ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaj4_5.4.0.1/rzaj4securityreadiness.htm

97 lines
6.7 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Security levels for basic Internet readiness" />
<meta name="abstract" content="Use this information to learn what system security you should have in place before you connect to the Internet." />
<meta name="description" content="Use this information to learn what system security you should have in place before you connect to the Internet." />
<meta name="DC.Relation" scheme="URI" content="rzaj4secoverview.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaj40a0internetsecurity.htm" />
<meta name="DC.Relation" scheme="URI" content="../books/sc415302.pdf" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1999, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1999, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzaj4securityreadiness" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Security levels for basic Internet readiness</title>
</head>
<body id="rzaj4securityreadiness"><a name="rzaj4securityreadiness"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Security levels for basic Internet readiness</h1>
<div><p><span>Use
this information to learn what system security you should have in place before
you connect to the Internet.</span></p>
<p>Your system security measures represent your last line of defense against
an Internet-based security problem. Consequently, your first step in a total
Internet security strategy must be to properly configure i5/OS™ basic security
settings. You
should do the following to ensure that your system security meets the minimum
requirements:</p>
<ul><li><img src="./delta.gif" alt="Start of change" />Set the security level (QSECURITY system value) to 50. Security
level 50 provides the highest level of integrity protection, which is strongly
recommended for protecting your system in high risk environments such as the
Internet. For more detailed information about
each iSeries™ security
level, see <a href="../rzamv/rzamvseclvl.htm">Plan
and set up system security</a>. <div class="note"><span class="notetitle">Note:</span> <img src="./delta.gif" alt="Start of change" />If you are currently
running at a security level lower than 50, you may need to update either your
operating procedures or your applications. You should review information in
the book, <a href="../books/sc415302.pdf">iSeries Security
Reference</a> before changing to a higher security level.<img src="./deltaend.gif" alt="End of change" /></div>
<img src="./deltaend.gif" alt="End of change" /></li>
<li>Set your security-relevant system values to be at least as restrictive as the recommended
settings. You can use the iSeries Navigator Security Wizard to configure the
recommended security settings.</li>
<li>Ensure that no user profiles, including IBM-supplied user profiles, have default passwords. Use
the Analyze Default Passwords (ANZDFTPWD) command to check whether you have
default passwords.</li>
<li>Use object authority to protect your important system resources. Take
a restrictive approach on your system. That is, by default restrict everyone
(PUBLIC *EXCLUDE) from system resources such as libraries and directories.
Allow only a few users to access these restricted resources. Restricting access
through menus is not sufficient in an Internet environment.</li>
<li><img src="./delta.gif" alt="Start of change" />You <strong>must</strong> set up object authority on your system. .<img src="./deltaend.gif" alt="End of change" /></li>
</ul>
<p>To help you configure these minimum system security requirements, you can
use either the <img src="eserver.gif" alt="e(logo) server" /><strong>Security Planner</strong> (available from the <span class="keyword"><img src="./delta.gif" alt="Start of change" />IBM<sup>®</sup> Systems Software Information Center<img src="./deltaend.gif" alt="End of change" /></span> Web site) or the <strong>Security Wizard</strong> (available from
the iSeries Navigator
interface). The <a href="../icbase/secplanr/securwiz.htm" target="_blank">Security Planner</a> provides you with a set of security
recommendations based on your answers to a series of questions. You can then
use these recommendations to configure the system security settings that you
need. The Security Wizard also provides recommendations based on your answers
to a series of questions. Unlike the Security Advisor, you can have the wizard
use the recommendations to configure your system security settings for you.</p>
<p>The inherent security features of the iSeries, when properly configured and
managed, provide you with the ability to minimize many risks. When you connect
your iSeries to
the Internet, however, you will need to provide additional security measures
to ensure the safety of your internal network. After you ensure that your iSeries has
good general system security in place, you are ready to configure additional
security measures as part of your comprehensive security plan for Internet
usage.</p>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaj4secoverview.htm" title="Accessing the Internet from your LAN is a major step in the evolution of your network that will require you to reassess your security requirements.">iSeries and Internet security</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzaj40a0internetsecurity.htm" title="Your security policy defines what you want to protect and what you expect of your system users.">The layered defense approach to security</a></div>
</div>
<div class="relinfo"><strong>Related information</strong><br />
<div><a href="../books/sc415302.pdf" target="_blank">iSeries Security Reference</a></div>
</div>
</div>
</body>
</html>