While it’s true you can’t execute a virus on an IBM I, active viruses and malware can be stored inside the Integrated File System (IFS), which can infect your network. Ransomware can also rename and encrypt IFS stream files, which can lock you out of your IFS files and force you to pay a ransom to decrypt and open your stream files again.
The threat of viruses, malware, and ransomware attacks has caused regulations—including Sarbanes-Oxley (SOX), Payment Card Industry Data Security Standard (PCI DSS) and the Health Insurance Portability and Accountability Act (HIPAA)–to specifically require organizations to install anti-virus software as a key compliance requirement, providing more motivation for implementing an IBM i anti-virus protection plan.
The Five-Layer Approach to IBM i Anti-Virus Protection
The key to protecting your company from a virus, malware, or ransomware attack is to take a multi-layered approach to protecting your organizational data. Multiple layers of security help protect your IFS from virus infection. If a virus gets past one level of protection, it can be stopped or detected at another level.
Companies should consider this five-layer approach to protecting your IBM i from viruses and malware attacks and helping you comply with regulations.
• Layer #1: Protecting your User Desktops and Network Servers
• Layer #2: Installing an IBM i Anti-Virus Solution
• Layer #3: Scanning your IFS Regularly and Set Up Alerts
• Layer #4: Setting Up Regular IFS Backups and Plan for Disaster Recovery
• Layer #5: Creating Additional Safeguard for Anti-Virus Protection
Layer #1: Protecting your user desktops and network servers
The first step is to install anti-virus and anti-malware software on your user desktops and network servers to detect viruses at the network level, before they can get to your IBM i. Many people are familiar with standard PC anti-virus solutions such as AVG, Norton, MalwareBytes, McAfee, or Windows Defender. Most organizations use this layer of protection today.
Layer #2: Install an IBM i Anti-Virus Solution
PC solutions are no longer enough to protect an IBM i from viruses and malware. You need to have a second layer of defense, that protects your IFS specifically from files infected with viruses or malware. Only when you add this second layer can you truly start to protect your IFS data.
The second layer of protection is to acquire and install an IBM i-based anti-virus solution that catches any malicious files on the IFS. Many vendors, including SEA with its iSecurity Anti-Virus solution, offer IBM i-based anti-virus solutions that can scan, delete, and quarantine infected IFS files. Implementing an anti-virus solution specifically designed for protecting your IFS files from viruses provides you with an added layer of protection for your data, versus just catching viruses on user desktops attached to the network.
You can reduce vulnerabilities by scanning your IFS regularly and reviewing log files. IBM i anti-virus solutions can scan for viruses and malware in two ways. First, they can scan, quarantine, or delete infected IFS files as they are written or accessed. Second, they can also scan your IFS folders to look for viruses and malware on a regular basis. Not only will that help you protect your IBM i environment, they can also produce the log history needed to meet compliance and audit guidelines. Making having a second layer of protection a win-win.
Layer #3: Scan Your IFS Regularly and Set up Alerts
If an infected file is detected in the IFS, it’s vitally important to be alerted by email or text message. By the time the file gets to the IFS, it may have been floating around your network for an extended period already. Being immediately alerted to a potential threat allows you to mitigate your risk and preform any remediation tasks. Make sure your IBM i anti-virus solution has the capability to send out alerts when it detects virus- or malware-infected files.
Layer #4: Set Up Regular IFS Backups and Plan for Disaster Recovery
No one wants to have a data breach, but you still need to be prepared for one, which means you need to have a good backup/recovery strategy and disaster recovery (DR) plan in place. Without a backup/recovery strategy and a DR plan, trying to restore your environment could take longer than expected or worse, it might fail completely.
The first step is to ensure that you have a good backup of your IBM i data, including your IFS. Without a backup, you can’t recover. A good backup allows you to restore files and folders in case of infections.
Make sure that you’re backing up your IFS on at least a monthly basis. While you can’t execute a virus on the IBM I, your IFS folder files CAN be locked through ransomware. A typical ransomware attack on your IFS can encrypt and rename all your files. If you get hit with ransomware, you have two choices: you can either pay the ransom to unlock your files; or you can restore the files that have been locked. Having current regular backups of your IFS stream files will allow you to restore them instead of paying a ransom.
Not only do you need a good backup of your data, you also need a disaster recovery plan. Even better than having a plan, you should perform regular testing or your DR plan to insure you really can recover your IBM i environment. Testing gives you a chance to work out any kinks in the process, such as which products you need key codes for, ensuring that you can be confident during a real disaster.
Layer #5: Create Additional Safeguards for Anti-Virus Protection
In addition to implementing the first four layers of our layered approach for protecting IBM i data, there are several other safeguards you should consider putting in place you protect your IFS, including…
Keeping software up to date. Both the applications and the OS.
IBM provides PTF’s on a regular basis which often includes changes that improve the security of your IBM i (such as patches for Spectre and Meltdown). Software Vendors do the same. It’s important to keep software current to ensure you have the latest level of protection available for your data. Keeping PTF’s up to date is also a requirement for various regulations.
Frequently updating anti-virus signature files
Keeping your virus signatures current is critical. New virus and malware attacks are being developed all the time. Make sure any virus software you install—either on your user desktops or on your IBM i—frequently and automatically updates its virus signatures to protect your system from the latest attacks.
Securing your sensitive data through file monitoring
To ensure you protect your sensitive data or to comply with regulations, you can add another layer of protection around sensitive data. IBM i file monitoring solutions, such as SEA’s iSecurity AP Journal allows you to monitor changes to any sensitive IBM i data and have a complete record of who made the change, what they changed, and when they changed it. You can also be alerted in real time to potential data manipulation threats, further mitigating your risk.
Performing regular Audits
Reviewing your system on a regular basis to ensure that nothing is out of the ordinary is a great way to ensure that you are protected. Irregular audits can allow security issues to go unnoticed for extended periods, which is never a good thing.
Monitoring for exceptions
It’s so easy to miss a needle in a haystack, that’s why monitoring solutions are so important. Monitoring by exception means that you want to focus on the things that you don’t expect. Problems are quickly identified, and routine items are ignored, allowing you to be more productive.
Layered Anti-Virus Solutions
Taking a layered approach to your anti-virus and anti-malware IFS protection will help you to protect your sensitive data and meet audit requirements. To learn more about this topic, check out our recent webcast on how to safeguard your IBM i system from viruses and malware.