============================================================= SEARCH400 | Security Tip Aug. 13, 2002 ============================================================= FROM OUR SPONSORS:
Bytware announces All-in-One Security for the iSeries. Free trial http://search400.com/r/0,,4969,00.htm?bytware ============================================================= Essential explanations and tools to help secure the iSeries. More tips: http://search400.techtarget.com/tipsIndex/0,289482,sid3_tax2f8,00.html ============================================================= In today's technical advice roundup you'll find tips, expert answers and input from your peers to the following iSeries security questions and concerns: Today's Featured Security Tip: -- Don't bank on IDS Answers to Other Technical Questions: 1. Securing downloads to Excel 2. New White Papers on iSeries security 3. What's needed to manage a user profile? 4. How to prevent a hack attack Important Announcements and Links - Tips Contest: July's winners announced - Expert profile: Carol Woodbury, Search400 security expert - Advice: Managing the iSeries Discussion Forum - Featured Book: AS/400 Security in a Client/Server Environment - Best Web Link: Virus management: Never a dull moment _______________________________________________________________ ********************** SPONSORED BY Bytware ***************** Security is complex, managing it doesn't have to be! Order STANDGUARD today and put an end to your securty fears. Real-time security solution allowing easy and quick enforcement of security policies across a network of multiple systems. Secures FTP, ODBC, SQL, Telnet, DDM/DRDA, NetServer, Commands and more...; audit journal monitoring; event logging; reporting; auditing; notification and more....ORDER your FREE trial today, visit: http://search400.com/r/0,,4969,00.htm?bytware or call (775) 851- 2900. =========================================================== Today's Featured Tip =========================================================== Don't bank on IDS | By James Michael Stewart If someone malicious gets into your 400 system, you're in a pickle, especially if you don't know who it is -- or even that the person has penetrated your operation. One way to attempt to find out this vital information is through an Intrusion Detection System. But while many security professionals will tout IDS as the silver bullet of intrusions, don't believe it. There is no single product, technique or mechanism that can serve as the end-all-be-all security solution. There are so many aspects to consider when implementing security, from logical/technical controls to administrative and physical, that it is impossible for a single entity to meet the demands. That's why most seasoned security professionals say that the only silver bullet in security is not having a security policy and the beast it kills is your organization. >> CLICK here for the full tip: http://www.search400.com/tip/1,289483,sid3_gci843898,00.html. ============================================================= Answers to Other Security Questions ============================================================= 1. Securing downloads to Excel This user is concerned about allowing his users to download a file from the OS/400 V5R1 to Excel. How secure will these downloads be? He wonders if he's opening a can of worms by letting users download to Excel. Is there a way to lock it down? A few suggestions were made. Do you have any others? http://search400.discussions.techtarget.com/WebX?[EMAIL PROTECTED]@.ee84638/1936 2. New White Papers on iSeries security When it comes to securing your iSeries, the more advice and help you have the better. Browse Search400's new white papers section to find informative white papers on security and several other iSeries topics. http://search400.techtarget.com/whitepapersByCategory/0,293837,sid3_tax292513_idx0_off10,00.html 3. What's needed to manage a user profile? This person recently replaced a programmer and was granted *SECADM access. When working with user profiles, however, he only saw a small portion. He'd like to see a large number of profiles. He wonders if this has to do with the user class that created the profile. He has *SECADM and *JOBCTL special authority. Carol Woodbury tells him what he needs to do to manage a user profile. http://search400.techtarget.com/ateQuestionNResponse/0,289625,sid3_cid485262_tax288767,00.html 4. How to prevent a hack attack Although the OS/400 is a relatively closed operating system that prevents the OS internals from being accessed by user written programs, the iSeries is still a computer and unless it is properly secured, there is a multitude of ways an unauthorized person can gain access. This tip describes three ways and how to prevent them. http://search400.techtarget.com/tip/1,289483,sid3_gci809408,00.html _____________________________________________________________ ::::::: DON'T MISS THESE IMPORTANT MESSAGES AND LINKS :::::: =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- JULY'S WINNERS ANNOUNCED | Search400 tips contest Based on their