Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

The IBM AS/400: A Technical Introduction

Leave a comment Posted by on August 14, 2009

Information on the talk (no slides available yet) can be found on the HAR2009 WIKI. The information given in the presentation gave a good overview of the AS/400 platform and history of the product. If you have the chance, please take a look at the slides.

Speaker Update: Slides and the full paper will be uploaded within the next few hours.

AS/400 celebrated it’s 20th Anniversary in 2008.

Although it is thought of as an old system, it’s younger than mainframe, and Unix.

AS/400 is (extremely) closed source. Even within IBM, access to the source-code is restricted.

The product line has been renamed many times.

  • AS/400
  • AS/400e
  • eServer iSeries
  • e iSeries
  • e i5 (i5/OS)
  • System i5
  • System i
  • POWER systems range

Newer versions of the OS support a wide range of features. For the latest versions a Power PC 5 system is required as a minimum.

Technology Independence – Allowed code to be run within a VM type environment. This allowed for code to be used between multiple architectures. The OS was written to be an Object Orientated 128 bit system. In the event that 128 bit processors come into use compatibility is already built in.

Built in Hypervisor to allow seperate OS’s to run side by side.

  • AIX
  • Linux
  • IBM i

Management was originally through Twinax (now obsolete). The management is now completed through the Hardware Management Console (HMC)

All processes are handled as jobs and queued as required.

Memory of the system can be split to create your own pools. The system defaults to the following pools in standard configuration.

  • *MACHINE pool
  • *BASE pool

By default all subsystems use the *BASE pool. You can assign specific subsystems to manually created pools.

File System – Multiple file systems are supported (default QSYS.LIB) through the Integrated File System (IFS).

QSECOFR – Security Officer user – Is by default installed on the system and administer the system. -is used to setup, configure and -> Howto reset the QSECOFCR password

Other interesting accounts that might be present are :

  • qsecofr
  • qpgmr
  • qserv
  • qsrv
  • qserve
  • qsrvbas
  • qsvr
  • qsysopr
  • quser

Most things on the AS/400 system are objects. This allows great flexibility, and the ability to store information on each item.

TCP/IP has been available on the platform since 1996.

Q&A: The presenter has never seen an entire AS/400 crash, only individual applications. No exploits are known to the presenter at this time.

Other References:

A friend of mine (@marsmensch) provided me with a couple of useful links that talk about AS/400 user accounts and their security permissions. Hope you find them useful. http://bit.ly/MJQQw http://bit.ly/evXgT

Conference, Security , ,

Comments are closed.

%d bloggers like this: