This topic discusses the importance of securing certain aspects
of the system unit, such as the physical location, the control panel and keylock,
and the Service Tools user ID and password.
Your system unit represents an important business asset and potential door
into your system. Some system components inside the system are both small
and valuable. You should place the system unit in a controlled location to
prevent someone from stealing it or from removing valuable system components.
The best location is in a private, locked room. The system unit should be
in a place that can be locked before and after regular business hours.
Each system unit has a control panel that provides the ability to perform
basic functions without a workstation. For example, you can use the control
panel to do the following:
- Stop the system.
- Start the system.
- Load the operating system.
- Start service functions.
All of these activities can disrupt your system users. They also represent
potential security exposures to your system. To prevent unauthorized use of
these system operations, each system unit has either a keylock switch or an
electronic keystick. They provide some protection of your system unit, but
the keylock switch or the electronic keystick are not replacements for adequate
physical security. To prevent the use of the control panel, place the keylock
in the Secure position, remove the key, and store it in a safe place.
Risks
to the system unit
In addition to theft of the system unit or its
components, here are some other risks posed by inadequate physical security
of your system unit:
- Unintentional disruption of system operations
- Many security problems come from authorized system users. Suppose that
one of the display stations on your system gets locked up. The system operator
is away at a meeting. The frustrated display station user walks over to the
system unit, thinking that, "Maybe if I press this button, it will correct
things." That button might turn off or reload the system while many jobs
are running. You might need several hours to recover partially updated files.
You can use the system unit keylock switch to prevent this problem from occurring.
- Use of dedicated service tools (DST) function to circumvent security
- Security does not control service functions the system performs, because
your system software might not be operating properly when you need to perform
these functions. A knowledgeable person who knows or guesses the service tools
user ID and password could cause considerable damage to your system.
What to do to keep your system secure
The following
information suggests ways to keep your system unit secure. Record your choices
on the System Unit section of the
Physical
Security Planning worksheet. Also see
Example: Physical security planning form—system unit.
- Ideally, keep your system unit in a locked room. If your unit is in an
unlocked room, place it where outsiders cannot access it. In addition, choose
a location where responsible employees can monitor it. The following physical
security features can help you protect your system from accidental or intentional
tampering:
- Use the electronic keystick or the keylock:
- Set the operating mode to Normal if you want to be able to start your
system without using the key.
- Set the operating mode to Auto if you plan to use the Automatic Power
On/Off function to start and stop your system.
- Remove the key and put it in a safe place.
- If you need to perform remote IPLs or perform remote diagnostics on your
system, you might need to choose another setting for the keylock.
- Change the Service Tools (DST) user ID and password immediately after
you install your system and after service personnel use it.
Example: Physical security planning form—system
unit
Table 1. Physical security planning
form: System unit| System unit |
|---|
| Describe your security measures to protect the system
unit (such as a locked room). |
The system unit is in the accounting area.
During the day, accounting people are always in the area and can watch the
system unit. Before and after regular business hours, the area is locked. |
| What keylock position is normally used? |
Normal. |
| Where is the key kept? |
The key is kept in the manager's office. |
| Other comments relating to the system unit. |
The system unit is easily accessible. The
people in the accounting area should ensure that unauthorized people do not
tamper with the unit. |
After you plan physical security for your system unit, you can
plan physical security for system documentation and storage media.