Saturday, May 7, 2011

You and i: SAP

You and i: SAP

02/25/2011

Happy Customers: Svendsen, SAP and IBM i


By Steve Will

A couple of weeks ago, I wrote about the newly published ITG study, which outlines the low total cost of ownership IBM i (twitter hashtag #ibmi) continues to provide. You can still find the executive overview of that study linked to the “Power of i” page.

Sometimes, though, examples speak louder than studies. Today I’ll use an example of one of our many happy customers: Svendsen.

Svendsen is a specialist distributor of DEUTZ engines, and also provides services for manufacturers such as Voith and Pleiger. Based in Stuttgart, Germany, the company focuses on southern Germany, and has subsidiaries in eastern Bavaria and Switzerland.

Svendsen employs around 30 people and is growing rapidly. This is the type of customer that benefits greatly from IBM i – they have a small staff, they want to run their business without worrying about running their system, and they want to do it efficiently.

Svendsen had been running an SAP Business One on Microsoft Windows. As they grew, they needed their system to grow with them. They decided to move to SAP’s Business All-in-One solution. Their IBM Business Partner, Kirbis, advised them to look at Power Systems and IBM i. I’ll let the customer speak:

“SAP Business All-in-One was almost an automatic choice for us – it is the obvious step-up from SAP Business One, and we were confident that Kirbis would do a good job on the implementation. For the same price as the proposed Intel architecture, we purchased a single, more powerful and scalable Power Systems server, with all the characteristic advantages of IBM i: legendary reliability, high resilience against viruses, and the built-in IBM DB2 database.” --Lutz Ilgner, CEO

Since the new IBM i implementation, Svendsen has been pleased with the performance of the solution, but is especially impressed with the reliability of IBM i on their Power System. The company has experienced no unscheduled downtime, and spends almost no time on the maintenance and administration of the hardware, operating system or DB2 database. Again, Mr. Ilgner:

“We need all our staff to be able to focus on our core business – we cannot afford their productivity to be hindered by the need to manage and maintain IT systems.”

What works in Germany works worldwide. Software solutions that do exactly what a business needs, running on a platform that doesn’t make the customer worry about multiple servers, security patches and reboots, but lets them focus on their own business. That’s IBM i.

Posted at 10:01 AM in DB2, IBM i, Power, SAP | Permalink | Comments (1) | TrackBack (0)

You and i

You and i

Sunday, April 10, 2011

Top Ten Most Commonly Used IBM i Passwords

What are your IBM i passwords?
Qsecofr? qsec0fr? qsys0pr? 11111111? 22222222? qibm? Or maybe ibmce?

Like most systems, the IBM i passwords tend to contain or be the user profile, or one of those passwords found in a list of commonly used passwords published regularly by many of the white hat organizations.

The Lab Services Security team often performs security assessments; in fact, it's our most requested security service. Invariably during these security assessments we find too many privileged profiles and default passwords.

Compounding the password problem is the misconception that because the i is considered to be one of the most secure operating systems in the industry, it's inherently secure without any need for administration. As a result, many IBM i customers have given little thought to passwords or password complexity unless forced upon by an auditor, at least until quite recently.

In a recent study, it was reported that 7 percent of the most commonly used passwords could be found in a dictionary of 100 words. The study found that the shortness and simplicity of passwords means many users select credentials that will make them susceptible to basic forms of cyber attacks known as "brute-force attacks." Nearly 50 percent of users used names, slang words, dictionary words or trivial passwords (consecutive digits, adjacent keyboard keys, etc.). Other studies have shown as many as 36 percent of the most commonly used passwords could be found in a list of 5,000 words. This means that a dictionary style, brute-force attack, could be effective in as much as 36 percent of password-cracking attempts.

The password policy capabilities for IBM i are strong as demonstrated below, never the less despite the proven security features on IBM i, a poor selection of a password can make it vulnerable to a brute-force attack

The following outlines the IBM i password policy capabilities for version 5 release 4:



•Minimum password length
•Maximum password length
•Restricting new passwords that are the same as old passwords
•Restricting use of consecutive digits
•Requiring a numeric character
•Limiting consecutive repeated alphanumeric characters
•Requiring different characters in the same position of a new password
The additional IBM i password policy capabilities for version 6.1 are:



•Specifying minimum and maximum number of special characters, alphabetic characters, or numeric characters
•Requiring mixed case
•Requiring or disallowing the first character or last character of a password from being a special character or numeric character or alphabetic character
•Disallowing profile name within the password
•Requiring three out of four password components: uppercase characters, lowercase characters, special characters, and numeric characters
Brute force is basically a term for a method of “forcing” combinations of passwords against an account login and is usually performed by a software program to automate the process. Sometimes these programs use a dictionary file of common words to guess the password, or they will literally try every combination of letters, numbers and characters possible. The possibility of guessing the password with a dictionary file is extremely high, especially when the attack is automated. Despite all of the warnings of security breaches, one out of five users still decides to leave the digital equivalent of a key under the doormat: they choose a simple, easily guessed password like “abc123,” “iloveyou” or even “password” to protect their identity.

