Study: IBM System i hardware fails to secure companies


Among the most significant of those changes is the inclusion of support for services such as file transfer protocol (FTP), Open Database Connectivity (ODBC) and Java Database Connectivity (JDBC) that have allowed data on System i computers to be accessible to other computers on enterprise networks.

"In the initial days, the box was very proprietary, and people didn't worry about outsiders getting into the data within these systems," said Robin Tatam, senior System i security engineer at MSI Systems Integrators Inc. in Omaha. "Over the years, customers have screamed for more open access through FTP and ODBC, and IBM has delivered on these."

But that openness, coupled with an absence of proper controls, has also made the System i more vulnerable to compromises, he said.

For example, with previous generation "green-screen" AS/400 systems, it didn't much matter if most users had administrator-level access because they were limited in what they could do, Tatam said.

But that has changed with the support for services such as FTP and ODBC, which allow anyone with a profile on the system to access the database on a System i from a PC, he said. As a result, "it is very, very important that enterprises get a handle on the level of access that people have on these systems," Tatam said.