IBM i Security Services

Myths

dangerous “IBM i (formerly known as AS/400) systems are secure by default.”

dangerous “Unlike many other computer systems, IBM i is not susceptible to zero-day vulnerabilities.”

dangerous “No one can penetrate a server in the internal network of the corporation.”
Facts

verified The security testing of IBM i systems is quite often skipped, or done superficially.

verified Silent Signal has reported more than 10 critical vulnerabilities in IBM i during 2023.

verified Our continuously growing cutting-edge security feed identifies over 300 vulnerabilities in 3^rd party applications on IBM i.

Our IBM i security blog posts

2023.08.22	Technical Details of CVE-2023-30988 - IBM Facsimile Support Privilege Escalation
2023.07.03	Technical Details of CVE-2023-30990 - Unauthenticated RCE in IBM i DDM Service
2023.03.30	Booby Trapping IBM i
2023.01.20	Abusing Adopted Authority on IBM i
2022.09.28	Another Tale of IBM i (AS/400) Hacking
2022.09.05	Simple IBM i (AS/400) hacking

Publicly available IBM i vulnerabilities reported by us

CVE-2023-40375	Integrated application server for IBM i is vulnerable to a local privilege escalation
CVE-2023-30990	IBM i is vulnerable to an attacker executing CL commands due to an exploitation of DDM architecture
CVE-2023-30989	IBM Performance Tools for i is vulnerable to local privilege escalation
CVE-2023-30988	IBM Facsimile Support for i is vulnerable to local privilege escalation

Assessment and Remediation

		Penetration testing	iCompliant
star	Objective	identify and exploit vulnerabilities	assess and review the security configurations
bolt	Automation	manual testing and human-driven analysis	automated process using specialized tools
assistant_direction	Approach	simulate real-world attacks	comprehensive examination of the system
monitor_heart	Level of Intrusiveness	intrusive and aggressive testing	non-intrusive
manage_history	Frequency	periodically or before major system updates	regularly to maintain the security of systems
frame_inspect	Scope	focuses on specific targets or applications	covers the whole system
hourglass_bottom	Time and Resources	time-consuming and resource-intensive	quicker and requires fewer resources
contrast	Testing Methodology	mix of black-box, grey-box testing	white-box audit
summarize	Report	vulnerabilities, impact, remediation	vulnerabilities, impact, remediation
payments	Cost	more expensive due to the manual efforts and expertise	often more cost-effective
		Penetration testing details	iCompliant details

Education

IBM i training

Educate your security staff about IBM i, so they can better integrate your most critical assets in your security program

Deliver knowledge about the latest security best practices to your IBM i teams, so they can get the most of the security features of the platform

Our IBM i security trainings are the ultimate resource for proactively securing IBM i systems. Led by experienced instructors with extensive knowledge of IBM i penetration testing, security research, and industry best practices, our trainings are designed to help IT professionals of all levels stay ahead of the curve when it comes to securing critical systems and data.

Our trainings enable security professionals to get up to speed with IBM i and its security features. We introduce the platform through hands-on exercises, and show how exploits are connected to well-known attacker techniques, allowing quick adoption of defensive concepts.

Learn more about our IBM i security training...

Request a demo, consultation or webinar

Get in touch

Name:

Business e-mail:

Organization:

Phone number:

Notes:

I would like to request

a demo

a 20-minute consultation

access to the webinar

I have read and and agree to the privacy policy.