A popular topic these days is “Zero Trust”.   How IBM i Pen Testing intersects with zero trust is at the point of proof.

When you consider zero trust in the realm of IBM i, the first thing you think of is to implement a “deny by default” approach. Meaning that objects – especially database files – are created with *PUBLIC authority set to *EXCLUDE and only those users requiring access to the information are granted access. In addition, user profiles are configured with only the authority – especially special authorities – that are required to perform their job functions. So the question is this: How can you know this configuration is working? That’s where IBM i Pen Testing and Zero Trust meet.   With IBM i Pen Testing, you get proof to know whether the security configuration you’ve implemented is working as you intend – or whether this configuration needs improvement.

How does DXR Security’s Penetration Testing for the IBM i work?   We perform “gray box” pen testing. What that means is that we use information about the current configuration and user profiles that represent a cross-section of roles (end-users, operators and programmers, for example).  With this information, we’ll attempt to gain access to and perform tasks on your IBM i. Penetration Testing for IBM i is a great add-on to network penetration tests which identifies open ports and unsecure protocols. DXR Security takes penetration testing to the next level by attempting to run various tasks directly on the system. Once testing is complete, we’ll provide an easy-to-read report describing the results and provide specific recommendations for hardening security, should any vulnerabilities be identified.

Again, the greatest benefit from DXR Security’s Penetration Testing for IBM i is that it gives proof of whether or not your IBM i security configuration is working as expected. Use this proof as peace of mind or to develop actions to make changes. Contact DXR Security today to see how pen testing can give you proof your security is working. Or visit https://www.dxrsecurity.com/.

John Vanderwall is chairman and CEO of DXR Security LLC.  DXR Security has taken an innovative approach to IBMi Security by recognizing that IBMi security isn’t about a huge project, rather it’s about improvement one step at a time.  With that thought, Carol and John have leaned into the IBMi Penetration Testing business with the focus on providing actionable information to help IBMi customers improve at their own pace.  Prior to DXR Security, in 2002, he, together with his long-time business partner, Carol Woodbury, founded SkyView Partners, a security compliance software and consulting firm specializing in automating security compliance reporting and security administration. SkyView Partners supplied solutions and consulting to many Fortune 1000 companies and many small -to medium-sized businesses. In 2015, John and Carol sold the business to HelpSystems LLC (now Fortra).  He has spent over twenty years in executive management positions in the computer security arena. In his spare time, John has travelled the world teaching practical business principles to the poor in developing countries. His goal is to give people a “hand up” not a “hand out” resulting in sustainable economic development for these emerging nations. To learn more about DXR Security and its innovative approach to IBMi security, visit www.dxrsecurity.com.