================================================================== SEARCH400.COM | Security Tip July 8, 2003 ================================================================== FROM OUR SPONSORS:
Get Protected. Get StandGuard Anti-Virus. http://search400.com/r/0,,15918,00.htm?bytware SkyView Partners -- Security consulting from the finest... http://www.skyviewpartners.com ================================================================== Essential explanations and tools to help secure the iSeries. More tips: http://search400.techtarget.com/tipsIndex/0,289482,sid3_tax2f8,00.html ================================================================== In today's technical advice roundup you'll find tips, expert answers and input from your peers to the following iSeries security questions and concerns: Today's Featured Security Tip: -- Reduce the number of *ALLOBJ users Answers to Other Technical Questions: - Reducing special authorities - How much authority should programmers have? - Limit access to workstations - Implications of giving a user *SAVSYS special authority Important Announcements and Links - Expert Profile: Carol Woodbury, Search400.com security expert - Search400.com Month in Review: June 2003 - New Product & Vendor Guide: Easy product comparisons - Monthly Newsletter: Top Expert Advice - Free on Search400.com: White Papers on iSeries security ___________________________________________________________________ ************************ SPONSORED BY Bytware, Inc. *************** Viruses on the iSeries is probably not your biggest concern, but if you use the IFS, it should be. OS/400's resistance to viruses makes it the perfect host. Files stored on the IFS can transmit viruses to your client PCs while the source remains undetected. But now, with StandGuard Anti-Virus, you can protect yourself with the first and only native iSeries virus detection solution, powered by McAfee. Get Protected. Get StandGuard Anti-Virus. http://search400.com/r/0,,15918,00.htm?bytware =================================================================== Today's Featured Tip =================================================================== REDUCE THE NUMBER OF *ALLOBJ USERS As an instructor, Search400.com member Michael Kilpatrick frequently hears concerns about how administrators reluctantly grant low-level users excessive authority to handle some of the more simple and mundane tasks, such as the enabling of profiles. In many cases, the help desk staff is given *ALLOBJ authority to handle such requests. A more practical solution, he says, is to give such personnel *Use authority of a simple CL program that "adopts" the required authority to perform the CHGUSRPRF. To further restrict a user's capabilities, Kilpatrick says you can also employ Selective Command Prompting in the program, and he provides the code to do that. >> CLICK here for the full tip: http://search400.techtarget.com/tip/1,289483,sid3_gci906146,00.html =================================================================== Answers to Other Security Questions =================================================================== REDUCING SPECIAL AUTHORITIES One user writes, "I have been asked to reduce the number of *ALLOBJ and other special authorities from our users on six iSeries machines. I'm not sure how to approach this. I've started to look at the public authorities that exist and have put the users in groups and granted the groups enough authority to the libraries and then to the files. This is after I have taken away the *ALLOBJ. Does this sound like the correct path?" Search400.com security expert Carol Woodbury replies. hhttp://www.search400.com/ateQuestionNResponse/0,289625,sid3_cid491961_tax288767,00.html HOW MUCH AUTHORITY SHOULD PROGRAMMERS HAVE? Carol Woodbury shares her opinion and experience in giving programmers access to production libraries to fix critical production problems. http://search400.techtarget.com/ateQuestionNResponse/0,289625,sid3_cid469769_tax288767,00.html LIMIT ACCESS TO WORKSTATIONS In any iSeries installation it is important to limit access to workstations. You want to allow authorized users to access specific terminal devices, but you want to keep users from logging onto the system from a device where they should not be working. OS/400 security provides you with an easy way to do this. http://www.search400.com/tip/1,289483,sid3_gci850930,00.html IMPLICATIONS OF GIVING A USER *SAVSYS SPECIAL AUTHORITY What are the implications of giving a user *SAVSYS special authority so they can backup other user's files? Systems management expert Ken Graap tells you. http://search400.techtarget.com/ateQuestionNResponse/0,289625,sid3_cid372945_tax285222,00.html ____________________________________________________________________ ****************** SPONSORED BY SkyView Partners ***************** as-sess-ment \a-'ses-ment\ n. 1: the act or instance of assessing or appraisal. Combine 'security' with 'assessment' and