ratings and evaluation by our panel of judges, our top winner for July is Wim van den Heuvel and our runner-up winner is Nico Beekhuijs. Wim won a Samsung DVD-S221 DVD/MP3 player and was added to our Hall of Fame for his tip: Query's collating sequence and character comparisons http://www.search400.com/tip/1,289483,sid3_gci841561,00.html CONTEST FOR AUGUST: This month we're giving away a Beetle CD stereo. This stereo has a FM digital tuner, dual stereo speakers in the wheels, and a CD tray that slides out from the bumper -- and the head and taillights really light up. The CD play controls are accessed from under the hood. It includes a plug adapter and headphone jack. http://www.search400.com/tipsPrize/0,289492,sid3_prz840983_cts840991,00.html =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- EXPERT PROFILE | Carol Woodbury, Search400 security expert Carol recently started SkyView Partners, a security consulting and services company. Prior to that, she was vice president of research and development at the PowerTech Group, a security solutions provider for the iSeries. Carol was also the chief engineering manager for iSeries security and OS/400 security architect for over 10 years at IBM in Rochester, Minn. Carol is the primary author of Implementing AS/400 Security. She has also written numerous articles on security and is a popular speaker at user conferences and seminars around the world. Let Carol's experience work for you! Ask Carol security- related questions anytime. >> CLICK HERE TO VIEW recently posted Q&As... http://search400.techtarget.com/ateAnswers/0,289620,sid3_cid423497_tax288767,00.html >> CLICK HERE TO POST a question for Carol... http://search400.techtarget.com/ateQuestion/0,289624,sid3_tax288767,00.html =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= MANAGING THE ISERIES DISCUSSION FORUM | Interact with your peers Check out Search400's Managing the iSeries discussion forum. If you have a performance problem you just can't figure out, or you need help recovering data after a system crash, we recommend you check out this forum. Other system managers can help you with these and other management issues. >> CLICK HERE TO READ recent discussion threads... http:[EMAIL PROTECTED]^[email protected]!viewtype=&skip=&expand= >> CLICK HERE TO POST a new question into the forum: http://search400.discussions.techtarget.com/WebX?[EMAIL PROTECTED]@.ee84639!viewtype=convdate =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- THIS WEEK'S FEATURED BOOK | Search400's Bookstore Title: AS/400 Security in a Client/Server Environment Author: Joseph S. Park Here you'll find an in-depth account of all the preventive methods to avoid potential security leaks when using the iSeries as a server. This book features the most comprehensive technique available for securing this system and detecting even the most unexpected comprises to it. http://www.digitalguru.com/DigitalGuru/product_detail.asp?catalog_name=Books&product_id=0471116831&partner_id=55 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- VIRUS MANAGEMENT: NEVER A DULL MOMENT | SearchSecurity Nothing evolves faster in IT than malicious code and attacks on enterprise systems via viruses and worms. And left struggling to defend a company's infrastructure and assets is the poor IT manager who has to be well versed in everything from boot-sector viruses, to heuristics-based protection, to which e-mail attachments will be allowed through the gateway. http://www.searchSecurity.com/originalContent/0,289142,sid14_gci841460,00.html _____________________________________________________________ ::::::::::::::::::: SEARCH400 CONTACTS ::::::::::::::::::: TIP MAILBOX, (mailto:[EMAIL PROTECTED]) >> Send us feedback on tips and ideas for new tip content. _____________________________________________________________ MICHELLE DAVIDSON, Site Editor (mailto:[EMAIL PROTECTED]) >> Send us your story ideas and best practices. _____________________________________________________________ DEBRA TART, Assistant Editor (mailto:[EMAIL PROTECTED]) >> Send us your tips and Best Web Links. _____________________________________________________________ DAVID GABEL, Executive Tech Editor (mailto:[EMAIL PROTECTED]) >> Send me your technical tips and tip ideas. _____________________________________________________________ GABRIELLE DERUSSY (mailto:[EMAIL PROTECTED]) >> Sponsor this or any other TechTarget newsletter. _____________________________________________________________ :::::::::::::::::::: ABOUT THIS NEWSLETTER:::::::::::::::::: Created by TechTarget (http://www.techtarget.com) TechTarget - The Most Targeted IT Media Copyright 2002, All Rights Reserved. If you no longer wish to receive this newsletter simply reply to this message with "REMOVE" in the subject line. Or, visit http://search400.techtarget.com/register and adjust your subscriptions accordingly.If you choose to unsubscribe using our automated processing, you must send the "REMOVE" request from the email account to which this newsletter was delivered. Please allow 24 hours for your "REMOVE" request to be processed.
