friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
master
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzakz_5.4.0.1/rzakzsecureaccess.htm

212 lines
12 KiB
HTML
Raw Permalink Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Secure system access levels" />
<meta name="abstract" content="To help you implement the required level of security for your company, you may wish to restrict system access by using the password system values. A company can control the level of security by setting the password system values requiredly." />
<meta name="description" content="To help you implement the required level of security for your company, you may wish to restrict system access by using the password system values. A company can control the level of security by setting the password system values requiredly." />
<meta name="DC.Relation" scheme="URI" content="rzakzmanage.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakzoverviewparent.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakzpasswordoverview.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakzpasswordoverview.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakzfinder.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakzoverviewparent.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzakzsecureaccess" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Secure system access levels</title>
</head>
<body id="rzakzsecureaccess"><a name="rzakzsecureaccess"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Secure system access levels</h1>
<div><p>To help you implement the required level of security for your company,
you may wish to restrict system access by using the password system values.
A company can control the level of security by setting the password system
values requiredly.</p>
<p>For example, if your company has recently added an iSeries™ that runs highly confidential
financial applications, you should probably reassess your company's system
security policy. In general, your company follows a moderately strict security
policy. So, rather than completely rewriting the policy, you decide to restrict
signon access to the new Finance system by tightening the password rules.</p>
<p>To secure entry into the Finance system, you must do the following:</p>
<ul><li>Set a policy that states that passwords must not be trivial and must not
be shared.</li>
<li>Set system values to help you enforce the new policy. (See <a href="#rzakzsecureaccess__sysvalueset">Table 1</a>.)</li>
</ul>
<p>In addition, you may also want to provide users with this information:</p>
<ul><li>A list of the criteria for passwords.</li>
<li>Examples of passwords that are and are not valid. (See <a href="#rzakzsecureaccess__expassword">Table 2</a>.)</li>
<li>Suggestions for how to think of a good password.</li>
</ul>
<p>The following table lists the recommended password system value settings
to implement your new password requirements (These values can be changed depending
on how strict you want to control signon access.):</p>
<div class="tablenoborder"><a name="rzakzsecureaccess__sysvalueset"><!-- --></a><table cellpadding="4" cellspacing="0" summary="" id="rzakzsecureaccess__sysvalueset" frame="void" border="0" rules="none"><caption>Table 1. System value
settings</caption><thead align="left"><tr><th valign="top" id="d0e59">Name in iSeries Navigator</th>
<th valign="top" id="d0e64">Recommended value</th>
<th valign="top" id="d0e66">Name in character-based interface</th>
</tr>
</thead>
<tbody><tr><td colspan="3" valign="top" headers="d0e59 d0e64 d0e66 ">&nbsp;</td>
</tr>
<tr><td valign="top" headers="d0e59 "><a href="rzakzqpwdexpitv.htm">Password expiration</a></td>
<td valign="top" headers="d0e64 ">60 days</td>
<td valign="top" headers="d0e66 ">QPWDEXPITV</td>
</tr>
<tr><td colspan="3" valign="top" headers="d0e59 d0e64 d0e66 "> </td>
</tr>
<tr><td valign="top" headers="d0e59 "><a href="rzakzqpwdlmtajc.htm">Restrict consecutive digits</a></td>
<td valign="top" headers="d0e64 ">Yes</td>
<td valign="top" headers="d0e66 ">QPWDLMTAJC</td>
</tr>
<tr><td colspan="3" valign="top" headers="d0e59 d0e64 d0e66 "> </td>
</tr>
<tr><td valign="top" headers="d0e59 "><a href="rzakzqpwdlvl.htm">Password level</a></td>
<td valign="top" headers="d0e64 ">3 (See note <a href="#rzakzsecureaccess__password">1</a>.)</td>
<td valign="top" headers="d0e66 ">QPWDLVL</td>
</tr>
<tr><td colspan="3" valign="top" headers="d0e59 d0e64 d0e66 "> </td>
</tr>
<tr><td valign="top" headers="d0e59 "><a href="rzakzqpwdmaxlen.htm">Maximum password length</a></td>
<td valign="top" headers="d0e64 ">8 characters</td>
<td valign="top" headers="d0e66 ">QPWDMAXLEN</td>
</tr>
<tr><td colspan="3" valign="top" headers="d0e59 d0e64 d0e66 "> </td>
</tr>
<tr><td valign="top" headers="d0e59 "><a href="rzakzqpwdminlen.htm">Minimum password length</a></td>
<td valign="top" headers="d0e64 ">6 characters</td>
<td valign="top" headers="d0e66 ">QPWDMINLEN</td>
</tr>
<tr><td colspan="3" valign="top" headers="d0e59 d0e64 d0e66 "> </td>
</tr>
<tr><td valign="top" headers="d0e59 "><a href="rzakzqpwdposdif.htm">Require a new character in each position</a></td>
<td valign="top" headers="d0e64 ">Yes</td>
<td valign="top" headers="d0e66 ">QPWDPOSDIF</td>
</tr>
<tr><td colspan="3" valign="top" headers="d0e59 d0e64 d0e66 "> </td>
</tr>
<tr><td valign="top" headers="d0e59 "><a href="rzakzqpwdrqddgt.htm">Require at least one digit</a></td>
<td valign="top" headers="d0e64 ">Yes</td>
<td valign="top" headers="d0e66 ">QPWDRQDDGT</td>
</tr>
<tr><td colspan="3" valign="top" headers="d0e59 d0e64 d0e66 "> </td>
</tr>
