137 lines
8.9 KiB
HTML
137 lines
8.9 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="concept" />
|
||
|
<meta name="DC.Title" content="Plan physical security for the system unit" />
|
||
|
<meta name="abstract" content="This topic discusses the importance of securing certain aspects of the system unit, such as the physical location, the control panel and keylock, and the Service Tools user ID and password." />
|
||
|
<meta name="description" content="This topic discusses the importance of securing certain aspects of the system unit, such as the physical location, the control panel and keylock, and the Service Tools user ID and password." />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzamvplanphysec.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzamvplanphysecsysdoc.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="../rzamh/rzamh1.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="planphysecsysunit" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Plan physical security for the system unit</title>
|
||
|
</head>
|
||
|
<body id="planphysecsysunit"><a name="planphysecsysunit"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Plan physical security for the system unit</h1>
|
||
|
<div><p>This topic discusses the importance of securing certain aspects
|
||
|
of the system unit, such as the physical location, the control panel and keylock,
|
||
|
and the Service Tools user ID and password.</p>
|
||
|
<p>Your system unit represents an important business asset and potential door
|
||
|
into your system. Some system components inside the system are both small
|
||
|
and valuable. You should place the system unit in a controlled location to
|
||
|
prevent someone from stealing it or from removing valuable system components.
|
||
|
The best location is in a private, locked room. The system unit should be
|
||
|
in a place that can be locked before and after regular business hours.</p>
|
||
|
<div class="p">Each system unit has a control panel that provides the ability to perform
|
||
|
basic functions without a workstation. For example, you can use the control
|
||
|
panel to do the following: <ul><li>Stop the system.</li>
|
||
|
<li>Start the system.</li>
|
||
|
<li>Load the operating system.</li>
|
||
|
<li>Start service functions.</li>
|
||
|
</ul>
|
||
|
All of these activities can disrupt your system users. They also represent
|
||
|
potential security exposures to your system. To prevent unauthorized use of
|
||
|
these system operations, each system unit has either a keylock switch or an
|
||
|
electronic keystick. They provide some protection of your system unit, but
|
||
|
the keylock switch or the electronic keystick are not replacements for adequate
|
||
|
physical security. To prevent the use of the control panel, place the keylock
|
||
|
in the Secure position, remove the key, and store it in a safe place.</div>
|
||
|
<div class="section"><h4 class="sectiontitle">Risks
|
||
|
to the system unit</h4><div class="p">In addition to theft of the system unit or its
|
||
|
components, here are some other risks posed by inadequate physical security
|
||
|
of your system unit:<dl><dt class="dlterm">Unintentional disruption of system operations</dt>
|
||
|
<dd>Many security problems come from authorized system users. Suppose that
|
||
|
one of the display stations on your system gets locked up. The system operator
|
||
|
is away at a meeting. The frustrated display station user walks over to the
|
||
|
system unit, thinking that, <span class="q">"Maybe if I press this button, it will correct
|
||
|
things."</span> That button might turn off or reload the system while many jobs
|
||
|
are running. You might need several hours to recover partially updated files.
