First of all I, should disclose I’m a HelpSystems software engineer.

Your reservations to scan from your windows AV is certainly understandable.
HelpSystems PT antivirus runs natively (strictly green screen). Fetches up to date Mcafee identified threats directly from a native app and will scan your IFS within a native environment.

Jay

On Jan 21, 2021, at 3:36 PM, Rob Berendt <rob@xxxxxxxxx> wrote:

You can declare a share as Read/Write or Read only
https://imgur.com/qHMBXly

If you click on Actions, Permissions, it gives you the Permissions on the underlying directory, not the share. This is probably where you shot yourself in the foot.
Actions, Properties is where you can change the share from Read/Write to Read only.


Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 7310 Innovation Blvd, Suite 104
Ft. Wayne, IN 46818
Ship to: 7310 Innovation Blvd, Dock 9C
Ft. Wayne, IN 46818
http://www.dekko.com


-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Gerald Magnuson
Sent: Thursday, January 21, 2021 2:10 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: Ransomware on Power

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.


I have been asked to scan my IFS with our windows/network based AV
product, but I am worried to even start NetServer (SAMBA) to perform the
scan (which takes all day to run).
two questions: one, with NetServer being off, what vulnerabilities do I
have? two, securing IFS directories seems difficult, I don't know how to
secure shares, versus securing actual IFS directories, as when I attempted
to secure the Root Share, I actually locked out all green screen apps and
users from IFS folders. is there a good cookbook to get Shares properly
secured?

On Wed, Jan 20, 2021 at 2:28 PM Rob Berendt <rob@xxxxxxxxx> wrote:

Internally we do use the same password for the same user across multiple
servers. Doing otherwise makes using shares beyond the ken of the average
user.

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 7310 Innovation Blvd, Suite 104
Ft. Wayne, IN 46818
Ship to: 7310 Innovation Blvd, Dock 9C
Ft. Wayne, IN 46818
http://www.dekko.com


-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of x y
Sent: Wednesday, January 20, 2021 3:16 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: Ransomware on Power

CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender and know
the content is safe.


...and do not use the same password across multiple servers. Don't make it
easy for the bad guys.

On Wed, Jan 20, 2021 at 10:02 AM Matt Olson via MIDRANGE-L <
midrange-l@xxxxxxxxxxxxxxxxxx> wrote:

For #5, I meant to say "Very few domain admins"

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
Matt Olson via MIDRANGE-L
Sent: Wednesday, January 20, 2021 11:57 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx

Cc: Matt Olson <Matt.Olson@xxxxxxxx>
Subject: RE: Ransomware on Power

Ransomware is going to be executed on a windows platform most likely. As
such you should have strong domain level controls throughout your entire
organization including, but not limited to:

1. AV on all client machines and servers
2. No VPN connections from non-company control machines (users should not
be able to VPN from their home malware infested PC's)
3. You should deploy AppLocker organization wide, which only allows
whitelisted .exe's to be executed. This single security measure make's it
almost unnecessary to run AV (but you should still run it).
4. No user should be local admins of their PC
5. You should have very many domain admin accounts
6. Install dual factor auth on all your servers (and PC's ideally), such
as Duo authentication

You do all those things, your attack vectors for ransomware are greatly
diminished. #2 - #4 are the single most important things you could do.

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
Ketzes, Larry
Sent: Tuesday, January 19, 2021 12:46 PM
To: midrange-l@xxxxxxxxxxxxxxxxxx
Subject: Ransomware on Power

Hello all,
I'd like to know what strategy folks are using for
ransomware on Power. I think IBM has a product available if you are
using
IBM storage. Any other alternatives people are using?

Thanks, Larry

Larry Ketzes | Director, Midrange Engineering | Foundational Engineering
|
MetLife

101 MetLife Way, Cary, NC 27513 | T. 919-907-5229 | M. 302-382-1316 |
lketzes@xxxxxxxxxxx<mailto:lketzes@xxxxxxxxxxx>


The information contained in this message may be CONFIDENTIAL and is for
the intended addressee only. Any unauthorized use, dissemination of the
information, or copying of this message is prohibited. If you are not
the
intended addressee, please notify the sender immediately and delete this
message.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To
subscribe,
unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link: https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link: https://amazon.midrange.com

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.