<tr><td valign="top" headers="d0e59 "><a href="rzakzqpwdrqddif.htm">Password reuse cycle</a></td>
<td valign="top" headers="d0e64 ">10 passwords</td>
<td valign="top" headers="d0e66 ">QPWDRQDDIF</td>
</tr>
<tr><td colspan="3" valign="top" headers="d0e59 d0e64 d0e66 "> </td>
</tr>
<tr><td valign="top" headers="d0e59 "><a href="rzakzqpwdvldpgm.htm">Password validation program</a></td>
<td valign="top" headers="d0e64 ">None (See note <a href="#rzakzsecureaccess__sysvalue">2</a>.)</td>
<td valign="top" headers="d0e66 ">QPWDVLDPGM</td>
</tr>
<tr><td colspan="3" valign="top" headers="d0e59 d0e64 d0e66 "> </td>
</tr>
<tr><td valign="top" headers="d0e59 "><a href="rzakzqpwdlmtrep.htm">Restrict repeating characters</a></td>
<td valign="top" headers="d0e64 ">Characters may not be used consecutively</td>
<td valign="top" headers="d0e66 ">QPWDLMTREP</td>
</tr>
<tr><td colspan="3" valign="top" headers="d0e59 d0e64 d0e66 "> </td>
</tr>
<tr><td valign="top" headers="d0e59 "><a href="rzakzqpwdlmtchr.htm">Restricted characters</a></td>
<td valign="top" headers="d0e64 ">A,E,I,O,U,@,#, and $</td>
<td valign="top" headers="d0e66 ">QPWDLMTCHR</td>
</tr>
<tr><td colspan="3" valign="top" headers="d0e59 d0e64 d0e66 "> </td>
</tr>
</tbody>
</table>
</div>
<div class="note"><span class="notetitle">Notes:</span> <ol><li id="rzakzsecureaccess__password"><a name="rzakzsecureaccess__password"><!-- --></a>You may not be able to use password level 3 (Long passwords
using an unlimited character set. Disable iSeries NetServer™ on Windows<sup>®</sup> 95/98/ME
clients.) if you need to connect to or from an iSeries server at V5R1 or earlier or
a server that does not support long passwords.</li>
<li id="rzakzsecureaccess__sysvalue"><a name="rzakzsecureaccess__sysvalue"><!-- --></a>To change this system value, you must use the character-based
interface. It is not in iSeries Navigator. Open a character-based interface
and type <pre>CHGSYSVAL VALUE(QPWDVLDPGM) VALUE('*NONE')</pre>
</li>
</ol>
</div>
<p>The following table provides examples of good and bad passwords:</p>
<div class="tablenoborder"><a name="rzakzsecureaccess__expassword"><!-- --></a><table cellpadding="4" cellspacing="0" summary="" id="rzakzsecureaccess__expassword" frame="border" border="1" rules="all"><caption>Table 2. Example passwords</caption><thead align="left"><tr><th valign="top" id="d0e231">Password</th>
<th valign="top" id="d0e233">Details</th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e231 ">JohnDoe</td>
<td valign="top" headers="d0e233 ">Bad. Do not use a name. Also, no digits are used.</td>
</tr>
<tr><td valign="top" headers="d0e231 ">112000</td>
<td valign="top" headers="d0e233 ">Bad. Do not use a date that can be identified with you.</td>
</tr>
<tr><td valign="top" headers="d0e231 ">aaaxyz</td>
<td valign="top" headers="d0e233 ">Bad. Uses more than 2 consecutive characters and uses a character that
is not allowed (a). Also, no digit is used.</td>
</tr>
<tr><td valign="top" headers="d0e231 ">cm2s0j</td>
<td valign="top" headers="d0e233 ">Good. Meets all the criteria for a good password.</td>
</tr>
<tr><td valign="top" headers="d0e231 ">c0mptr</td>
<td valign="top" headers="d0e233 ">Good. Meets all the criteria for a good password.</td>
</tr>
<tr><td valign="top" headers="d0e231 ">Mfc1RB</td>
<td valign="top" headers="d0e233 ">Good. Meets all the criteria for a good password. The stategy for this
password uses the first letter of each word in a sentence, 'My favorite color
is Royal Blue.' It also replaces the vowel with a number and uses a combination
of upper and lower case characters.</td>
</tr>
</tbody>
</table>
</div>
<p>By completing these steps, you have tightened signon access to the finance
system by changing the password system values. You can alter the values for
each of the password system values to meet the security level for your company.
This example has provided one way that the password system values can work
together to produce a moderately strict environment.</p>
<p>To learn more about these and other system values you can view and change
in iSeries Navigator,
see the following:</p>
<dl><dt class="dlterm">Password overview</dt>
<dd>Describes all password system values. In addition, you will find links
to specific password articles that describe the different settings for each
system value.</dd>
<dt class="dlterm">i5/OS™ system
value finder</dt>
<dd> Use this tool to find system values in iSeries Navigator. The i5/OS system
value finder can be particularly helpful if you are trying to make the switch
from the system value terms that were used in the character-based interface
to the terms that are now used in iSeries Navigator.</dd>
<dt class="dlterm">System values categories</dt>
<dd>Find an introduction to all the categories of system values found in iSeries Navigator.</dd>
</dl>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzakzmanage.htm" title="As an administrator, you can perform many tasks to help you manage system values. Select this topic to learn how to save, configure, and lock system values.">Manage system values</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzakzoverviewparent.htm" title="iSeries Navigator groups system values into categories to streamline system value management.">System value categories</a></div>
<div><a href="rzakzpasswordoverview.htm" title="Use i5/OS password system values to control the password values and password restrictions.">System values: Password overview</a></div>
</div>
<div class="relinfo"><strong>Related information</strong><br />
<div><a href="rzakzfinder.htm">System value finder</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink