Bart Kulach has a pdf from this year’s Defcon23 “Hack the Legacy! IBMi (aka AS/400) revealed”
He recommends to check the website he set up http://www.hackthelegacy.org/
The items he has focused on are the privilege escalation issue in this slide:
There are some good suggestions for a standard audit of your AD
Check your group profiles, what groups are your admin accounts under?
Monitoring profile handles is good as well as object and data authorities (AS/400)
Checking access levels is good – check them as part of your external and internal audits.
The whole key with escalation attacks is to gain access to your admin accounts.
Bart Kulach claims here that the IBM API output has finally been revealed by him. Which means that hackers can now easily attack your AS400 password files.
There are still many more Defcon 23 talks to review… each one sometimes gives 1 or 2 good security suggestions.
As mentioned – in this one I like
1. Check your admin account group inclusions, as well as user accounts that have admin level group capabilities.
2. Remember even privilege escalation vulnerabilities have a goal – to take your password file and to escalate to admin account. (typical escalation vulnerabilities are less important)
contact us for more