IBMi-Security

The New IBM i 7.5 Security and Auditing Features

Three years later and we finally have a new version of the premium operating system from IBM. Big Blue introduced the arrival of IBMi 7.5 earlier this May and continued to disclose upgrades to the system last month.

There are a lot i 7.4 users can expect with this new addition to the IBMi series, from updated auditing features to security.

Wondering what IBMi 7.5 means for your business? We have your answers below.

Improved System Security (QSECURITY)

With the i 7.5, users can expect two major security changes: first, system security level 20 is no longer available. What this means is that, with the new i 7.5, IBM has eliminated QSECURITY level 20.

Systems that were already set to level 20 will remain at this level. However, System Security levels that were set to other values can no longer be changed to 20. Even if the value was set on the save for that particular system. If it wasn’t already at level 20 at the time of an update or installation, it won’t be possible to set it to this level.

For the second change, IBMi 7.5 users will also see restrictions on sign-ons. Users who don’t possess a valid profile and have their system security set at 10 will not be able to sign on.

The End of System Service Tools/Dedicated Service Tools (SST/DST) Profiles

Yet another feature users will have to do without on the IBMi 7.5 are the common System Service Tools/Dedicated Service Tools profiles. But not entirely.

The new version in the iSeries is only eliminating the eight-digit profiles and replacing them with the newly supported QSCOEN and QSRV SST/DST profiles.

Better Encryption for User Passwords and SST/DST Passwords

Users can expect to see better encryption when it comes to setting passwords on i 7.5. Where the system used to end with a system password level 3, the system has added a QPWDLVL level 4.

And for every level, passwords are not stored on the OS. This step proves IBM’s commitment to the safety of its users by restricting the access and retrieval of users’ passwords.

Due to the different QPWDLVL levels available, password encryption on i 7.5 is different at every level. For example, at QPWDLVL level 0 or 1, the password is only used as a key for string encryption using the DES algorithm. While at level 2 or 3, the encryption is carried out using a cryptographic hash algorithm, SHA-1.

And for the new QPWDLVL level 4, the system relies on Password-Based Key Derivation Function 2.

When the user signs in, the system will compare encryption results, thus ensuring that users’ passwords remain inaccessible to anyone besides the users.

For the SST/DST passwords, IBM has a specialized set of rules used to ensure the safety of the profiles. These are three sets of rules that interact with the QPWDLVL levels according to their encryption language.

Stronger NetServer Server and File Share Security

IBMi 7.5 adds another layer to its security features with NetServer security. This new layer allows administrators to restrict access to files.

The new version goes further by adding hardware and software upgrades to the Integrated File System. Some new features include resilient file sharing.

With these new changes also come the exit points. These points are the Integrated File System Open Exit Program (QIBM_QPOL_OBJ_OPEN) and the Integrated File System Close Exit Program (QIBM_QPOL_OBJ_CLOSE).

You can find these points in both the system and basic ASP. But not in the independent ASP.

Changes to the *PUBLIC rights Settings

Yet another anticipated new feature is the change in the *Public authority. Files with the authority *CHANGE or the authority *ALL will be changed to *USE. This change applies to several files, including those in the QSYS29xx or as it is also known, the secondary language library.

New Journal Entry Table Functions and Graphical Views for Auditing Features

Navigation on i 7.5 leaps beyond what we saw with the earlier versions of the IBMi. One such example is what we see in the Audit Journal function.

Users can now enjoy graphical presentations of their Audit Journal.

Entry tables are also included in the SYSTOOLS to give users enhanced auditing automation.

i 7.5 Navigator Access Changed to DENIED

With i 7.5’s new and more stringent security features, users will experience even more restrictions. Navigator access has also been changed to *DENIED, meaning the QIBM_NAV_ALL_FUNCTION has moved from *ALLOWED to *DENIED. This leaves the power to grant users access in the hands of administrators.

IBMi Job Scheduler Updates

IBMi Job Scheduler has gotten better with the 7.5 version. This new update allows users to pick times when they want the Scheduler to submit or even hold back jobs. All these functions are backed by two commands: the Hold Job Schedule Entry (HLDJOBSCDE) and Release Job Schedule Entry (RLSJOBSCDE).

ZLIB Algorithm for Data Compression

In comes better data compression thanks to the ZLIB algorithm. IBM also announced that with the new system comes better and faster compressions.
In i 7.5, ZLIB will operate on the Nest Accelerator (NX) GZIP on the IBM Power10 microprocessor. The algorithm is also useful for a range of activities on the OS, such as the save command and Geographic Mirroring Synchronization.

Is IBMi 7.5 a Good Investment?

IBM iSeries is a force of nature. And we are not just talking about its unparalleled security features. But also its auditing features.

Carrying off from its predecessor, i 7.5 promises easier integrations and supports an impressive 240 processors in Lab Services. It is simply a must for any business.

At Programmers.io, we help businesses reach their full potential through our robust team of industry experts.

Hire IBMi Developers for your business.