ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvplansecstrat.htm

273 lines
16 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Plan your security strategy" />
<meta name="abstract" content="This topic describes various aspects of planning a security strategy." />
<meta name="description" content="This topic describes various aspects of planning a security strategy." />
<meta name="DC.Relation" scheme="URI" content="rzamvplansec.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvdevelopsecpol.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvplanphysec.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvplansyslvlsec.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvplanusersec.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvplanrscsec.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvplannetsec.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvappcsecurity.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvtcpipplan.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvplanbackrecsecinfo.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="plansecstrat" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Plan your security strategy</title>
</head>
<body id="plansecstrat"><a name="plansecstrat"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Plan your security strategy</h1>
<div><p>This topic describes various aspects of planning a security strategy.</p>
<p>Once you have defined your company's security values within your security
policy, you can begin developing your security strategy. A security strategy
provides a systematic approach to all the planning tasks that are necessary
for implementing your company's security policy. To best complete this goal,
you need to start at the most basic security need and then work to more specific
security issues. </p>
<p>For example, the suggested approach that this information takes is to begin
with planning physical security of your hardware and information assets and
then to plan specific security for your system, users, resources, and network.
As you develop your security strategy, begin at the most general security
concerns and then move toward other more specific security goals. Each planning
step is arranged to be completed in order. </p>
<p><strong>Use system values to customize your system </strong></p>
<p>The system uses system values and network attributes to control many things
other than security. The system and application programmers use most of these
system values and attributes. The security officer should set a few system
values and network attributes to customize your system.</p>
<p><span class="uicontrol">Assign a name to your system</span></p>
<p>You use the SYSNAME network attribute to assign a name to your system.
The system name appears in the upper-right corner of your sign on display
and on system reports. It is also used when your system communicates with
another system or with personal computers using iSeries™ Access for Windows<sup>®</sup>. </p>
<p>When your system communicates with other systems or personal computers,
the system name identifies and distinguishes your system from others on the
network. Computers exchange system names whenever they communicate. Once you
assign a system name, you should not change it, because changing it affects
other systems in your network.</p>
<p>Choose a meaningful and unique name for your system. Even if you are not
communicating with other computers today, you may in the future. If your system
is part of a network, the network manager will probably tell you what system
name to use.</p>
<p><span class="uicontrol">Choose the date display format for your system</span></p>
<p>You can set the sequence in which year, month, and day appear when your
system prints or displays the date. You can also specify what character the
system should use between the year (Y), month (M), and day (D). The system
value QDATFMT determines the date format. The following chart shows how the
system prints the date, 16 June 2000, for each possible choice.</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 1. Date and time formats</caption><thead align="left"><tr valign="bottom"><th valign="bottom" id="d0e50">Your choice</th>
<th valign="bottom" id="d0e52">Description</th>
<th valign="bottom" id="d0e54">Result</th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e50 ">YMD</td>
<td valign="top" headers="d0e52 ">Year, Month, Day</td>
<td valign="top" headers="d0e54 ">00/06/16</td>
</tr>
<tr><td valign="top" headers="d0e50 ">MDY</td>
<td valign="top" headers="d0e52 ">Month, Day, Year</td>
<td valign="top" headers="d0e54 ">06/16/00</td>
</tr>
<tr><td valign="top" headers="d0e50 ">DMY</td>
<td valign="top" headers="d0e52 ">Day, Month, Year</td>
<td valign="top" headers="d0e54 ">16/06/00</td>
</tr>
<tr><td valign="top" headers="d0e50 ">JUL</td>
<td valign="top" headers="d0e52 ">Julian Date</td>
<td valign="top" headers="d0e54 ">00/168</td>
</tr>
</tbody>
</table>
</div>
<div class="note"><span class="notetitle">Note:</span> These examples use the slash (/) date separator.</div>
<p>The system value QDATSEP determines what character the system uses between
year, month, and day. The table below shows your choices. You use a number
