friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6290434003
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvplanphystationsec.htm

121 lines
8.2 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Plan physical workstation security" />
<meta name="abstract" content="This topic describes the security risks and recommendations for workstations." />
<meta name="description" content="This topic describes the security risks and recommendations for workstations." />
<meta name="DC.Relation" scheme="URI" content="rzamvplanphysec.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvplanphysecsysdoc.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvplanphyprintersec.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="planphystationsec" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Plan physical workstation security</title>
</head>
<body id="planphystationsec"><a name="planphystationsec"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Plan physical workstation security</h1>
<div><p>This topic describes the security risks and recommendations for
workstations.</p>
<p>You might want all users to be able to sign on at any available workstation
and perform all authorized functions. However, if you have workstations that
are either very public or very private, you might want to ensure that unauthorized
users do not access functions on those workstations.</p>
<div class="p"><strong>Risks associated with workstations</strong><dl><dt class="dlterm">Using a workstation in a public location for unauthorized purposes</dt>
<dd>If people outside your company can easily access locations, they could
potentially see confidential information. If a system user leaves a workstation
signed on, someone from outside the company might be able to walk up and access
confidential information. </dd>
<dt class="dlterm">Using a workstation in a private location for unauthorized purposes</dt>
<dd>A workstation located in a private location gives an intruder the opportunity
to spend long hours trying to circumvent your security without being observed.</dd>
<dt class="dlterm">Using the playback function or a PC signon program on a display station
to circumvent security measures</dt>
<dd>Many display stations have a record and playback function, that allows
users to store frequently used keystrokes and repeat them by pressing a single
key. When you use a personal computer as a workstation on the system, you
can write a program to automate the signon process. Because users frequently
use the signon process , they might decide to store their user IDs and passwords,
rather than typing them every time they sign on.</dd>
</dl>
</div>
<p><strong>What to do to keep your workstation secure</strong></p>
<p>You need to identify which workstations might pose a security risk. The
following information suggests ways to keep your workstation secure. Record
your choices on the Workstations and Printers section of the <a href="rzamvphysecplanworksheet.htm#physecplanworksheet">Physical
Security Planning worksheet</a>. Also see <a href="#planphystationsec__workstation_example">Example: Physical security planning form—workstations and printers</a>.</p>
<div class="p"><ul><li>Avoid placing workstations in very public or private locations.</li>
<li>Remind users that recording a password in a display station or in a PC
program violates system security.</li>
<li>Require users to sign off before leaving a workstation.</li>
<li>Take measures, such as using the inactive timer system values (WINACTITV
and QINACTMSCQ), to prevent users from leaving workstations in public locations
without signing off the system.</li>
<li>Restrict access to vulnerable workstations: <ul><li>Permit only user profiles with limited function.</li>
<li>Prevent people with security officer or service authority from signing
on at every workstation using the QLMTSECOFR system value.</li>
<li>Restrict users from signing on at more than one workstation at the same
time using the QLMTDEVSSN system value.</li>
</ul>
</li>
<li>Restrict *CHANGE authority to printers and other devices.</li>
</ul>
</div>
<div class="section" id="planphystationsec__workstation_example"><a name="planphystationsec__workstation_example"><!-- --></a><h4 class="sectiontitle">Example: Physical security planning
form—workstations and printers</h4>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" width="100%" frame="border" border="1" rules="all"><caption>Table 1. Physical
security planning form: Workstations and printers</caption><thead align="left"><tr><th colspan="4" valign="top" id="d0e78">Workstations and printers</th>
</tr>
</thead>
<tbody><tr><td valign="top" width="25%" headers="d0e78 ">Workstation or printer name</td>
<td valign="top" width="25%" headers="d0e78 ">Its location or description</td>
<td valign="top" width="25%" headers="d0e78 ">Security exposure</td>
<td valign="top" width="25%" headers="d0e78 ">Protective measures to be taken</td>
</tr>
<tr><td valign="top" width="25%" headers="d0e78 "><kbd class="userinput">DSP06</kbd></td>
<td valign="top" width="25%" headers="d0e78 "><kbd class="userinput">Loading docks</kbd></td>
<td valign="top" width="25%" headers="d0e78 "><kbd class="userinput">Too public</kbd></td>
<td valign="top" width="25%" headers="d0e78 "><kbd class="userinput">Automatic signoff. Limit functions that can
be completed at the workstation.</kbd></td>
</tr>
<tr><td valign="top" width="25%" headers="d0e78 "><kbd class="userinput">RMT12</kbd></td>
<td valign="top" width="25%" headers="d0e78 "><kbd class="userinput">Remote sales office</kbd></td>
<td valign="top" width="25%" headers="d0e78 "><kbd class="userinput">Too private</kbd></td>
<td valign="top" width="25%" headers="d0e78 "><kbd class="userinput">Do not let security officer sign on there.</kbd></td>
</tr>
<tr><td valign="top" width="25%" headers="d0e78 "><kbd class="userinput">PRT01</kbd></td>
<td valign="top" width="25%" headers="d0e78 "><kbd class="userinput">Accounting office</kbd></td>
<td valign="top" width="25%" headers="d0e78 "><kbd class="userinput">Confidential information, such as price
lists, could be seen.</kbd></td>
<td valign="top" width="25%" headers="d0e78 "><kbd class="userinput">Place printer in a locked room. Remind users
to pick up confidential output within 30 minutes.</kbd></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvplanphysec.htm" title="This topic describes physical security, the key tasks for planning physical security, and explains why these tasks are important.">Plan physical security</a></div>
<div class="previouslink"><strong>Previous topic:</strong> <a href="rzamvplanphysecsysdoc.htm" title="This topic describes the importance of securing important system documentation and storage media. Emphasis placed on storing these items in two locations, both on-site and offsite.">Plan physical security for system documentation and storage media</a></div>
<div class="nextlink"><strong>Next topic:</strong> <a href="rzamvplanphyprintersec.htm" title="This topic describes the risks and recommendations for securing printers and printer output.">Plan physical security for printers and printer output</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink