I've had two customers in the last year that got clobbered by ransomware.
One did not have any damage to the IBM i. No shares to anything IBM system
related. (Include in that list /qibm/proddata. There are a couple of
others)
One had considerable damage to the IBM i. Generic log on and shares to
root, and other places that users have no business getting to.
You guess which event was cheaper to clean up.......
--
Jim Oberholtzer
Agile Technology Architects
-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Rob
Berendt
Sent: Monday, April 27, 2020 6:28 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: RE: QSYS.LIB under IFS root
Do not modify the settings on QSYS.LIB
Immediately eliminate the share on the root. Just do it. To create a share
on the root directory here will be accepted as your letter of resignation.
There may be some disruption as people now have to create shares specific to
their needs but a share on the root should have never have been done in the
first place. I would hope that you would fail an audit, if not your
auditors are not worth spit.
A nice initial generic share could be on the /home directory. Most users
should have their home directory set to something like this
User profile . . . . . . . . . . . . . . . : ROB
Home directory . . . . . . . . . . . . . . : /home/ROB
I could go on and on but it all boils down to you just need to stop the
share on root without any delay. NOW!!!!!!
There has been a recent case on this list from someone who got hit with
ransomeware and it attacked their IBM i because they had a share on the root
directory.
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail
to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Gad
Miron
Sent: Monday, April 27, 2020 6:20 AM
To: midrange-l@xxxxxxxxxxxxxxxxxx
Subject: QSYS.LIB under IFS root
CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender and know the
content is safe.
Hello all
The root share in the IFS (as seen in iNavigator) is Read/Write and for
security reasons I would like to prevent users of the the IFS from accessing
QSYS.LIB looking at permissions of QSYS.LIB I see that "Public" has a "Use"
access.
Can I just simlpy revoke it ?
Will the be complications/repercussions/problems ?
TIA
Gad
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit:
https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate link:
https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit:
https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate link:
https://amazon.midrange.com
midrange.com
