« AIX Hardening 101 | Main | Implementing LDAP on AIX Offers a Few Surprises »

April 09, 2013


I share your concerns around sudo.
The problem is that I AIX RBAC is currently not capable of replacing it (what would make sense from my point of view). So we are left with commercial products that are not AIX native (IBM withdraw TAMOS from market).
I'm afraid that AIX security is not receiving as much attention as it deserves or I would expect.
Interesting times ahead of us...

Actually, a lot is being done, but is not being talked about enough - imho.

Informally, that is, without my IBM hat on I am very willing, actually eager, to discuss questions and/or work on howto's via a forum i support ( Much easier to reply than via the blog. However, if and where is your choice.

Thanks for your feedback!

Security should start before you even install the OS (regardless of platform, flavour, etc.).
Before you can understand the security you require you need to create a data map showing how and where your data enters the system, how it is processed and stored, and how it leaves (including archives and backups). Next you should start to think about its value/sensitivity, etc, and from that decide on a plan of action.

Hi Andrew. Thanks for your comment!

I agree completely. IT Security needs to be policy driven. And so an audit of a system is an audit of the policy and how that policy is implemented on systems (i.e., mechanisms are platform dependent while services and goals are not); how well recognized risks are being met and additionally (I hate to say finally when it comes to security - "final" does not really exist for security) - "unknown"/not-addressed risks.
Platform audits also exist - but more as what I would call a risk analysis - rather than "IT Security Audit".
And, just to make sure their is no confusion here: the article is meant to be about the added risk and/or exposure when an organization does not have a policy-driven update policy as well as mechanisms in place to verify adherence to update policy.

The comments to this entry are closed.