============================================================= SEARCH400 | Security Tip June 11, 2002 ============================================================= FROM OUR SPONSORS:
Bytware announces All-in-One Security for the iSeries. Free trial http://search400.com/r/0,,3848,00.htm?Bytware ============================================================= Essential explanations and tools to help secure the iSeries. More tips: http://search400.techtarget.com/tipsIndex/0,289482,sid3_tax2f8,00.html ============================================================= In today's technical advice roundup you'll find tips, expert answers and input from your peers to the following iSeries security questions and concerns: Today's Featured Security Tip: -- Choosing your security level Answers to Other Technical Questions: 1. How secure is your iSeries? 2. iSeries security profile 3. How much authority should programmers have? 4. How to get to level 40 security Important Announcements and Links - Expert profile: Carol Woodbury, Search400 security expert - Advice: Managing the iSeries Discussion Forum - Featured Book: AS/400 Security in a Client/Server Environment - Systems Management: Best Web Links on Security _____________________________________________________________ ********************** SPONSORED BY Bytware ***************** Security is complex, managing it doesn't have to be. Bytware introduces STANDGUARD, a real-time all-in-one security solution allowing you to easily and quickly set enforceable security policies across a network of multiple systems. Fully graphical; secures FTP, ODBC, SQL, Commands and more; audit journal monitoring; event logging; reporting; auditing; notification and more....ORDER your FREE trial today, visit http://search400.com/r/0,,3848,00.htm?Bytware or call (530) 478-7900. =========================================================== Today's Featured Tip =========================================================== CHOOSING YOUR SECURITY LEVEL | Rich Loeber Your iSeries-AS/400 has a long tradition of boasting about tight security, but is that really true for your installation? Your very first and probably most basic decision about security on your system is found in the setting for the QSECURITY system value. You can see your current security level setting by running the "Display Security Attributes" (DSPSECA) command. The last item on the display will be your current QSECURITY level setting. Is that the appropriate level for you? This tip describes the different levels and what to expect if you need to step up security. >> CLICK here for the full tip: http://www.search400.com/tip/1,289483,sid3_gci832069,00.html ============================================================= Answers to Other Security Questions ============================================================= 1. How secure is your iSeries? The iSeries is one of the most secure systems, but there are still ways for data to be compromised -- network holes and users with too much authority, for example. The information here will help you close up any gaps you may have. http://search400.techtarget.com/featuredTopic/0,290042,sid3_gci783697,00.html 2. iSeries security profile One user writes, "My user profile is the same as my iSeries security profile. I'm concerned that when developers or support teams use the SBMJOB command they can put my profile or jobd -- that has more authority then their own profile -- in sbmjob user parameter. Is there way we can block this parameter, or can we force them to use their own user profile?" Search400's security expert Carol Woodbury offers some advice. http://search400.techtarget.com/ateQuestionNResponse/0,289625,sid3_cid471186_tax288767,00.html 3. How much authority should programmers have? This user writes, " What has been your opinion and experience in giving programmers access to production libraries to fix critical production problems? Is this acceptable, and would this pass an IT audit? Should programmers be able to invoke this application themselves to grant themselves additional authority?" Read what Search400 security expert Carol Woodbury said. http://search400.techtarget.com/ateQuestionNResponse/0,289625,sid3_cid469769_tax288767,00.html 4. How to get to level 40 security Security expert Carol Woodbury describes the benefits of level 40 and level 50 security. http://search400.techtarget.com/ateQuestionNResponse/0,289625,sid3_cid429454_tax288767,00.html _____________________________________________________________ ::::::: DON'T MISS THESE IMPORTANT MESSAGES AND LINKS :::::: =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- EXPERT PROFILE | Carol Woodbury, Search400 security expert Carol recently started SkyView Partners, a security consulting and services company. Prior to that, she was vice president of research and development at the PowerTech Group, a security solutions provider for the iSeries. Carol was also the chief engineering manager for iSeries security and OS/400 security architect for over 10 years at IBM in Rochester, Minn. Carol is the primary author of Implementing AS/400 Security. She has also written numerous articles on security and is a popular speaker at user conferences and seminars around the world. Let Carol's experience work for you! Ask Carol Security- related questions anytime. Go to: >> CLICK HERE TO VIEW recently posted Q&As... http://search400.techtarget.com/ateAnswers/0,289620,sid3_cid423497_tax288767,00.html >> CLICK HERE TO POST a question for Carol... http://search400.techtarget.com/ateQuestion/0,289624,sid3_tax288767,00.html =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= MANAGING THE ISERIES DISCUSSION FORUM | Interact with your peers Check out Search400's new Managing the iSeries discussion forum. If you have a performance problem you just can't figure out, or you need help recovering data after a system crash, we recommend you check out this forum. Other system managers can help you with these and other management issues. >> DISCUSSION THREADS you may find of interest: * ECS line use requested by a vendor http://search400.discussions.techtarget.com/WebX?[EMAIL PROTECTED]^[email protected]/572 * Is it possible to disable a user profile after a certain date? http://search400.discussions.techtarget.com/WebX?[EMAIL PROTECTED]^[email protected]/517 >> CLICK HERE to enter the forum... http:[EMAIL PROTECTED]^[email protected]!viewtype=&skip=&expand= =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- THIS WEEK'S FEATURED BOOK | Search400's Bookstore Title: AS/400 Security in a Client/Server Environment Author: Joseph S. Park Here you'll find an in-depth account of all the preventive methods to avoid potential security leaks when using the iSeries as a server. This book features the most comprehensive technique available for securing this system and detecting even the most unexpected comprises to it. http://www.digitalguru.com/DigitalGuru/product_detail.asp?catalog_name=Books&product_id=0471116831&partner_id=55 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- SYSTEMS MANAGEMENT | Best Web Links on Security These Best Web Links provide you with resources to help you make your system as secure as it can be. Don't waste your time scouring the Web; we've already done that for you. http://search400.techtarget.com/bestWebLinks/0,289521,sid3_tax2c5,00.html _____________________________________________________________ ::::::::::::::::::: SEARCH400 CONTACTS ::::::::::::::::::: TIP MAILBOX, (mailto:[EMAIL PROTECTED]) >> Send us feedback on tips and ideas for new tip content. _____________________________________________________________ MICHELLE DAVIDSON, Site Editor (mailto:[EMAIL PROTECTED]) >> Send us your story ideas and best practices. _____________________________________________________________ DEBRA TART, Assistant Editor (mailto:[EMAIL PROTECTED]) >> Send us your tips and Best Web Links. _____________________________________________________________ DAVID GABEL, Executive Tech Editor (mailto:[EMAIL PROTECTED]) >> Send me your technical tips and tip ideas. _____________________________________________________________ GABRIELLE DERUSSY (mailto:[EMAIL PROTECTED]) >> Sponsor this or any other TechTarget newsletter. _____________________________________________________________ :::::::::::::::::::: ABOUT THIS NEWSLETTER:::::::::::::::::: Created by TechTarget (http://www.techtarget.com) TechTarget - The Most Targeted IT Media Copyright 2002, All Rights Reserved. If you no longer wish to receive this newsletter simply reply to this message with "REMOVE" in the subject line. Or, visit http://search400.techtarget.com/register and adjust your subscriptions accordingly.If you choose to unsubscribe using our automated processing, you must send the "REMOVE" request from the email account to which this newsletter was delivered. Please allow 24 hours for your "REMOVE" request to be processed.
