AIX Trusted Execution

Description

One of the common attack vectors in most of the major security breaches within the last few years has been the use of Malware.  This is one of the most important weapons in a hacker’s arsenal.   In the Target breach in 2013, the hackers utilized 3 different types of Malware to perform their breach.  Malware is any type of “malicious software”.  There are many different types of malware.  For UNIX systems, the most common types are “trojan horses” and “rootkits”.  Security controls that provide detection and prevention of malware are indispensable for achieving Defense in Depth.  IBM Lab Services provides a Malware Prevention Workshop to assist AIX customers with the configuration and effective integration of AIX Trusted Execution.  AIX Trusted Execution is the most important security tool to use to prevent all types of Malware on AIX ie trojan horses, rootkits and viruses.

AIX Trusted Execution can dramatically reduce your security risk by digitally verifying the authenticity of files.  This is done by the use do of digital signatures.  The digital signature is one of our most powerful cryptographic tools for thwarting attackers.  Consider the following statement:

‘Indeed, it has been the adoption of digital signature technologies more than any other advance that has enabled the promise of a system for global secure electronic commerce to come one step closer to reality.’

Vacca, John R. (2007-04-16). Public Key Infrastructure: Building Trusted Applications and Web Services .

In the SANS research paper, “Critical Controls that Could Have Prevented Target Breach”, they indicate that whitelisting could have prevented malware on the POS systems from stealing credit card information:

‘Application whitelisting would have allowed only authorized software to run on the POS system.’

AIX Trusted Execution uses whitelisting to prevent or detect malware that is executed on your AIX system.

Features

  1. Provides cryptographic checking that will allow you to determine if a hacker has replaced an IBM published file with his own trojan horse
  2. Provides the ability to scan for root kits
  3. Provides the ability to detect if various attributes of a file have been altered
  4. Provides the ability to correct certain file attribute errors
  5. Provides “white listing” functionality
  6. Provides a numerous configuration options
  7. Provides the ability to detect and/or prevent malicious scripts, executables, kernel extensions and libraries
  8. Provides functionality for protecting files from alteration by a hacker that has gained root access
  9. Provides functionality for protecting the Trusted Execution’s configuration from a hacker that has gained root access
  10. Provides functionality for utilizing digital signatures to verify IBM and non-IBM published files haven’t been altered by an attacker
  11. Available in AIX 6 and all higher releases

Consulting Services

see: AIX Malware Prevention Workshop Flyer

Advertisements
%d bloggers like this: