97 lines
6.7 KiB
HTML
97 lines
6.7 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE html
|
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html lang="en-us" xml:lang="en-us">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="security" content="public" />
|
|
<meta name="Robots" content="index,follow" />
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|
<meta name="DC.Type" content="concept" />
|
|
<meta name="DC.Title" content="Security levels for basic Internet readiness" />
|
|
<meta name="abstract" content="Use this information to learn what system security you should have in place before you connect to the Internet." />
|
|
<meta name="description" content="Use this information to learn what system security you should have in place before you connect to the Internet." />
|
|
<meta name="DC.Relation" scheme="URI" content="rzaj4secoverview.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzaj40a0internetsecurity.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="../books/sc415302.pdf" />
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 1999, 2006" />
|
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1999, 2006" />
|
|
<meta name="DC.Format" content="XHTML" />
|
|
<meta name="DC.Identifier" content="rzaj4securityreadiness" />
|
|
<meta name="DC.Language" content="en-us" />
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|
<title>Security levels for basic Internet readiness</title>
|
|
</head>
|
|
<body id="rzaj4securityreadiness"><a name="rzaj4securityreadiness"><!-- --></a>
|
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|
<h1 class="topictitle1">Security levels for basic Internet readiness</h1>
|
|
<div><p><span>Use
|
|
this information to learn what system security you should have in place before
|
|
you connect to the Internet.</span></p>
|
|
<p>Your system security measures represent your last line of defense against
|
|
an Internet-based security problem. Consequently, your first step in a total
|
|
Internet security strategy must be to properly configure i5/OS™ basic security
|
|
settings. You
|
|
should do the following to ensure that your system security meets the minimum
|
|
requirements:</p>
|
|
<ul><li><img src="./delta.gif" alt="Start of change" />Set the security level (QSECURITY system value) to 50. Security
|
|
level 50 provides the highest level of integrity protection, which is strongly
|
|
recommended for protecting your system in high risk environments such as the
|
|
Internet. For more detailed information about
|
|
each iSeries™ security
|
|
level, see <a href="../rzamv/rzamvseclvl.htm">Plan
|
|
and set up system security</a>. <div class="note"><span class="notetitle">Note:</span> <img src="./delta.gif" alt="Start of change" />If you are currently
|
|
running at a security level lower than 50, you may need to update either your
|
|
operating procedures or your applications. You should review information in
|
|
the book, <a href="../books/sc415302.pdf">iSeries Security
|
|
Reference</a> before changing to a higher security level.<img src="./deltaend.gif" alt="End of change" /></div>
|
|
<img src="./deltaend.gif" alt="End of change" /></li>
|
|
<li>Set your security-relevant system values to be at least as restrictive as the recommended
|
|
settings. You can use the iSeries Navigator Security Wizard to configure the
|
|
recommended security settings.</li>
|
|
<li>Ensure that no user profiles, including IBM-supplied user profiles, have default passwords. Use
|
|
the Analyze Default Passwords (ANZDFTPWD) command to check whether you have
|
|
default passwords.</li>
|
|
<li>Use object authority to protect your important system resources. Take
|
|
a restrictive approach on your system. That is, by default restrict everyone
|
|
(PUBLIC *EXCLUDE) from system resources such as libraries and directories.
|
|
Allow only a few users to access these restricted resources. Restricting access
|
|
through menus is not sufficient in an Internet environment.</li>
|
|
<li><img src="./delta.gif" alt="Start of change" />You <strong>must</strong> set up object authority on your system. .<img src="./deltaend.gif" alt="End of change" /></li>
|
|
</ul>
|
|
<p>To help you configure these minimum system security requirements, you can
|
|
use either the <img src="eserver.gif" alt="e(logo) server" /><strong>Security Planner</strong> (available from the <span class="keyword"><img src="./delta.gif" alt="Start of change" />IBM<sup>®</sup> Systems Software Information Center<img src="./deltaend.gif" alt="End of change" /></span> Web site) or the <strong>Security Wizard</strong> (available from
|
|
the iSeries Navigator
|
|
interface). The <a href="../icbase/secplanr/securwiz.htm" target="_blank">Security Planner</a> provides you with a set of security
|
|
recommendations based on your answers to a series of questions. You can then
|
|
use these recommendations to configure the system security settings that you
|
|
need. The Security Wizard also provides recommendations based on your answers
|
|
to a series of questions. Unlike the Security Advisor, you can have the wizard
|
|
use the recommendations to configure your system security settings for you.</p>
|
|
<p>The inherent security features of the iSeries, when properly configured and
|
|
managed, provide you with the ability to minimize many risks. When you connect
|
|
your iSeries to
|
|
the Internet, however, you will need to provide additional security measures
|
|
to ensure the safety of your internal network. After you ensure that your iSeries has
|
|
good general system security in place, you are ready to configure additional
|
|
security measures as part of your comprehensive security plan for Internet
|
|
usage.</p>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaj4secoverview.htm" title="Accessing the Internet from your LAN is a major step in the evolution of your network that will require you to reassess your security requirements.">iSeries and Internet security</a></div>
|
|
</div>
|
|
<div class="relconcepts"><strong>Related concepts</strong><br />
|
|
<div><a href="rzaj40a0internetsecurity.htm" title="Your security policy defines what you want to protect and what you expect of your system users.">The layered defense approach to security</a></div>
|
|
</div>
|
|
<div class="relinfo"><strong>Related information</strong><br />
|
|
<div><a href="../books/sc415302.pdf" target="_blank">iSeries Security Reference</a></div>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html> |