|
||
|
You can use the system unit keylock switch to prevent this problem from occurring.</dd>
|
||
|
<dt class="dlterm">Use of dedicated service tools (DST) function to circumvent security</dt>
|
||
|
<dd>Security does not control service functions the system performs, because
|
||
|
your system software might not be operating properly when you need to perform
|
||
|
these functions. A knowledgeable person who knows or guesses the service tools
|
||
|
user ID and password could cause considerable damage to your system.</dd>
|
||
|
</dl>
|
||
|
</div>
|
||
|
</div>
|
||
|
<div class="section"><h4 class="sectiontitle">What to do to keep your system secure</h4><div class="p">The following
|
||
|
information suggests ways to keep your system unit secure. Record your choices
|
||
|
on the System Unit section of the <a href="rzamvphysecplanworksheet.htm#physecplanworksheet">Physical
|
||
|
Security Planning worksheet</a>. Also see <a href="#planphysecsysunit__physec_example">Example: Physical security planning form—system unit</a>.<ul><li>Ideally, keep your system unit in a locked room. If your unit is in an
|
||
|
unlocked room, place it where outsiders cannot access it. In addition, choose
|
||
|
a location where responsible employees can monitor it. The following physical
|
||
|
security features can help you protect your system from accidental or intentional
|
||
|
tampering: </li>
|
||
|
<li>Use the electronic keystick or the keylock: <ul><li>Set the operating mode to Normal if you want to be able to start your
|
||
|
system without using the key.</li>
|
||
|
<li>Set the operating mode to Auto if you plan to use the Automatic Power
|
||
|
On/Off function to start and stop your system.</li>
|
||
|
<li>Remove the key and put it in a safe place.</li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
<li>If you need to perform remote IPLs or perform remote diagnostics on your
|
||
|
system, you might need to choose another setting for the keylock.</li>
|
||
|
<li>Change the Service Tools (DST) user ID and password immediately after
|
||
|
you install your system and after service personnel use it.</li>
|
||
|
</ul>
|
||
|
</div>
|
||
|
</div>
|
||
|
<div class="section" id="planphysecsysunit__physec_example"><a name="planphysecsysunit__physec_example"><!-- --></a><h4 class="sectiontitle">Example: Physical security planning form—system
|
||
|
unit</h4>
|
||
|
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" width="100%" frame="border" border="1" rules="all"><caption>Table 1. Physical security planning
|
||
|
form: System unit</caption><thead align="left"><tr><th colspan="2" valign="top" id="d0e86">System unit</th>
|
||
|
</tr>
|
||
|
</thead>
|
||
|
<tbody><tr><td valign="top" headers="d0e86 ">Describe your security measures to protect the system
|
||
|
unit (such as a locked room).</td>
|
||
|
<td valign="top" headers="d0e86 "><kbd class="userinput">The system unit is in the accounting area.
|
||
|
During the day, accounting people are always in the area and can watch the
|
||
|
system unit. Before and after regular business hours, the area is locked.</kbd></td>
|
||
|
</tr>
|
||
|
<tr><td valign="top" headers="d0e86 ">What keylock position is normally used?</td>
|
||
|
<td valign="top" headers="d0e86 "><kbd class="userinput">Normal.</kbd></td>
|
||
|
</tr>
|
||
|
<tr><td valign="top" headers="d0e86 ">Where is the key kept?</td>
|
||
|
<td valign="top" headers="d0e86 "><kbd class="userinput">The key is kept in the manager's office.</kbd></td>
|
||
|
</tr>
|
||
|
<tr><td valign="top" headers="d0e86 ">Other comments relating to the system unit.</td>
|
||
|
<td valign="top" headers="d0e86 "><kbd class="userinput">The system unit is easily accessible. The
|
||
|
people in the accounting area should ensure that unauthorized people do not
|
||
|
tamper with the unit.</kbd></td>
|
||
|
</tr>
|
||
|
</tbody>
|
||
|
</table>
|
||
|
</div>
|
||
|
<p>After you plan physical security for your system unit, you can
|
||
|
plan physical security for system documentation and storage media.</p>
|
||
|
</div>
|
||
|
</div>
|
||
|
<div>
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvplanphysec.htm" title="This topic describes physical security, the key tasks for planning physical security, and explains why these tasks are important.">Plan physical security</a></div>
|
||
|
<div class="nextlink"><strong>Next topic:</strong> <a href="rzamvplanphysecsysdoc.htm" title="This topic describes the importance of securing important system documentation and storage media. Emphasis placed on storing these items in two locations, both on-site and offsite.">Plan physical security for system documentation and storage media</a></div>
|
||
|
</div>
|
||
|
<div class="relinfo"><strong>Related information</strong><br />
|
||
|
<div><a href="../rzamh/rzamh1.htm">Configure service tools user IDs</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|