduler
such as HelpSystems’ popular SkyBot Scheduler software.
• Review logs.
Done!

• Update virus signature files often! (Daily updates from McAfee)
• Schedule weekly “full” scans of files and directories.
• Schedule daily scans if a directory contains sensitive files.
• Review logs for scan results.
Anti-virus Best Practices

UP NEXT...
PC-Based Scanning vs. Native Scanning
Why security experts recommend a native scanning solution

PC-based scanning
• Requires leaving a PC signed on
with full authority, compromising its
security and integrity
• The scanning PC can infect the
server with viruses
• The entire Power System is visible
to a virus or malicious code
Native virus scanning
• Doesn’t require an outside
connection with admin authority
• No data is transferred over the
network unencrypted
• Native solutions are not vulnerable
to virus infections or disablement
PC-based virus scanning creates security concerns

PC-based scanning
• Power systems use file structures
not found on Windows that can
cause non-native scans to fail
• Pop-up failure alerts require human
monitoring and intervention
throughout the scanning process
• Very manual effort
• All files can be scanned easily
• No additional hardware is required
• All detected threats will be removed
• Can run fully automated
PC-based scanning isn’t reliable

PC-based scanning
• There are a number of problems
with PC-based scanning solutions
that cause the scanning process to
stop.
– lost connections
– pop-up warning messages
– lost power
• Stability concerns simply aren’t an
issue when you use software that’s
running natively on your system.
Native virus scanning eliminates stability problems

PC-based scanning
• Can be incredibly slow and
increases network load dramatically
 Transfer data from Power System to PC
 Scan the data
 Transfer the data back to the Power System
• PC scanning resets the files’ “last
access time” after scanning so all
scanned files will be unnecessarily
saved and backups will take longer
as a result.
• Do not increase your network load,
allowing for more frequent and fast
scanning
• Native scanning programs know
how to treat files and mark them
properly
• Can be triggered to run only when a
scan is necessary.
 Upon alteration of an object
 On-demand
 Via job schedulers
Virus scanning from a PC creates performance problems

UP NEXT...
The Truth About Viruses on Power Systems
Myths vs. Facts

Myth: We don’t use IBM i’s Integrated File System (IFS).
Fact: Most modern applications and protocols use the IFS extensively.
Myth: The Power System cannot get a virus.
Fact: Viruses can hide inside PC and Unix files, and Java Executables.
Myth: Viruses can’t attack the system architecture.
Fact: Anything an administrator can do, a virus can do.
Myths vs. Facts

Myth: Our Power System isn’t connected to the internet.
Fact: The cable doesn’t have to be physically connected. The Power
System isn’t an island if it’s on the network.
Myth: Our firewall protects us from viruses.
Fact: There is no single solution on any platform that gives you 100%
protection, including firewalls.
Myth: I can scan the Power System with my PC virus scanner.
Fact: PC-based solutions can be used but they may miss files, require
a manual process, and open many security holes.
Myths vs. Facts

StandGuard Anti-Virus

• Decompress and scan compressed files
• Detects Macros and script viruses
• Detects encrypted and polymorphic viruses
• Detects new viruses in executable files
• Detects “Trojan horses,” worms, and other kinds of malicious software
• Upgrades easily for new anti-virus technology
Why McAfee Commercial Scan Engine

Native Virus Scanning for Power Systems
HelpSystems StandGuard Anti-Virus
 System values and exit points unlock native anti-virus scanning
capabilities within IBM i.
 StandGuard Anti-Virus is the only commercial-grade anti-virus
engine for IBM i and is powered by McAfee (a division of Intel)
ensuring ongoing virus signatures and scan engine updates.
 Discover the performance and integrity advantages of native
scanning versus remote scanning.
 Benefit from real-time protection, as well as scheduled and on
demand scans.
 Access virus removal and quarantine functions.
 Scan IBM i, AIX, Linux (x86) and Lotus Domino databases

Be Comprehensive

HelpSystems At-A-Glance

• Expansive Software Portfolio, including Anti-Virus for Power Servers.
• Comprehensive Professional Services.
• World-Class Security Experts:
– Robin Tatam, CISM
– Carol Woodbury, CRISC
• Member of PCI Security Standards Council.
• Authorized by NASBA to Issue CPE Credits for Security Education.
• Publisher of the Annual “State of IBM i Security” Report.
About HelpSystems’ Security Investment

The Truth About Viruses on Power Systems - Powertech

More Related Content

What's hot (20)

Similar to The Truth About Viruses on Power Systems - Powertech (20)

More from HelpSystems (20)

Recently uploaded (20)

The Truth About Viruses on Power Systems - Powertech