================================================================== SEARCH400.COM | Security Tip Jan. 28, 2004 ================================================================== FROM OUR SPONSOR:
OS/400 Security Audit? No problem with Carol Woodbury's software. http://search400.com/r/0,,25011,00.htm?track=NL-236&skyviewpartners ================================================================== Essential explanations and tools to help secure the iSeries. More tips: http://search400.techtarget.com/tipsIndex/0,289482,sid3_tax2f8,00.html?track=NL-236 ================================================================== In today's technical advice roundup you'll find tips, expert answers and input from your peers to the following iSeries security questions and concerns: Today's Featured Security Tip: -- Limiting when a user profile can be used Answers to Other Technical Questions: - The adopted authority problem - The danger of indiscriminately assigning special authorities - Enable/disable a user profile at a particular time - Restricting user's authority Important Announcements and Links - Tip Contest: Last chance to win a Logitech cordless mouse - Best Web Links: iSeries security - Free on Search400.com: White Papers on iSeries security - Monthly Newsletter: Top Expert Advice __________________________________________________________________ ******************* SPONSORED BY: SkyView Partners *************** World Class Security Expertise from SkyView Partners OS/400 Security Audit? No problem with Carol Woodbury's software. HIPAA, GLBA, Sarbanes-Oxley, California Law 1386. Are these Government Regulations driving a security audit for you? Save time and save money using Carol Woodbury's software - SkyView Risk Assessor for OS/400 - new from SkyView Partners. http://search400.com/r/0,,25011,00.htm?track=NL-236&skyviewpartners =================================================================== Today's Featured Tip =================================================================== Limiting when a user profile can be used by Rich Loeber Each user profile on your system is a window, of sorts, into the computing environment for your business. Some profiles have a very narrow and limited view while others have a panoramic scene before them. Some profiles can only look while others are allowed to look, pick things up, move them around, make changes and even throw them away. Some only have access to a single library while others, perhaps even you, have the keys to the Kingdom. As a security officer, you've probably given this a lot of thought already and have your profiles set up with the exact permissions necessary. Users are allowed enough access to fulfill their job descriptions but not so much that they can wreak havoc for your organization -- either accidentally or intentionally. And, to a large extent, your trust of the person behind the profile plays a large roll in how much access you give them to your system. In this tip, Rich explains how you can limit user profiles. >> CLICK here for the full tip: http://www.search400.com/tip/1,289483,sid3_gci951871,00.html?track=NL-236 =================================================================== Answers to Other Security Questions =================================================================== THE ADOPTED AUTHORITY PROBLEM Objects, such as programs, on your iSeries can adopt authority from owners, from users, from other programs or even other systems. Is this a problem? It can be. According to security expert Rich Loeber, it would be in your best interest to understand what programs have authority to bestow on those to whom the it should not be granted. http://www.search400.com/tip/1,289483,sid3_gci918560,00.html?track=NL-236 THE DANGER OF INDISCRIMINATELY ASSIGNING SPECIAL AUTHORITIES In this tip, security guru Dan Riehl explains the special authorities and points out the main exposures if they are not assigned judiciously. http://www.search400.com/tip/1,289483,sid3_gci865077,00.html?track=NL-236 ENABLE/DISABLE A USER PROFILE AT A PARTICULAR TIME One user writes, "We have some user profiles that we keep disabled until they call and tell us they need to sign on. I would like to be able to call a CL program that will prompt me to enter a time in minutes that they will need the system. It would then enable the necessary user profile and once the amount of time entered had passed, the user profile would be disabled." Dan Riehl offers some advice. http://search400.techtarget.com/ateQuestionNResponse/0,289625,sid3_cid512081_tax288767,00.html?track=NL-236 RESTRICTING USER'S AUTHORITY This Search400.com member wanted users to have the capability to "start" their own writers, but wanted to restrict them from viewing other people's outqs. What is the best way to go about this? Security expert Carol Woodbury explains. http://search400.techtarget.com/ateQuestionNResponse/0,289625,sid3_cid570713_tax288767,00.html?track=NL-236 ___________________________________________________________________ :::::::::: DON'T MISS THESE IMPORTANT MESSAGES AND LINKS ::::::::: =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= LAST CHANCE TO WIN A LOGITECH CORDLESS MOUSE | Tips contest This month we're giving away a Logitech MX700 cordless optical mouse. You can win this awesome mouse by submitting the best tip in February. The fast RF cordless technology works within a six-foot range, has a rapid-charge base station and cruise control scrolling system for scrolling long documents or Web sites. Submit a tip in February and become eligible to win. >> SUBMIT a Tip: http://search400.techtarget.com/tipsSubmit/0,289485,sid3,00.html?track=NL-236 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= SYSTEMS MANAGEMENT | Best Web Links on Security These Best Web Links provide you with resources to help you make your system as secure as it can be. Don't waste your time scouring the Web; we've already done that for you. >> CHECK out the Best Web Links now: http://search400.techtarget.com/bestWebLinks/0,289521,sid3_tax2c5,00.html?track=NL-236 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- WHITE PAPERS ON ISERIES SECURITY | Free on Search400.com When it comes to securing your iSeries, the more advice and help you have the better. Browse Search400.com's white paper section to find informative white papers on security and several other iSeries topics. >> CLICK here to view the white papers: http://search400.techtarget.com/whitepapersByCategory/0,293837,sid3_tax292513_idx0_off10,00.html?track=NL-236 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- MONTHLY NEWSLETTER | Top Expert Advice newsletter The Top Expert Advice newsletter helps iSeries professionals manage tasks they deal with regularly. Each month we will give you expert advice on such topics as security, backup and recovery, Web development and application development. To receive this newsletter, simply edit your member profile at http://search400.techtarget.com/register?track=NL-236 and check Top Expert Advice newsletter under the Tips section. ________________________________________________________________ :::::::::::::::::::::: SEARCH400 CONTACTS ::::::::::::::::::: TIP MAILBOX, (mailto:[EMAIL PROTECTED]) >> Send us feedback on tips and ideas for new tip content. ________________________________________________________________ MICHELLE DAVIDSON, site editor (mailto:[EMAIL PROTECTED]) >> Send us your story ideas and best practices. ________________________________________________________________ DEBRA TART, assistant site editor (mailto:[EMAIL PROTECTED]) >> Send us your tips and Best Web Links. ________________________________________________________________ GABRIELLE DERUSSY, director of site sales (mailto:[EMAIL PROTECTED]) >> Sponsor this or any other TechTarget newsletter. ::::::::::::::::::::: ABOUT THIS NEWSLETTER :::::::::::::::::::::: This e-newsletter is published by Search400.com, a targeted Web site from TechTarget, the most targeted IT media and events company. TechTarget offers magazines, Web sites, e-newsletters, Webcasts and conferences for enterprise IT professionals. Copyright 2004 TechTarget. All rights reserved. _____________________________________________________________________ To unsubscribe from "Security Tip": Go to unsubscribe: http://Search400.com/u?cid=477048&lid=460581&track=NL-236 Please note, unsubscribe requests may take up to 24 hours to process; you may receive additional mailings during that time. A confirmation e-mail will be sent when your request has been successfully processed. Contact us: Search400 Member Services 117 Kendrick Street, Suite 800 Needham, MA 02494
