A popular topic these days is “Zero Trust”. How IBM i Pen Testing intersects with zero trust is at the point of proof.
When you consider zero trust in the realm of IBM i, the first thing you think of is to implement a “deny by default” approach. Meaning that objects – especially database files – are created with *PUBLIC authority set to *EXCLUDE and only those users requiring access to the information are granted access. In addition, user profiles are configured with only the authority – especially special authorities – that are required to perform their job functions. So the question is this: How can you know this configuration is working? That’s where IBM i Pen Testing and Zero Trust meet. With IBM i Pen Testing, you get proof to know whether the security configuration you’ve implemented is working as you intend – or whether this configuration needs improvement.
How does DXR Security’s Penetration Testing for the IBM i work? We perform “gray box” pen testing. What that means is that we use information about the current configuration and user profiles that represent a cross-section of roles (end-users, operators and programmers, for example). With this information, we’ll attempt to gain access to and perform tasks on your IBM i. Penetration Testing for IBM i is a great add-on to network penetration tests which identifies open ports and unsecure protocols. DXR Security takes penetration testing to the next level by attempting to run various tasks directly on the system. Once testing is complete, we’ll provide an easy-to-read report describing the results and provide specific recommendations for hardening security, should any vulnerabilities be identified.
Again, the greatest benefit from DXR Security’s Penetration Testing for IBM i is that it gives proof of whether or not your IBM i security configuration is working as expected. Use this proof as peace of mind or to develop actions to make changes. Contact DXR Security today to see how pen testing can give you proof your security is working. Or visit https://www.dxrsecurity.com/.
LATEST COMMENTS
MC Press Online