Key Business Challenges

Today, security landscape have been completely changed as an outcome of Covid-19 pandemic and “Working from Home” was never been targeted as a business norm.  Current disruption forced banking and financial services organizations to come up with a strategy to implement necessary safeguards to prevent against threats and in this regards most organizations have implemented safeguards by themselves and with the help of their vendors. One of the major gap that industry have faced is the hardening of an AIX operating system which is always one grey area that remains found missing in many enterprises today. 

Organizations core objective is to strive against all kind of possible threats and are taking strong measures in building security policies for their installed AIX systems and are giving highest priority in educating their resources in the space of AIX systems security.

Considering IBM AIX OS security resource skills gap, challenges and recent wave of cyber security attacks, we are pleased to offer our vendor independent assessment services “AIX Systems Security Hardening Services for IBM Power Server”. We will be studying essential components of AIX securities helping customers to accordingly tailor/develop their data protection strategy based on IBM AIX best practices to secure their crown jewels. 

As a part industry standard best practices, it is recommended engaging 3rd party experienced technology professionals and taking their perspective on clients AIX installed base by performing a vendor neutral Gap Analysis of their Operating System Security running mission critical 24x7 application and database servers rather depending upon their security vendors that most of the times ending up with buying more products and expensive services to fill the gaps. 

Our services is based on deep dive study of clients installed system and is consisting of more than 250 plus questions based on IBM AIX best practices.

Enterprises today are taking an outsiders perspective that can bring unexpected value to your organization.

Services: Some of the highlights:

  • Studying 10 critical steps to security compliance.
  • Analysis of system wide security configuration files.
  • Study system-wide critical logs.
  • Identifying operating system gaps.
  • Users and systems related securities.
  • Deep dive study of TCP/IP configurations files.
  • Cron related security issues.
  • System recovery procedures based on AIX best practices.
  • Common Vulnerabilities Enumeration, & much more. 
This service shall study host based security highlighting the importance of AIX security features including TE & TCB setup, EFS implementation, system wide file permissions, RBAC, system authentication database including user’s profiles and Login Controls. Identify a list of unnecessary installed file sets that are considered as a threat to overall security and a deep dive TCP/IP study.

We do not use any script or third party tools to run the workshop and shall use AIX installed OS tools and low level debugging commands only. 

At the end of this service, we will present both high-level and detailed assessment report with recommendations and suggestions that will help our clients to fill the gaps themselves and by taking assistance of their vendors.
Interested in Enterprise Professional Services Download the Services Brochure

Securing your environment model presents a challenge. Successful companies recognize that their security infrastructures need to address the business challenge. 

Most of them are not aware of the types of attacks that malevolent entities can launch against their servers and can plan appropriate defenses both internally and externally.

Service Code: WS303

TLC has successfully completed "AIX Systems Security Hardening Services for IBM Power Server" service for English Biscuit Manufacturers (Pvt) Limited at their head office in Karachi. 

The key objective of this five day client on-site service was to study AIX operating system security gaps on IBM Power 8 server running mission critical applications under SAP environment so that overall system-wide security can be improved by implementing TLC findings by appropriately taking recommended protective measures that shall help EBM in reducing the risks attached to their installation.

EBM is one of the few clients who strongly believes in involving 3rd party experienced consultants for this services rather depending upon vendor and ending up into buying additional hardware and expensive services as a part of their gap analysis services.

Client Feedback: We are an IBM customer running IBM AIX 7.1 on Power 8 System since 2015. From a security audit point of view we shortlisted TLC Pakistan based on their expertise on the subject especially with Adnan Ikram being one of the well-known IBM AIX experts in Pakistan. 

The 5 day workshop exercise conducted by him was very exhaustive and touched all the critical points in details. The surprise comes in after the actual workshop in the form of a detailed and comprehensive audit & action report that was done very professionally. Each area was explained, risks identified and the counter measures also given in details. The workshop helped us identify some critical shortfalls that were addressed immediately with ease. 

For any organization opting the AIX platform, I strongly recommend to have this service conducted as it gives a lot of insight especially on the best practices & security risks for AIX running on Power Servers (should server equally good for Linux as well) as usually these are the areas often overlooked during the implementation phase due to shortage of time or resources. 

Wishing TLC all the best and looking forward to engaging them on similar fronts. 

Zaid Umer Farooqui
Head of Information Technology