Now, let’s answer the question: "Why do I need a Password Validation Tool? I thought the built in security features of IBM i already offered enough security and password support?"

At the request of members of the IBM i Large Users Group (LUG), IBM Systems Lab Services and Training developed the “Password Validation Tool” to further enhance the built-in security features of IBM i by preventing users from using passwords that aren't audit compliant. The intention is to assist users and security managers in tightening up the password security on their IBM i systems by preventing key user mistakes. Overall, this tool supports with security compliance and auditability, reduces administrative costs associated with password reviews, and provides greater flexibility in enforcing strict password policy statements.

Key features of the Password Validation Tool are:



•Validates upon entry that an employee's password meets company and industry recommended security rules and guidelines.
•Allows users to define restricted words from 3 to 128 characters and checks to insure the password does not contain predefined words.
•Allows the security administrator to establish and provide a dictionary of excluded terms, to further tighten up password security. This is an enhancement to IBM i built in security which does not specifically allow you to exclude certain terms that may be deemed offensive, or too risky.
•Allows for additional custom checks that are not covered by the password policy capabilities of IBM i as additional function can be tailored to a company’s password policy
This tool is an affordable addition to your system's security tools. For more information regarding this tool, please contact IBM Systems Lab Services and Training at stgls@us.ibm.com, or visit: ibm.com/systems/services/labservices

This blog article was compiled by Leonard Broich, Sharon Su, Terry Ford, and Vincent Hennessey, who all work for IBM Systems Lab Services and Training in Rochester, Minn. IBM Systems Lab Services and Training is composed of experts who develop and deploy solutions across IBM's systems family offerings. Services and offerings include in-depth product expertise, knowledge transfer and platform specific hardware and software solutions.

Tuesday, March 8, 2011

You and i: Happy Customers: Svendsen, SAP and IBM i

You and i: Happy Customers: Svendsen, SAP and IBM i

By Steve Will
A couple of weeks ago, I wrote about the newly published ITG study, which outlines the low total cost of ownership IBM i (twitter hashtag #ibmi) continues to provide. You can still find the executive overview of that study linked to the “Power of i” page.

Sometimes, though, examples speak louder than studies. Today I’ll use an example of one of our many happy customers: Svendsen.

Svendsen is a specialist distributor of DEUTZ engines, and also provides services for manufacturers such as Voith and Pleiger. Based in Stuttgart, Germany, the company focuses on southern Germany, and has subsidiaries in eastern Bavaria and Switzerland.

Svendsen employs around 30 people and is growing rapidly. This is the type of customer that benefits greatly from IBM i – they have a small staff, they want to run their business without worrying about running their system, and they want to do it efficiently.

Svendsen had been running an SAP Business One on Microsoft Windows. As they grew, they needed their system to grow with them. They decided to move to SAP’s Business All-in-One solution. Their IBM Business Partner, Kirbis, advised them to look at Power Systems and IBM i. I’ll let the customer speak:

“SAP Business All-in-One was almost an automatic choice for us – it is the obvious step-up from SAP Business One, and we were confident that Kirbis would do a good job on the implementation. For the same price as the proposed Intel architecture, we purchased a single, more powerful and scalable Power Systems server, with all the characteristic advantages of IBM i: legendary reliability, high resilience against viruses, and the built-in IBM DB2 database.” --Lutz Ilgner, CEO

Since the new IBM i implementation, Svendsen has been pleased with the performance of the solution, but is especially impressed with the reliability of IBM i on their Power System. The company has experienced no unscheduled downtime, and spends almost no time on the maintenance and administration of the hardware, operating system or DB2 database. Again, Mr. Ilgner:

“We need all our staff to be able to focus on our core business – we cannot afford their productivity to be hindered by the need to manage and maintain IT systems.”

What works in Germany works worldwide. Software solutions that do exactly what a business needs, running on a platform that doesn’t make the customer worry about multiple servers, security patches and reboots, but lets them focus on their own business. That’s IBM i.

Posted at 10:01 AM in DB2, IBM i, Power, SAP | Permalink