to specify your choice.</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 2. Date separator characters</caption><thead align="left"><tr valign="bottom"><th valign="bottom" id="d0e98">Separator character</th>
<th valign="bottom" id="d0e100">QDATSEP value</th>
<th valign="bottom" id="d0e102">Result</th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e98 ">/ (slash)</td>
<td valign="top" headers="d0e100 ">1</td>
<td valign="top" headers="d0e102 ">16/06/00</td>
</tr>
<tr><td valign="top" headers="d0e98 ">- (hyphen)</td>
<td valign="top" headers="d0e100 ">2</td>
<td valign="top" headers="d0e102 ">16-06-00</td>
</tr>
<tr><td valign="top" headers="d0e98 ">. (period)</td>
<td valign="top" headers="d0e100 ">3</td>
<td valign="top" headers="d0e102 ">16.06.00</td>
</tr>
<tr><td valign="top" headers="d0e98 ">, (comma)</td>
<td valign="top" headers="d0e100 ">4</td>
<td valign="top" headers="d0e102 ">16,06,00</td>
</tr>
<tr><td valign="top" headers="d0e98 ">(blank)</td>
<td valign="top" headers="d0e100 ">5</td>
<td valign="top" headers="d0e102 ">16 06 00</td>
</tr>
</tbody>
</table>
</div>
<div class="note"><span class="notetitle">Note:</span> The above examples use the DMY format.</div>
<p><span class="uicontrol">Set the time display format for your system</span></p>
<p>The QTIMSEP system value determines what character the system uses to separate
hours, minutes, and seconds when it shows the time. You use a number to specify
your choice. The table below shows how the time of 10:30 in the morning would
be formatted using each value:</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 3. Time separator characters</caption><thead align="left"><tr valign="bottom"><th valign="bottom" id="d0e156">Separator character</th>
<th valign="bottom" id="d0e158">QTIMSEP</th>
<th valign="bottom" id="d0e160">Result</th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e156 ">: (colon)</td>
<td valign="top" headers="d0e158 ">1</td>
<td valign="top" headers="d0e160 ">10:30:00</td>
</tr>
<tr><td valign="top" headers="d0e156 ">. (period)</td>
<td valign="top" headers="d0e158 ">2</td>
<td valign="top" headers="d0e160 ">10.30.00</td>
</tr>
<tr><td valign="top" headers="d0e156 ">, (comma)</td>
<td valign="top" headers="d0e158 ">3</td>
<td valign="top" headers="d0e160 ">10,30,00</td>
</tr>
<tr><td valign="top" headers="d0e156 ">(blank)</td>
<td valign="top" headers="d0e158 ">4</td>
<td valign="top" headers="d0e160 ">10 30 00</td>
</tr>
</tbody>
</table>
</div>
<p><strong>Decide how to name your system devices</strong></p>
<p>Your system automatically configures any new display stations and printers
you attach to it. The system gives a name to each new device. The QDEVNAMING
system value determines how the names are assigned. The chart below shows
how the system names the third display station and the second printer attached
to your system:</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 4. System device names</caption><thead align="left"><tr valign="bottom"><th valign="bottom" id="d0e206">Your choice</th>
<th valign="bottom" id="d0e208">Naming format</th>
<th valign="bottom" id="d0e210">Display station name</th>
<th valign="bottom" id="d0e212">Printer name</th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e206 ">1</td>
<td valign="top" headers="d0e208 ">iSeries</td>
<td valign="top" headers="d0e210 ">DSP03</td>
<td valign="top" headers="d0e212 ">PRT02</td>
</tr>
<tr><td valign="top" headers="d0e206 ">2</td>
<td valign="top" headers="d0e208 ">S/36</td>
<td valign="top" headers="d0e210 ">W3</td>
<td valign="top" headers="d0e212 ">P2</td>
</tr>
<tr><td valign="top" headers="d0e206 ">3</td>
<td valign="top" headers="d0e208 ">Address of the device</td>
<td valign="top" headers="d0e210 ">DSP010003</td>
<td valign="top" headers="d0e212 ">PRT010002</td>
</tr>
</tbody>
</table>
</div>
<div class="note"><span class="notetitle">Note:</span> In the above example, the display station and printer are attached to
the first cable.</div>
<p><strong>Recommendations</strong></p>
<p>Use naming conventions not device addresses, unless you are running software
which requires S/36 naming. Names for display stations and printers are less
cumbersome than names which use the address of the device. Display station
and printer names appear on several Operational Assistant displays. Printer
names are also used to manage printer output. </p>
<p>After the system has configured a new device, use the Change Display Device
(CHGDEVDSP) command or the Change Printer Device (CHGDEVPRT) command to enter
a meaningful description of the device. Include in the description both the
physical address of the device and its location, such as John Smiths office,
line 1 address 6.</p>
<p><span class="uicontrol">Choose your system printer</span></p>
<p>Use the QPRTDEV system value to assign your system printer. This system
value, the user profile, and the job description determine which printer a
job uses. The job uses the system printer unless the user profile or the job
description specifies a different one. </p>
<p><strong>Recommendations</strong></p>
<div class="p">Normally, your system printer should be the fastest printer on your system.
