Start: ##:##

Attendees: ##, # first time

Sponsor: Dell

Location: Improving, Independence, OH

Officers in attendance

• Rob Netgen
• Chris Hartley
• Troy Sheley
• Ted Kozenko

Information Security Summit Announcement

• Call for volunteers
• Announcement of registration

Job openings

• .

Security Friends

• Student Loans
• Hacker News - ransomware customized to target
• Intelex offers exploits for iOS and Android for $8MM
• NH lottery website cyber attack
• LockBit ransomware v3.0 tripe extortion level
• Portugal airline prevent cyberattack
• LastPass hacked
• Russia malware hijacks ADFS to login
• Lloyds of London will stop covering nations state attacks from ransomware policies
• Okta hackers behind Twilio and Cloudflare
• South Staffordshire Water announce cyber-attack, Clop misidentified
• MS cannot stop scammers
• Palto Alto bug
• FBI & CISA warns about Zeppelin million dollar demands
• Anonymous poop gifting site hacked
• Cisco confirms network breach
• 124 stories in August.

Topic 1: Rob Netgan - IBMi Cybersecurity

• Redheaded stepchild of cybersecurity
• Why - incredibly securable, but often not secured
• Security pros don’t' know it
• IBM'ers don't know security
• Previously known as AS/400, introduced in 2008
• Used by many firms
• Runs business critical apps, bug DB, core to biz, ERP,
• Often run by 1 person / small team
• Often not pen tested or SIEM'ed
• Need to consider IBMi in supply chain assessment
• Can get IBMi in the cloud
• Weaknesses
• Network drive mapped to root
• One person departments
• Old hardware and no support
• Password limitations
• Unencrypted network connections
• Old firewall systems
• Recommendations
• Have IBMi and InfoSec talk
• Demand IBMi savvy vendors when using IBMi
• Demand security from IBMi vendors
• Password level 3, upgraded from level 1
• Maintain security, not once and done
• Implement CIS controls
• Implement exit-point based security app
• Don't share IFS root
• Lock down all objects and users

End 19:41