jueves, enero 18, 2007

Parche de seguridad en el ISeries

IMB publica y distribuye varios parches destinados a resolver un agujero de seguridad en el OS/400, en el i5/OS V5R3 y V5R3M5.
The problem, called the OS/400 Connection Reset Denial of Service Vulnerability, can be exploited by hackers to reset established TCP connections on iSeries and System i servers, according to security firm Secunia, which gave the vulnerability a "less critical" rating.
El ISeries (aka AS/400) raramente es afectado por problemas de seguridad, descontando aquellos que provienen de una configuración impropia: El ISeries maneja cinco niveles de seguridad, comenzando por los niveles diez y veinte, demasiado abiertos, y alcanzando el nivel 50, prácticamente inviolable.
Security vulnerabilities like this are a rare occurrence for OS/400, which is widely regarded to be one of the most--if not the most--secure operating systems in use. While it's not in any danger of becoming like every hackers' favorite target, Microsoft Windows, anytime soon, IBM OS/400 does occasionally make news with a vulnerability.
(...) OS/400 is not without its weaknesses--especially when it comes to implementing standards-based protocols that turn out to have security holes. But when properly configured, OS/400 is practically hacker proof. Its highly regimented access controls make it very difficult for a hacker who's unfamiliar with the system to break it, and its object oriented design make it highly resistant to conventional viruses. In fact, there has never been a documented virus afflicting OS/400 (although security researchers say it's not impossible to create one).

Unfortunately, while security is one of OS/400's strengths, many companies don't take the time to properly configure their server's security settings--either from lack of time and knowledge or a mistaken reliance on the box's security capabilities--leaving them open to problems down the road. For a sobering look at the slipshod approach to security at many OS/400 shops, check out our story on security software developer PowerTech's most recent state of OS/400 security report.

No hay comentarios.: