================================================================== SEARCH400 | Security Tip April 9, 2002
Essential explanations and tools to help secure the iSeries. More tips: http://search400.techtarget.com/tipsIndex/0,289482,sid3_tax2f8,00.html ================================================================== FROM OUR SPONSORS: Bytware announces All-in-One Security for the iSeries. Free trial http://search400.techtarget.com/r/0,,2784,00.htm?Bytware ================================================================== Welcome to our Security Newsletter. Security is always an issue, even for companies that run the iSeries. This monthly tip will highlight issues you need to be aware of and help you to be proactive when managing your systems. If you have a security issue you'd like us to address, e-mail us at mailto:[EMAIL PROTECTED]. And if you have a security tip of your own, send it in. We'll post it on the site, and you could win our Tip of the Month contest. -- Michelle Davidson, site editor In today's technical advice roundup you'll find tips, expert answers and input from your peers to the following iSeries security questions and concerns: Today's Featured Security Tip: -- Deny spammers server access Answers to Other Technical Questions: 1. Who's reading the files? 2. Secure Client Access uploads 3. Monitor e-mail usage 4. Top techniques to prevent an iSeries 400 hack attack Important Announcements and Links - Expert profile: Carol Woodbury, Search400 security expert - Tips Contest: March winners announced - Advice: Managing the iSeries Discussion Forum - Featured Book: AS/400 Security in a Client/Server Environment - Systems Management: Best Web Links on Security ____________________________________________________________ ************** SPONSORED BY: Bytware ********************* Security is complex, Managing it doesn't have to be! Bytware introduces STANDGUARD, a real-time all-in-one security solution allowing you to easily and quickly set enforceable security policies across a network of multiple systems. Fully graphical; secures FTP, ODBC, SQL, Commands and more...; audit journal monitoring; event logging; reporting; auditing; notification and more....ORDER your FREE trial today, visit http://search400.techtarget.com/r/0,,2784,00.htm?Bytware or call (530) 478-7900. =========================================================== Today's Featured Tip =========================================================== Deny spammers server access Spam is more than an annoyance; it can be a real security headache. Spammers make it a regular practice to use the e-mail capability of others' systems that are connected to the Internet. OS/400 has an SMTP server that can be used to send e-mail directly from your system. This is a handy thing to have if you need to send mail from your system and you don't want to load down your company's regular mail server. But how do you keep spammers from gaining access to the system and spreading their own particular disease using your system, especially because default configuration for the SMTP server is for wide-open message relaying. The answer to our question is to control how messages are relayed through your system. If you're using the SMTP server on your iSeries box, you should definitely set up control over the message relaying process. >> CLICK here for the full tip: http://www.search400.com/tip/1,289483,sid3_gci815395,00.html. ============================================================= Answers to Other Security Questions ============================================================= 1. Who's reading the files? This Search400 member wonders if using ODBC on his iSeries 400 will be under the control of user profile. For example, a user with read-only privilege can update the data tables through the ODBC. Is this something he should be concerned with? Security expert John Earl offers some advice. http://search400.techtarget.com/ateQuestionNResponse/0,289625,sid3_cid432351_tax288767,00.html 2. Secure Client Access uploads One user writes, "I need to do a file upload with Client Access. I don't want the user to be allowed to see the file transfer selection window. I also don't want users to be able to view or change any librarys/files on the 400 or directory/files on the PC. Is there any way to do the transfer so the only thing the user sees is messages that the transfer is running/finished." One suggestion was made. Do you have any others? http://search400.discussions.techtarget.com/WebX?[EMAIL PROTECTED]^[email protected]/1296 3. Monitor e-mail usage One user writes, "We are using the system command SNDDST to send e-mails with attachments to recipients. Is there any auditing available so that we may view who is sending what, and to whom?" Security expert Carol Woodbury offers some advice. http://search400.techtarget.com/ateQuestionNResponse/0,289625,sid3_cid425684_tax288767,00.html 4. Top techniques to prevent an iSeries 400 hack attack Gain airtight iSeries 400 security to avoid the risk of a hack attack in this Search400 online event transcript. Learn to slam shut hidden backdoors, prevent intrusion with exit points, object authority, auditing and much more. http://search400.techtarget.com/onlineEventsTranscript/0,289691,sid3_gci749860,00.html ---------------------------------------------------------------- Special Training Offer: 30% off - The Linux Operating Systems ---------------------------------------------------------------- Learn all about Linux with this introductory course. It highlights those aspects that make Linux an innovative operating system, and provides some commonly used Unix skills and "tricks". Act now and get 30% off. Click below for more details: http://nous.gofcs.com/?s=52&p=courses&t=outline&i=WT2570&m=225s _____________________________________________________________ ::::::: DON'T MISS THESE IMPORTANT MESSAGES AND LINKS :::::: =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- EXPERT PROFILE | Carol Woodbury, Search400 security expert Carol recently started SkyView Partners, a security consulting and services company. Prior to that, she was vice president of research and development at the PowerTech Group, a security solutions provider for the iSeries. Carol was also the chief engineering manager for iSeries security and OS/400 security architect for over 10 years at IBM in Rochester, Minn. Carol is the primary author of Implementing AS/400 Security. She has also written numerous articles on security and is a popular speaker at user conferences and seminars around the world. Let Carol's experience work for you! Ask Carol Security-related questions anytime. Go to: http://Search400.techtarget.com/ateQuestion/0,289624,sid3_cid423497_tax288767,00.html >> RECENT Q&A's with Carol you may find of interest: * Implementing FTP and ODBC security on the iSeries 400 http://search400.techtarget.com/ateQuestionNResponse/0,289625,sid3_cid446678_tax288767,00.html * Level 30 security setting http://search400.techtarget.com/ateQuestionNResponse/0,289625,sid3_cid429454_tax288767,00.html =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- MARCH WINNERS ANNOUNCED | Search400 tips contest Congratulations to Brad Betsworth for winning Search400's Tip of the Month contest for March. Brad won a Garmin eMap GPS and was added to our Hall of Fame for his tip: "Copy and restore spoolfiles." http://www.search400.com/tip/1,289483,sid3_gci811122,00.html Congratulations also to our runner-up winners: Sietse Witzenburg, Noel Cannon and Joe Szymanski. You may read their winning tips at http://search400.techtarget.com/tipsHallOfFame/0,289489,sid3_prz804422_cts804420,00.html NEW CONTEST FOR APRIL: This month we're giving away a Secret Agent Man Digital Seiko Watch. The Secret Agent Man Digital Seiko Watch is a high-tech digital watch has everything you'd ever want in a watch and more. Features include three alarms, chronograph, preset countdown timer, self-adjusting calendar and storage of up to 100 Internet/e-mail addresses, phone numbers or other memos. Send in your tip -- you could be our next winner. >> SUBMIT a Tip: http://www.search400.com/tipsPrize/0,289492,sid3_prz812143_cts812140,00.html =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- MANAGING THE ISERIES DISCUSSION FORUM | Interact with your peers Check out Search400's new Managing the iSeries discussion forum. If you have a performance problem you just can't figure out, or you need help recovering data after a system crash, we recommend you check out this forum. Other system managers can help you with these and other management issues. >> DISCUSSION THREADS you may find of interest: * Download a file from IFS to an Internet user http://search400.discussions.techtarget.com/WebX?[EMAIL PROTECTED]^[email protected]/422 * Public authority to nested directories http://search400.discussions.techtarget.com/WebX?[EMAIL PROTECTED]^[email protected]/433!viewtype=convdate&skip=&expand= >> CLICK HERE to enter the forum... http:[EMAIL PROTECTED]^[email protected]!viewtype=&skip=&expand= =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- THIS WEEK'S FEATURED BOOK | Search400's Bookstore Title: AS/400 Security in a Client/Server Environment Author: Joseph S. Park Here you'll find an in-depth account of all the preventive methods to avoid potential security leaks when using the iSeries as a server. This book features the most comprehensive technique available for securing this system and detecting even the most unexpected comprises to it. http://www.digitalguru.com/DigitalGuru/product_detail.asp?catalog_name=Books&product_id=0471116831&partner_id=55 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- SYSTEMS MANAGEMENT | Best Web Links on Security These Best Web Links provide you with resources to help you make your system as secure as it can be. Don't waste your time scouring the Web; we've already done that for you. http://search400.techtarget.com/bestWebLinks/0,289521,sid3_tax2c5,00.html ======================================================== QUALIFY TO ATTEND OUR FREE WINDOWS CONFERENCE ======================================================== Don't miss our Windows Decisions conference May 8-10 at the Hilton Chicago Hotel. Attend and discover: ** How to succeed with Active Directory. ** Hidden tactics to lower your TCO. ** Best practices for Windows 2000 systems management. ** End-to-end network administration strategies. ** How to solve your top 10 Windows interoperability problems. ** And more. View full session info and apply today for FREE attendance at http://ad.doubleclick.net/clk;3903304;5058249;g?http://www.windowsdecisions.com/ _____________________________________________________________ ::::::::::::::::::: SEARCH400 CONTACTS ::::::::::::::::::: TIP MAILBOX, (mailto:[EMAIL PROTECTED]) >> Send us feedback on tips and ideas for new tip content. ________________________________________________________________ MICHELLE DAVIDSON, Site Editor (mailto:[EMAIL PROTECTED]) >> Send us your story ideas and best practices. ________________________________________________________________ DEBRA TART, Assistant Editor (mailto:[EMAIL PROTECTED]) >> Send us your tips and Best Web Links. ________________________________________________________________ DAVID GABEL, Executive Tech Editor (mailto:[EMAIL PROTECTED]) >> Send me your technical tips and tip ideas. ________________________________________________________________ GABRIELLE DERUSSY (mailto:[EMAIL PROTECTED]) >> Sponsor this or any other TechTarget newsletter. ________________________________________________________________ :::::::::::::::::::: ABOUT THIS NEWSLETTER:::::::::::::::::: Created by TechTarget (http://www.techtarget.com) TechTarget - The Most Targeted IT Media Copyright 2002, All Rights Reserved. If you no longer wish to receive this newsletter simply reply to this message with "REMOVE" in the subject line. Or, visit http://search400.techtarget.com/register and adjust your subscriptions accordingly.If you choose to unsubscribe using our automated processing, you must send the "REMOVE" request from the email account to which this newsletter was delivered. Please allow 24 hours for your "REMOVE" request to be processed.