Use the system printer for long reports and system output. <div class="note"><span class="notetitle">Note:</span> You will
not know the names of your printers until you install and configure your system.
Make a note about the location of your system printer now. Fill in the name
of the printer later.</div>
</div>
<p><span class="uicontrol">Allow the display of completed printer output</span></p>
<p>The system provides users the ability to find their printer output. The
Work with Printer Output display shows all the output that is currently printing
or waiting to print. You can also allow users to look at a list of completed
printer output. </p>
<p>This display shows when the output printed and on what printer it printed.
This can be useful in locating lost reports. The job accounting function and
the QACGLVL system value allows you to display completed printer output. The
*PRINT option for the QACGLVL system value allows information about completed
printer output to be saved.</p>
<p>Storing information about completed printer output takes space on your
system. Unless you think your users will print many reports, you probably
do not need to provide this function. Enter NO on the System Values Selection
form. This value sets the job accounting level to *NONE.</p>
<div class="p"><span class="uicontrol">Before planning user groups</span><ul><li>Make sure you have written a security policy statement for your own company
similar to the JKL Toy Company example that Sharon Jones and John Smith prepared.</li>
<li>Make sure you have entered your choices for the system values on the System
Values Selection form.</li>
<li>Make notes about what you would like to include in your security memo.</li>
</ul>
After you have entered all your system options on the System Values
Selection form and written a security policy, you can plan user groups.</div>
</div>
<div>
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="rzamvdevelopsecpol.htm">Develop a security policy</a></strong><br />
This topic defines a security policy and explains the process for creating a security policy.</li>
<li class="ulchildlink"><strong><a href="rzamvplanphysec.htm">Plan physical security</a></strong><br />
This topic describes physical security, the key tasks for planning physical security, and explains why these tasks are important.</li>
<li class="ulchildlink"><strong><a href="rzamvplansyslvlsec.htm">Plan system security</a></strong><br />
System security entails controlling user access and their privileges, maintaining information integrity, monitoring processes and access, auditing system functions, and providing backup and recovery of security related information.</li>
<li class="ulchildlink"><strong><a href="rzamvplanusersec.htm">Plan user security</a></strong><br />
Planning user security includes planning all areas where security affects the users on your system.</li>
<li class="ulchildlink"><strong><a href="rzamvplanrscsec.htm">Plan resource security</a></strong><br />
This topic describes each of the components of resource security and how they all work together to protect information on your system. It also explains how to use CL commands and displays to set up resource security on your system.</li>
<li class="ulchildlink"><strong><a href="rzamvplannetsec.htm">Plan network security</a></strong><br />
When connecting to an untrusted network, your security policy must describe a comprehensive security scheme, including the security measures that you will implement at the network level.</li>
<li class="ulchildlink"><strong><a href="rzamvappcsecurity.htm">Plan APPC security</a></strong><br />
Use this information to understand how Advanced Program-to-Program Communication (APPC) works and how you can set up the appropriate security for APPC on your system.</li>
<li class="ulchildlink"><strong><a href="rzamvtcpipplan.htm">Plan TCP/IP security</a></strong><br />
TCP/IP (Transmission Control Protocol/Internet Protocol) is a common way that computers of all types communicate with each other.</li>
<li class="ulchildlink"><strong><a href="rzamvplanbackrecsecinfo.htm">Plan backup and recovery of security information</a></strong><br />
This information explains the necessity of planning the backup and recovery of your security information.</li>
</ul>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvplansec.htm" title="This topic collection provides you with detailed information about planning, setting up, and using your system security. This topic collection combines the information formerly in the Basic system security and planning topic collection and in the Tips and Tools for Securing Your iSeries manual.">Plan and set up system security</a></div>
</div>
</div>
</body>
</html>