============================================================= SEARCH400 | Security Tip July 9, 2002 ============================================================= FROM OUR SPONSORS:
Download FREE intrusion detection software. http://search400.com/r/0,,3897,00.htm?PowerTechNF ============================================================= Essential explanations and tools to help secure the iSeries. More tips: http://search400.techtarget.com/tipsIndex/0,289482,sid3_tax2f8,00.html ============================================================= In today's technical advice roundup you'll find tips, expert answers and input from your peers to the following iSeries security questions and concerns: Today's Featured Security Tip: -- Search for the guilty party Answers to Other Technical Questions: 1. HTTP server security 2. Automatically disable IDs 3. Secure sensitive files on the iSeries 4. Secure your iSeries Important Announcements and Links - Expert profile: Carol Woodbury, Search400 security expert - Advice: Managing the iSeries Discussion Forum - Featured Book: Implementing AS/400 Security - Best Web Link: Antivirus products provide security cushion _______________________________________________________________ ********************** SPONSORED BY PowerTech ***************** Is your iSeries Really Secure? PC's connected to your iSeries pose security risks. End users have direct access to data. Identify and close security gaps inside your firewall using PowerLock NetworkSecurity, which provides network access control, intrusion detection and vulnerability assessment. Please click below today for your FREE Intrusion detection software. http://ad.doubleclick.net/clk;4008076;5058249;j?http://search400.techtarget.com/survey/1,290964,sid3,00.html?s=451509&track=TIS =========================================================== Today's Featured Tip =========================================================== Search for the guilty party | Rick Loeber Part of computer security is prevention, and a good access prevention policy along with good controls will go a long way to protect your data from improper access and use. But people with proper authorization can make incorrect data changes that can wreak havoc on a system. At times like that, it is sometimes nice to be able to backtrack and see who did what and when they did it. Here is an easy way to implement a tracking system on an OS/400 database without any significant programming on your part. This technique takes advantage of the OS/400 database audit journal features. >> CLICK here for the full tip: http://www.search400.com/tip/1,289483,sid3_gci834983,00.html ============================================================= Answers to Other Security Questions ============================================================= 1. HTTP server security One user writes, "We are running the standard HTTP server with security on it. I noticed that if you type the HTTP domain name and then /.. after it, it will display the contents of the IFS root. However, you cannot access them. Is there a way to not allow this?" Search400 expert John Brandt offers a few suggestions. http://search400.discussions.techtarget.com/WebX?[EMAIL PROTECTED]^[email protected]/2038 2. Automatically disable IDs This user wonders how he can automatically disable IDs for lack of use, and send a user a subset of the IDs that are being automatically disabled. Search400 expert Carol Woodbury tells him the easiest way to do it. http://search400.techtarget.com/ateQuestionNResponse/0,289625,sid3_cid478395_tax288767,00.html 3. Secure sensitive files on the iSeries One user writes, "The most sensitive files on our iSeries are unsecured (*PUBLIC has *ALL authority), as the vendor-supplied applications that use them rely on their custom menu security to control access to the files. For this reason we have restricted file download capability to only a few IS users, but now we're receiving pressure from the user community to make this ability available to other departments. Is there a way that we can control which objects users have authority to download in this scenario?" Search400 security expert Carol Woodbury offers some advice. http://search400.techtarget.com/ateQuestionNResponse/0,289625,sid3_cid477111_tax288767,00.html 4. Secure your iSeries The iSeries is one of the most secure systems, but there are still ways for data to be compromised -- network holes and users with too much authority, for example. The information in this Search400 Featured Topic helps you close up any gaps you may have. http://search400.techtarget.com/featuredTopic/0,290042,sid3_gci783697,00.html _____________________________________________________________ ::::::: DON'T MISS THESE IMPORTANT MESSAGES AND LINKS :::::: =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- EXPERT PROFILE | Carol Woodbury, Search400 security expert Carol recently started SkyView Partners, a security consulting and services company. Prior to that, she was vice president of research and development at the PowerTech Group, a security solutions provider for the iSeries. Carol was also the chief engineering manager for iSeries security and OS/400 security architect for over 10 years at IBM in Rochester, Minn. Carol is the primary author of Implementing AS/400 Security. She has also written numerous articles on security and is a popular speaker at user conferences and seminars around the world. Let Carol's experience work for you! Ask Carol security- related questions anytime. >> CLICK HERE TO VIEW recently posted Q&As... http://search400.techtarget.com/ateAnswers/0,289620,sid3_cid423497_tax288767,00.html >> CLICK HERE TO POST a question for Carol... http://search400.techtarget.com/ateQuestion/0,289624,sid3_tax288767,00.html =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= MANAGING THE ISERIES DISCUSSION FORUM | Interact with your peers Check out Search400's Managing the iSeries discussion forum. If you have a performance problem you just can't figure out, or you need help recovering data after a system crash, we recommend you check out this forum. Other system managers can help you with these and other management issues. >> DISCUSSION THREADS you may find of interest: * Start a terminal emulation session http://search400.discussions.techtarget.com/WebX?[EMAIL PROTECTED]^[email protected]/620 * Download a file from IFS to an Internet user http://search400.discussions.techtarget.com/WebX?[EMAIL PROTECTED]^[email protected]/422 >> CLICK HERE to enter the forum... http:[EMAIL PROTECTED]^[email protected]!viewtype=&skip=&expand= =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- THIS WEEK'S FEATURED BOOK | Search400's Bookstore Title: Implementing AS/400 Security Author: Carol Woodbury and Wayne Madden Changing system security needs and new system enhancements make this a must have book for every iSeries 400 shop. Wayne Madden and Search400 expert Carol Woodbury bring a wealth of expertise to this timely topic, making creating, updating, and implementing vital security measures clear and easily understood. http://www.digitalguru.com/DigitalGuru/product_detail.asp?catalog_name=Books&product_id=1583040730&partner_id=55 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Antivirus products provide security cushion | SearchSecurity More enterprises are using double-barreled defenses against viruses and worms with multiple AV products running simultaneously at different network entry points. But enterprises considering this approach need to ask if the licensing expense and management stresses are worth the bother. http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci835212,00.html _____________________________________________________________ ::::::::::::::::::: SEARCH400 CONTACTS ::::::::::::::::::: TIP MAILBOX, (mailto:[EMAIL PROTECTED]) >> Send us feedback on tips and ideas for new tip content. _____________________________________________________________ MICHELLE DAVIDSON, Site Editor (mailto:[EMAIL PROTECTED]) >> Send us your story ideas and best practices. _____________________________________________________________ DEBRA TART, Assistant Editor (mailto:[EMAIL PROTECTED]) >> Send us your tips and Best Web Links. _____________________________________________________________ DAVID GABEL, Executive Tech Editor (mailto:[EMAIL PROTECTED]) >> Send me your technical tips and tip ideas. _____________________________________________________________ GABRIELLE DERUSSY (mailto:[EMAIL PROTECTED]) >> Sponsor this or any other TechTarget newsletter. _____________________________________________________________ :::::::::::::::::::: ABOUT THIS NEWSLETTER:::::::::::::::::: Created by TechTarget (http://www.techtarget.com) TechTarget - The Most Targeted IT Media Copyright 2002, All Rights Reserved. If you no longer wish to receive this newsletter simply reply to this message with "REMOVE" in the subject line. Or, visit http://search400.techtarget.com/register and adjust your subscriptions accordingly.If you choose to unsubscribe using our automated processing, you must send the "REMOVE" request from the email account to which this newsletter was delivered. Please allow 24 hours for your "REMOVE" request to be processed.
