IBM i Screen Capture

IBM i Screen Capture

Screen Capture for IBM i is a feature of the Authority Manager that automates monitoring users performing sensitive tasks or those needing special authorities to perform specific tasks in a controlled and fully auditing environment. The IBM i Screen Capture feature takes a screen shot of each screen the user is on and includes all the user entered text, and saves the screen shot in a searchable pdf and log on the IBM i. The IBM i Authority Manager enables monitoring powerful users via rules that ensures ticket numbers are used for assigned tasks, auditing and screen capture is enabled, and emails associated job logs and detailed activity reports after the user completes their task. 

IBM i Authority Manager rules can grant permission to perform a profile SWAP or ADOPT authorities based on specific conditions automatically, or after approval from an administrator. The Authority Manager rule determines which users may request elevated authorities based on the user profile making the request, day of week, time of day, date and time range, job name, IP Address, application used and other user and job variables.

For situations where the user profile already possesses the special authorities required to perform the task, such as QSECOFR, the IBM i Authority Manager rule can configured to simply log activities, including screen captures and distribute the detailed audit and activity report via email when completed. In addition, all audit log reports and screen captures are archived on the system for a predetermined time frame the administrator defines. Depending on the parameters defined in the Authority Manager’s rule, detailed user activity and audit reports can include AS400 screen capture, job logs, SQL statements and send events to a journal. Using screen captures is a great way to maintain a true audit trail of user activities when specific users or task must be documented for compliance or simply to keep an eye on individuals performing sensitive tasks or running a series of commands you want to keep on file for reviewing at a later time.

Why use the AS400 Screen Capture and IBM i Authority Manager?
Most IBM i environments have an excessive number of powerful profiles on their system of which are one of the main reasons for many critical security risks. User profiles should only possess special authorities required to perform their duties, and even then, most users only require special authorities for a very short period of time. IBM i customers should analyze profiles regularly and identify if any special authorities users possess are required for their everyday tasks, and remove any special authorities that are not necessary. Allowing users to possess unneeded special authorities is a security vulnerability that can be misused or used by an attacker. 

User profiles that require special authorities should have additional auditing enabled and these users’ actions should be closely monitored, such as using the IBM i screen capture function. The IBM i Authority Manager enables administrators to take away unnecessary special authorities, and grant special authorities on an as needed basis using flexible rules that manages the entire process, from when and how a user can initiate elevated authorities, real-time alerts, and distribution of iSeries screen capture, job logs, SQL Statement and security audit reports when the user session ends. Eliminating special authorities reduces many security risks and is a good first step for improving the security posture of the system. All user profiles possessing special authorities should always have stricter monitoring and controls in place to ensure confidentiality, integrity and compliance. Take the time to regularly investigate the user profiles on your system, and take steps to improve the security posture of your system.