86 lines
5.6 KiB
HTML
86 lines
5.6 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="concept" />
|
||
|
<meta name="DC.Title" content="Security levels" />
|
||
|
<meta name="abstract" content="Security on your system is arranged in a series of levels, with each level offering a greater degree of security and protection of your data than the previous level." />
|
||
|
<meta name="description" content="Security on your system is arranged in a series of levels, with each level offering a greater degree of security and protection of your data than the previous level." />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzamvconcepts.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzamvplansyslvlsec.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="seclvlterm" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Security levels</title>
|
||
|
</head>
|
||
|
<body id="seclvlterm"><a name="seclvlterm"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Security levels</h1>
|
||
|
<div><p>Security on your system is arranged in a series of levels, with
|
||
|
each level offering a greater degree of security and protection of your data
|
||
|
than the previous level.</p>
|
||
|
<p>You can choose how much security you want the system to enforce by setting
|
||
|
the security level (QSECURITY) system value. i5/OS™ supports these fully-integrated system
|
||
|
security levels: </p>
|
||
|
<ul><li><strong>Level 20: Password security</strong><p>At this security level, users that
|
||
|
access to the system must have a password and user ID that the system recognizes.
|
||
|
The system administrator creates both the user ID and initial password for
|
||
|
users. This level of security allows users total authority to do anything
|
||
|
they want on the system, which means that all users can access all data, files,
|
||
|
objects, and so on, on your system because all users have *ALLJOB special
|
||
|
authority. </p>
|
||
|
</li>
|
||
|
<li><strong>Level 30: Password and resource security</strong><p>At this security level,
|
||
|
resource security is enforced on the system. That is, users must have specific
|
||
|
authority to use objects because they do not have any authority by default.
|
||
|
Users do not have automatic access to everything on the system and the system
|
||
|
administrator must define a valid user ID and password for them. User access
|
||
|
is limited by the security policies of the business.</p>
|
||
|
</li>
|
||
|
<li><strong>Level 40: Integrity protection</strong><p>At this security level, resource
|
||
|
security and integrity protection are enforced, and the system
|
||
|
itself is protected against users. Integrity protection functions, such as
|
||
|
the validation of parameters for interfaces to the operating system, help
|
||
|
protect your system and the objects on it from tampering by experienced system
|
||
|
users. For example, user-written programs cannot directly access the internal
|
||
|
control blocks through pointer manipulation. Level 40 is the default security
|
||
|
level for every new installation and is the recommended security level for
|
||
|
most installations. </p>
|
||
|
</li>
|
||
|
<li><strong>Level 50: Advanced integrity protection</strong><p>At this security level,
|
||
|
advanced integrity protection is added to the resource security and level
|
||
|
40 integrity protection enforcement. Advanced integrity protection includes
|
||
|
further restrictions, such as the restriction of message-handling between
|
||
|
system state programs and user state programs. Not only is the system protected
|
||
|
against user-written programs, but it ensures that users only have access
|
||
|
to data on the system, rather than information about the system itself. This
|
||
|
offers greater security against anyone attempting to learn about your system.
|
||
|
Level 50 is the recommended level of security for most businesses, because
|
||
|
it offers the highest level of security currently possible. Also, level 50
|
||
|
is the required level for C2, FIPS-140, <span>and Common Criteria</span> certifications.</p>
|
||
|
</li>
|
||
|
</ul>
|
||
|
</div>
|
||
|
<div>
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvconcepts.htm" title="To effectively create a security policy and plan security measures for your system, you need to understand the following security concepts, some of which are general concepts and some of which are specific to the hardware type.">Concepts</a></div>
|
||
|
</div>
|
||
|
<div class="relconcepts"><strong>Related concepts</strong><br />
|
||
|
<div><a href="rzamvplansyslvlsec.htm" title="System security entails controlling user access and their privileges, maintaining information integrity, monitoring processes and access, auditing system functions, and providing backup and recovery of security related information.">Plan system security</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|