ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvplanphysecsysunit.htm

137 lines
8.9 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Plan physical security for the system unit" />
<meta name="abstract" content="This topic discusses the importance of securing certain aspects of the system unit, such as the physical location, the control panel and keylock, and the Service Tools user ID and password." />
<meta name="description" content="This topic discusses the importance of securing certain aspects of the system unit, such as the physical location, the control panel and keylock, and the Service Tools user ID and password." />
<meta name="DC.Relation" scheme="URI" content="rzamvplanphysec.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvplanphysecsysdoc.htm" />
<meta name="DC.Relation" scheme="URI" content="../rzamh/rzamh1.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="planphysecsysunit" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Plan physical security for the system unit</title>
</head>
<body id="planphysecsysunit"><a name="planphysecsysunit"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Plan physical security for the system unit</h1>
<div><p>This topic discusses the importance of securing certain aspects
of the system unit, such as the physical location, the control panel and keylock,
and the Service Tools user ID and password.</p>
<p>Your system unit represents an important business asset and potential door
into your system. Some system components inside the system are both small
and valuable. You should place the system unit in a controlled location to
prevent someone from stealing it or from removing valuable system components.
The best location is in a private, locked room. The system unit should be
in a place that can be locked before and after regular business hours.</p>
<div class="p">Each system unit has a control panel that provides the ability to perform
basic functions without a workstation. For example, you can use the control
panel to do the following: <ul><li>Stop the system.</li>
<li>Start the system.</li>
<li>Load the operating system.</li>
<li>Start service functions.</li>
</ul>
All of these activities can disrupt your system users. They also represent
potential security exposures to your system. To prevent unauthorized use of
these system operations, each system unit has either a keylock switch or an
electronic keystick. They provide some protection of your system unit, but
the keylock switch or the electronic keystick are not replacements for adequate
physical security. To prevent the use of the control panel, place the keylock
in the Secure position, remove the key, and store it in a safe place.</div>
<div class="section"><h4 class="sectiontitle">Risks
to the system unit</h4><div class="p">In addition to theft of the system unit or its
components, here are some other risks posed by inadequate physical security
of your system unit:<dl><dt class="dlterm">Unintentional disruption of system operations</dt>
<dd>Many security problems come from authorized system users. Suppose that
one of the display stations on your system gets locked up. The system operator
is away at a meeting. The frustrated display station user walks over to the
system unit, thinking that, <span class="q">"Maybe if I press this button, it will correct
things."</span> That button might turn off or reload the system while many jobs
are running. You might need several hours to recover partially updated files.
You can use the system unit keylock switch to prevent this problem from occurring.</dd>
<dt class="dlterm">Use of dedicated service tools (DST) function to circumvent security</dt>
<dd>Security does not control service functions the system performs, because
your system software might not be operating properly when you need to perform
these functions. A knowledgeable person who knows or guesses the service tools
user ID and password could cause considerable damage to your system.</dd>
</dl>
</div>
</div>
<div class="section"><h4 class="sectiontitle">What to do to keep your system secure</h4><div class="p">The following
information suggests ways to keep your system unit secure. Record your choices
on the System Unit section of the <a href="rzamvphysecplanworksheet.htm#physecplanworksheet">Physical
Security Planning worksheet</a>. Also see <a href="#planphysecsysunit__physec_example">Example: Physical security planning form—system unit</a>.<ul><li>Ideally, keep your system unit in a locked room. If your unit is in an
unlocked room, place it where outsiders cannot access it. In addition, choose
a location where responsible employees can monitor it. The following physical
security features can help you protect your system from accidental or intentional
tampering: </li>
<li>Use the electronic keystick or the keylock: <ul><li>Set the operating mode to Normal if you want to be able to start your
system without using the key.</li>
<li>Set the operating mode to Auto if you plan to use the Automatic Power
On/Off function to start and stop your system.</li>
<li>Remove the key and put it in a safe place.</li>
</ul>
</li>
<li>If you need to perform remote IPLs or perform remote diagnostics on your
system, you might need to choose another setting for the keylock.</li>
<li>Change the Service Tools (DST) user ID and password immediately after
you install your system and after service personnel use it.</li>
</ul>
</div>
</div>
<div class="section" id="planphysecsysunit__physec_example"><a name="planphysecsysunit__physec_example"><!-- --></a><h4 class="sectiontitle">Example: Physical security planning form—system
unit</h4>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" width="100%" frame="border" border="1" rules="all"><caption>Table 1. Physical security planning
form: System unit</caption><thead align="left"><tr><th colspan="2" valign="top" id="d0e86">System unit</th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e86 ">Describe your security measures to protect the system
unit (such as a locked room).</td>
<td valign="top" headers="d0e86 "><kbd class="userinput">The system unit is in the accounting area.
During the day, accounting people are always in the area and can watch the
system unit. Before and after regular business hours, the area is locked.</kbd></td>
</tr>
<tr><td valign="top" headers="d0e86 ">What keylock position is normally used?</td>
<td valign="top" headers="d0e86 "><kbd class="userinput">Normal.</kbd></td>
</tr>
<tr><td valign="top" headers="d0e86 ">Where is the key kept?</td>
<td valign="top" headers="d0e86 "><kbd class="userinput">The key is kept in the manager's office.</kbd></td>
</tr>
<tr><td valign="top" headers="d0e86 ">Other comments relating to the system unit.</td>
<td valign="top" headers="d0e86 "><kbd class="userinput">The system unit is easily accessible. The
people in the accounting area should ensure that unauthorized people do not
tamper with the unit.</kbd></td>
</tr>
</tbody>
</table>
</div>
<p>After you plan physical security for your system unit, you can
plan physical security for system documentation and storage media.</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvplanphysec.htm" title="This topic describes physical security, the key tasks for planning physical security, and explains why these tasks are important.">Plan physical security</a></div>
<div class="nextlink"><strong>Next topic:</strong> <a href="rzamvplanphysecsysdoc.htm" title="This topic describes the importance of securing important system documentation and storage media. Emphasis placed on storing these items in two locations, both on-site and offsite.">Plan physical security for system documentation and storage media</a></div>
</div>
<div class="relinfo"><strong>Related information</strong><br />
<div><a href="../rzamh/rzamh1.htm">Configure service tools user IDs</a></div>
</div>
</div>
</body>
</html>