Security Patrol discusses security topics and implementation tips and answers your security questions. I welcome questions, recommendations, and suggestions for security topics you would like discussed in detail. You can submit your correspondence through MC-BBS at 619-931-9909; by E-mail at
-Wayne O. Evans, chief of security
Rather than answering user questions, I am devoting this month's column to reviewing a new security application that IBM is offering at no charge. IBM has just released Security ToolKit OS/400 as a PRPQ. The Security ToolKit, which has many long-awaited features, is available for releases V2R3, V3R1, and V3R6. (The V2R3 version also runs on V3R0M5.) I'll give you the ordering details later in this column, but first I want to summarize the Security ToolKit's features.
The Security ToolKit is a group of commands and menus that simplifies managing user profiles. These are some examples of what the product will allow you to do:
o Enable profiles to be active for certain times of the day or specific days of the week.
o Automatically disable user profiles that have been inactive for a specified number of days. (Specific user profiles can be exempt from being disabled.)
o Schedule removal or disabling of user profiles.
The IBM manual Tips and Tools for Securing Your AS/400 is intended for use with the Security ToolKit. The manual, which includes valuable information even for installations that elect not to install the Security ToolKit, contains a step-by-step security setup process, including recommended settings for system values. Three chapters in particular offer useful information on securing different communications environments:
o "Tips for Securing APPC"
This chapter explains the security implications of starting Advanced Program-to-Program Communications (APPC) communications jobs. It also explains the use of single session (SNGSSN) to prevent piggy-backing and the relationship between Secure Location (SECURELOC) and default user when starting communications jobs. Using location password (LOCPWD) is recommended.
o "Tips for Securing TCP/IP"
The chapter on TCP/IP communications is a "must read" for installations that are using this support. Setting up TCP/IP security is one of the more complex setup procedures. This chapter provides detailed steps for preventing TCP/IP applications from running on your system and for protecting system resources if you allow TCP/IP.
o "Tips for Securing PC Access"
This chapter mentions using the network attributes and the exit program registration facility, but it doesn't outline detailed, step-by-step procedures.
The "Protecting Your System from Devious and Determined Users" chapter also provides useful recommendations.
The Security ToolKit allows customers to generate several user-security reports. You can submit these reports to batch or to the job scheduler.
o You can select a report of objects authorized to *PUBLIC by either library or object type. An option allows you to see the changes to object authority.
o You can use the report of authorization lists to show all the authorization lists in one report.
o The user profile information report has columns for special authority, group profiles, user class, and limited capability parameters. This makes it easy to scan for these parameters and greatly simplifies reviewing all user profiles.
o The report of programs that adopt authority for a user is similar to the Display Program Adopt (DSPPGMADP) command output. Once you have established a base of information, you can print changes only. This allows you to see new programs that adopt authority or programs that have been modified to adopt authority since you last ran the report.
o The trigger program report lists all the trigger programs in a specific library or all libraries.
IBM will distribute the Security ToolKit with all V3R1 and V3R6 orders processed after March 8, 1996. If you have already installed these releases or are running V2R3 or V3R0M5, you will want to contact IBM and order your system's Security ToolKit as well as the prerequisite PTFs corresponding to your system release (see 1).
IBM will distribute the Security ToolKit with all V3R1 and V3R6 orders processed after March 8, 1996. If you have already installed these releases or are running V2R3 or V3R0M5, you will want to contact IBM and order your system's Security ToolKit as well as the prerequisite PTFs corresponding to your system release (see Figure 1).
REFERENCE
Tips and Tools for Securing Your AS/400 (GC41-0615).
Security Patrol
Figure 1: Ordering Information for the Security ToolKit
Business users want new applications now. Market and regulatory pressures require faster application updates and delivery into production. Your IBM i developers may be approaching retirement, and you see no sure way to fill their positions with experienced developers. In addition, you may be caught between maintaining your existing applications and the uncertainty of moving to something new.
IT managers hoping to find new IBM i talent are discovering that the pool of experienced RPG programmers and operators or administrators with intimate knowledge of the operating system and the applications that run on it is small. This begs the question: How will you manage the platform that supports such a big part of your business? This guide offers strategies and software suggestions to help you plan IT staffing and resources and smooth the transition after your AS/400 talent retires. Read on to learn:
LATEST COMMENTS
MC Press Online