Defending a system against viruses involves the prevention, detection, and avoidance of attacks.

Editor's note: This article introduces the white paper "Virus Got You Down?" available free from the MC White Paper Center.

I really should be asking, "Does a virus have your server down?" Perhaps it's the latest worm, Trojan horse, buffer overflow, or denial of service attack that's got you or one of your servers down. While one of these bugs may be affecting one or more of your servers in your enterprise, it is highly unlikely that the server affected is a Power server running IBM i. IBM i may be running your core business applications or it may be hosting your website or running Domino. Whatever its function within your enterprise, IBM i has remained unaffected by virus and malware attacks. Why is that?

Viruses and other ailments spread by infecting a host that is vulnerable. Let's take a look at how IBM i and the applications running on it can remain unscathed by the viruses and malware that are so prevalent today. Let me first define each "ailment" and then describe the defenses and protection mechanisms provided by IBM i to ward off the attack.

Definitions

Malware \'mal?we(?)r\ n. Software that is intended to damage or disable computers and computer systems.

Malware is a generic term used to describe the software that launches various attacks, including the ones described here.

Virus \'vI-r&s\ n. A computer program usually hidden within another seemingly innocuous program that produces copies of itself and inserts them into other programs and usually performs a malicious action (such as destroying data).

A virus is usually spread by tricking unsuspecting users into installing and running an infected program on their system. One method is to use an infected email attachment. Another method is to include a link to a website that downloads a "payload" of code that could do anything from log keystrokes to totally take over the computer. Other links lead to a site where the user is asked to enter personal information before sending them to the real site. Some operating systems make it very easy for an external attacker to cause programs to run on your system. Therefore, if the virus writers can get you to save the attachment or go to a link that downloads code directly to your system, they can use any number of mechanisms to cause that program to run.

Worm \ 'w&rm\ n. A self-replicating virus that does not alter files but resides in active memory and duplicates itself. Worms use parts of an operating system that are automatic and usually invisible to the user. It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks.

A worm is typically spread by gaining access to your system externally through a vulnerable interface and installing itself in memory. The worm then attempts to use your system to access the same vulnerable interface on other systems.

Trojan horse \ 'trO-j&n 'hors\ n. A seemingly useful computer program that contains concealed instructions that, when activated, perform an illicit or malicious action (such as destroying data files).

A Trojan horse attack is often used to help spread viruses. Some use this term interchangeably with virus.

Buffer overflow \ 'b&-f&r "O-v&r-'flO\ n. The condition that occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold.

A buffer overflow is used by attackers to gain "root" control of your system. Root control means the program has ultimate authority to do anything. For those familiar with IBM i, root control is equivalent to being signed on as QSECOFR. The attack relies on a common programming flaw found in many programs.

This attack is particularly onerous because an attacker can randomly choose any vulnerable machine on a network and attempt to gain access to the system. Attackers don't have to spend a lot of time and energy trying to get you to install Trojan horses or dupe you into changing the configuration of an infected machine. They just look for addresses on the Internet and try the attack. If it works, great! If not, they try the next address.

Denial of Service Attack \ di-'nI(-&)l &v 's&r-v&s &-'tak\ n. An incident in which a user or organization is deprived of the services of a resource they would normally expect to have.

A denial of service (DoS) attack can take many forms, but the objective is the same: to prevent you or your customers from using your IT resources to conduct business. This is a particularly difficult attack to defend against.

Dangerous Combos

In the past, each of the "ailments" or attacks described above was often thought of individually; however, attackers have become more sophisticated. They now use combinations of all of these attacks to wreak their havoc. The term "virus" as commonly used by the general public means any malicious attack that uses one or more of these techniques. For simplicity, we'll use the term "virus" in this way as well.

What Makes IBM i Different?

Companies are spending more and more on malware and virus prevention, yet they continue to permeate the corporate network. Viruses and malware can be very destructive, erasing data or gleaning access to private data stored on the computer. What is the risk of IBM i being infected with common viruses or malware? Highly unlikely. Why? The answer lies in the IBM i architecture, integrated security management, and overall development process.

Defending a system against viruses involves the prevention, detection, and avoidance of attacks. It is necessary not only to defend the front door, but also to protect the back door. IBM i protects your backside, while you exploit the rich, full-function, integrated security management features to help detect and avoid attacks that may be trying to waltz in the front door.

Want to Know More?

Download the free white paper "Virus Got You Down?" from the MC White Paper Center.

 

Carol Woodbury is IBM i Security SME and Senior Advisor to Kisco Systems, a firm focused on providing IBM i security solutions. Carol has over 30 years’ experience with IBM i security, starting her career as Security Team Leader and Chief Engineering Manager for iSeries Security at IBM in Rochester, MN. Since leaving IBM, she has co-founded two companies: SkyView Partners and DXR Security. Her practical experience and her intimate knowledge of the system combine for a unique viewpoint and experience level that cannot be matched.

Carol is known worldwide as an author and award-winning speaker on security technology, specializing in IBM i security topics. She has written seven books on IBM i security, including her two current books, IBM i Security Administration and Compliance, 3^rd Edition and Mastering IBM i Security, A Modern, Step-by-Step Approach. Carol has been named an IBM Champion since 2018 and holds her CISSP and CRISC security certifications.

---

MC Press books written by Carol Woodbury available now on the MC Press Bookstore.

		IBM i Security Administration and Compliance: Third Edition Don't miss the newest edition by the industry’s #1 IBM i security expert. List Price $71.95 Now On Sale
		Mastering IBM i Security Get the must-have guide by the industry’s #1 security authority. List Price $49.95 Now On Sale