Reinforce AIX Endpoint Security With Atomic OSSEC
By Scott Shinn
(This article and video demonstration show how to orchestrate additional security and compliance controls to your AIX environments.)
AIX is a well-embedded operating system that has persisted 37 years and remains popular today. Technically not a legacy product, AIX is still commercially supported. IBM owns AIX, as well as Red Hat and has included a number of Red Hat tools in its AIX distribution.
AIX is still a foundational OS for a surprising number of telcos, equipment manufacturers, financial institutions, government agencies, and other organizations. New AIX-based software, CPU hardware and antivirus protection continue to be developed and are even available in a cloud environment.
AIX is a use case where a vendor or vendors and the open source community have not only kept something alive, but enabled it to flourish as a computing tool. This happens in a lot of different industries, where organizations continue to run equipment on old operating systems and patch as they go. A lot of investment has already been made in these systems, some of which are so critical they can’t be replaced. In terms of security and more modern open source support, the AIX OS natively gives you an excellent YUM/DNF repository for CLI installation of many open source tools. It also supports the Ansible provisioning and orchestration tool.
Watch the AIX security video presentation now.
In January 2023, The Register, a global technology news provider, reported IBM had transferred AIX development to India, its commentary prodding Big Blue for answers about AIX’s future. IBM responded it is not deprioritizing AIX and pointed out it supports AIX updates through Red Hat and IBM Cloud.
AIX Security Considerations
In general, the modernization of your equipment and software is warranted. If you are not obligated to move off AIX, be aware of some security and risk management challenges. You must have strong endpoint and workload protection for your AIX systems.
- The AIX-native security stack is not very modern. It’s missing things like default log-in failure detection and capturing objects for analysis and reporting.
- AIX doesn’t support real-time FIM. It has a file health tool, but it can’t handle the entire file tree—performance and memory are limited. In terms of real-time FIM, AIX could use a more advanced integration. In addition to securing files and code, this is important for compliance with NIST, PCI DSS, and other regulations and standards.
- The packet management system is rooted in generations-old technology.
- You may struggle to log the high fidelity information and root out false readings.
Why is it important to protect every endpoint? Bugs and vulnerabilities can move undetected through the software supply chain. You need a mix of AV, antimalware, FIM, vulnerability detection, MFA, and the ability to update security rules rapidly to defend against the latest threats looking for an easy way in.
AIX and legacy systems must be safeguarded beyond AV and basic protection. Enterprises and federal agencies should secure AIX deployments, both endpoints and web connections, going beyond AIX firewall coverage. Atomicorp develops advanced security rules for these AIX environments and brings professional support to ensure the installation is a success.
In the following video, I demonstrate how you can bring additional security, zero trust principles, and data security compliance into your AIX deployment via highly portable open source-based security rules and crowdsourced threat intelligence.
Adding Security to Your AIX Endpoint Environment
Watch the video presentation.
- Check out our syslog and file integrity monitoring (FIM) capabilities and security software for AIX. It’s a boon for compliance with PCI DSS 11.5 and NIST 800-53.
- Run a scan of AIX system(s).
- Be able to go beyond AIX defaults.
- Monitor an AIX generic repository.
- Implement firewall and web application firewall rules on endpoints.
- Conduct vulnerability detection and debugging.
For AIX, open source security (OSSEC) makes sense as it continues to evolve more advanced protective solutions for Unix and Linux operating systems. Atomic OSSEC rules provide deep detection in these environments, going beyond supported vendor built-in software protection. When you update from OSSEC or OSSEC+ to Atomic OSSEC, you activate active response, too.
Open Source Security and Support for AIX and Legacy End of Life Programs
Atomic OSSEC empowers AIX and legacy system administrators to:
- Activate response. Learn who’s attacking, and how. Orchestrate active response, and virtual patching so you don’t have to wait for a vendor patch.
- Filter and protect programming languages such as Log4J, the attack vector in CVE-2021-44228 – NVD. There are many ways for bad guys to evade moderate protections. You need a noninvasive, zero trust look at the software and strings of code connecting into your systems. Be able to scan programming languages and cloud APIs and defend, input and output (I/O), protecting yourself and the supply chain.
- Secure a host of legacy operating systems. Through agents or hubs, our extended detection and response (XDR) system has the versatility to protect legacy systems such Windows 2003, Windows end of life (EOL), Linux EOL, HP-UX, Solaris, and others.
- Secure AIX using Linux. Linux features are being added on AIX systems. Atomic OSSEC provides updated advanced security rules, tools, and engineering support for both Linux and AIX environments.
- Monitor and visualize AIX and other endpoints with a graphical user interface (GUI). Get insight into your AIX system behavior, the connection points, and the packets traveling between endpoints. Our GUI delivers a high-level analytical view of the data on a dashboard, highlighting threats and vulnerabilities through deep detection, overall pattern analysis, and more. Be able to see the big picture through generated charts, comparisons, tables, and images, yet achieve specificity and auditing compliance through log files and captured artifacts.
- Orchestrate endpoint and cloud workload protection, FIM, and compliance for OpenShift, Kubernetes, and Red Hat software environments, web servers, cloud APIs, and more.
- Achieve compliance. Address IT security and customer data privacy regulations and standards such as GDPR, NIST and PCI DSS via Atomic OSSEC real-time FIM and the solution’s audit and accountability (AU) control capabilities.
- Access professional support, testing, training, certification, and ongoing development.
OSSEC’s Aptitude for Legacy System Protection
Atomic OSSEC protects long-living, legacy and end of life operating systems, such as:
- End of Life Linux (RHEL 5, 32-bit)
- End of Life Windows (XP, 2003, etc.)
- IoT Linux
- CentOS, which is still in use around the world.
Available in an agented or hub model, Atomic OSSEC allows a system to protect the systems around it. Whether it’s agented architecture or agentless communicating with a firewall, the security information and defense-in-depth capabilities are shared across connection points in the environment.
Atomic OSSEC for AIX Endpoint Security and Legacy System Protection
Atomic OSSEC endpoint and cloud workload protection rules support major commercial and open-source software architectures, cloud APIs, as well as legacy and end-of-life systems.
Get a demonstration of how Atomic OSSEC can secure your AIX endpoints and workload.
Visit our Legacy Systems security page.
Relive our journey into legacy system security, Ghidra malware removal, and other information security topics. Check out the videos on the Atomic OSSEC conference page.
Join us on Slack for testing, training, development, support, and more.