you have the act or instance of appraising a company's security. At SkyView Partners we don't let our consulting end with an assessment. Led by Carol Woodbury, former OS/400 chief security architect for IBM, our team looks at your top 5 security risks, explains why you should be concerned and provides you with a plan to address your need. That's where security changes to action...with a plan. Visit http://www.skyviewpartners.com and tell us how we can help you. ________________________________________________________________ :::::::: DON'T MISS THESE IMPORTANT MESSAGES AND LINKS :::::::: =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- EXPERT PROFILE | Carol Woodbury, Search400.com security expert Carol Woodbury is co-founder of SkyView Partners, a security consulting practice focused on the iSeries platform. Carol, prior to holding the position of vice president of Research and Development at PowerTech, served as IBM's security architect for more than 10 years. During her tenure with IBM, Carol led the AS/400 (iSeries) Security Development team and designed many aspects of OS/400's security features. Carol also co-wrote Implementing AS/400 Security, a widely read book on security. Let Carol's experience work for you. Ask Carol Security-related questions anytime. >> CLICK HERE TO ASK Carol a question: http://Search400.techtarget.com/ateQuestion/0,289624,sid3_cid423497_tax288767,00.html >> CLICK HERE TO READ recent Q&As: http://search400.techtarget.com/ateAnswers/0,289620,sid3_cid423497_tax288767,00.html =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- SEARCH400.COM MONTH IN REVIEW | June 2003 June was a busy month -- Peoplesoft/J.D. Edwards merger, IT unions, AS/400 history quiz, crash course on stored procedures and more. Too busy to catch it all? Don't fret. We have everything here. Check it out. >> CLICK here to read the complete review: http://www.search400.com/originalContent/0,289142,sid3_gci912553,00.html =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- PRODUCT & VENDOR GUIDE | Easy product comparisons Search400.com's new Product and Vendor Guide allows you to research and compare several vendors and products using one convenient resource. We've broken the topics down into four convenient categories to make your research as easy as possible. >> TAKE ADVANTAGE of this free resource today: http://knowledgestorm.techtarget.com/search400/MainServlet?fullView=true&ksAction=Home =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- MONTHLY NEWSLETTER | Top Expert Advice newsletter The Top Expert Advice newsletter helps iSeries professionals manage tasks they deal with regularly. Each month we will give you expert advice on such topics as security, backup and recovery, Web development and application development. To receive this newsletter, simply edit your member profile at http://www.search400.com/register and check Top Expert Advice newsletter under the Tips section. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- WHITE PAPERS ON ISERIES SECURITY |Free on Search400.com When it comes to securing your iSeries, the more advice and help you have the better. Browse Search400.com's white paper section to find informative white papers on security and several other iSeries topics. >> CLICK here to view the white papers: http://search400.techtarget.com/whitepapersByCategory/0,293837,sid3_tax292513_idx0_off10,00.html ________________________________________________________________ :::::::::::::::::::::: SEARCH400 CONTACTS ::::::::::::::::::: TIP MAILBOX, (mailto:[EMAIL PROTECTED]) >> Send us feedback on tips and ideas for new tip content. ________________________________________________________________ MICHELLE DAVIDSON, Site Editor (mailto:[EMAIL PROTECTED]) >> Send us your story ideas and best practices. ________________________________________________________________ DEBRA TART, Assistant Editor (mailto:[EMAIL PROTECTED]) >> Send us your tips and Best Web Links. ________________________________________________________________ DAVID GABEL, Executive Tech Editor (mailto:[EMAIL PROTECTED]) >> Send me your technical tips and tip ideas. ________________________________________________________________ JILLIAN CORBY, sales representative (mailto:[EMAIL PROTECTED]) >> Sponsor this or any other TechTarget newsletter. ::::::::::::::::::::: ABOUT THIS NEWSLETTER :::::::::::::::::::::: This newsletter is published by TechTarget, the most targeted IT media. http://www.techtarget.com Copyright 2003 TechTarget. All rights reserved. If you no longer wish to receive this newsletter simply reply to this message with "REMOVE" in the subject line. Or, visit http://search400.techtarget.com/register and adjust your subscriptions accordingly.If you choose to unsubscribe using our automated processing, you must send the "REMOVE" request from the email account to which this newsletter was delivered. Please allow 24 hours for your "REMOVE" request to be processed.
