friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6290434003
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvseclvl.htm

237 lines
13 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Security level system value" />
<meta name="abstract" content="This system value allows you to set the security level for the system." />
<meta name="description" content="This system value allows you to set the security level for the system." />
<meta name="DC.Relation" scheme="URI" content="rzamvgensecsysval.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="seclvl" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Security level system value</title>
</head>
<body id="seclvl"><a name="seclvl"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Security level system value</h1>
<div><p>This system value allows you to set the security level for the
system.</p>
<p>The system offers five different levels of security. Each of these levels
of security provide specific security controls for the system. Depending on
the decisions you made in the security policy, you can select a security level
that you need. IBM<sup>®</sup> ships
all new systems with the security level 40, which provides a high level of
security that is necessary for most installations. It is not recommended that
you change your security level on a new system lower that this value. </p>
<p>Even though IBM recommends
you keep systems at level 40, lower values are described to provide a function-by-function
comparison between each security level.</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 1. Possible values for the security level
system value. This table compares the different settings and the
functions that the security level allows.</caption><thead align="left"><tr class="tablemainheader" valign="bottom"><th valign="bottom" width="24.873096446700508%" id="d0e34">Security level</th>
<th valign="bottom" width="24.111675126903553%" id="d0e36">iSeries™ Navigator description</th>
<th valign="bottom" width="25.380710659898476%" id="d0e40">Functions allowed </th>
<th valign="bottom" width="25.63451776649746%" id="d0e42">Functions not allowed </th>
</tr>
</thead>
<tbody><tr class="tablemainheader"><td valign="top" width="24.873096446700508%" headers="d0e34 ">10 (no security)<sup> 1</sup></td>
<td valign="top" width="24.111675126903553%" headers="d0e36 ">No passwords are needed and users have authority
to all resources</td>
<td valign="top" width="25.380710659898476%" headers="d0e40 "><span>Provide users with *ALLOBJ access to
all objects.</span></td>
<td valign="top" width="25.63451776649746%" headers="d0e42 ">NA</td>
</tr>
<tr><td valign="top" width="24.873096446700508%" headers="d0e34 ">20 (low or relaxed security)</td>
<td valign="top" width="24.111675126903553%" headers="d0e36 ">Passwords are required and users have authority
to all resources</td>
<td valign="top" width="25.380710659898476%" headers="d0e40 "><ul><li>Provides users with *ALLOBJ access to all objects.</li>
<li>User name required to sign on.</li>
<li>Password required to sign on.</li>
<li>Password security active.</li>
<li>Menu and initial program security active.</li>
<li>Security auditing capabilities available.</li>
<li>Programs that contain restricted instructions cannot be created or recompiled.</li>
<li>*USRSPC, *USRIDX, and *USRQ objects can be created only in libraries specified
in the QALWUSRDMN system value.</li>
</ul>
</td>
<td valign="top" width="25.63451776649746%" headers="d0e42 "><ul><li>Resource security active.</li>
<li>User profile created automatically.</li>
<li>Programs that use unsupported interfaces fail at run time.</li>
<li>Enhanced hardware storage protection supported.</li>
<li>Pointers used in parameters are validated for user domain programs running
in system state.</li>
<li>Message handling rules are enforced between system and user state programs.</li>
<li>A programs associated space cannot be directly modified.</li>
<li>Internal control blocks are protected.</li>
</ul>
</td>
</tr>
<tr><td valign="top" width="24.873096446700508%" headers="d0e34 ">30 (medium or average security)</td>
<td valign="top" width="24.111675126903553%" headers="d0e36 ">Passwords are required and users' access is based
on their authority</td>
<td valign="top" width="25.380710659898476%" headers="d0e40 "><ul><li>User name required to sign on.</li>
<li>Password required to sign on.</li>
<li>Password security active.</li>
<li>Menu and initial program security active.</li>
<li>Security auditing capabilities available.</li>
<li>Programs that contain restricted instructions cannot be created or recompiled. </li>
<li>*USRSPC, *USRIDX, and *USRQ objects can be created only in libraries specified
in the QALWUSRDMN system value. </li>
</ul>
</td>
<td valign="top" width="25.63451776649746%" headers="d0e42 "><ul><li>Allow access to all objects.</li>
<li>Resource security active.</li>
<li>User profile created automatically.</li>
<li>Programs that use unsupported interfaces fail at run time.</li>
<li>Enhanced hardware storage protection supported.</li>
<li>Pointers used in parameters are validated for user domain programs running
in system state.</li>
<li>Message handling rules are enforced between system and user state programs.</li>
<li>A programs associated space cannot be directly modified.</li>
<li>Internal control blocks are protected.</li>
</ul>
</td>
</tr>
<tr><td valign="top" width="24.873096446700508%" headers="d0e34 ">40 (high or strict security) <sup>2</sup></td>
<td valign="top" width="24.111675126903553%" headers="d0e36 ">Protect from undocumented system interfaces</td>
<td valign="top" width="25.380710659898476%" headers="d0e40 "><ul><li>User name required to sign on.</li>
<li>Password required to sign on.</li>
<li>Password security active.</li>
<li>Menu and initial program security active.</li>
<li>Security auditing capabilities available.</li>
<li>Programs that contain restricted instructions cannot be created or recompiled. </li>
<li>*USRSPC, *USRIDX, and *USRQ objects can be created only in libraries specified
in the QALWUSRDMN system value. </li>
<li>Pointers used in parameters are validated for user domain.</li>
<li>A programs associated space cannot be directly modified. </li>
<li>Internal control blocks are protected.</li>
</ul>
</td>
<td valign="top" width="25.63451776649746%" headers="d0e42 "><ul><li>Allow access to all objects.</li>
<li>User profile created automatically.</li>
<li>Message handling rules are enforced between system and user state programs. </li>
</ul>
</td>
</tr>
<tr><td valign="top" width="24.873096446700508%" headers="d0e34 ">50 (high or strict security) <sup>3</sup></td>
<td valign="top" width="24.111675126903553%" headers="d0e36 ">Enhance protection of system interfaces</td>
<td valign="top" width="25.380710659898476%" headers="d0e40 "><ul><li>User name required to sign on.</li>
<li>Password required to sign on.</li>
<li>Password security active.</li>
<li>Menu and initial program security active.</li>
<li>Security auditing capabilities available.</li>
<li>Programs that contain restricted instructions cannot be created or recompiled.</li>
<li>*USRSPC, *USRIDX, and *USRQ objects can be created only in libraries specified
in the QALWUSRDMN system value.</li>
<li>Pointers used in parameters are validated for user domain.</li>
<li>A programs associated space cannot be directly modified.</li>
<li>Internal control blocks are protected.</li>
</ul>
</td>
<td valign="top" width="25.63451776649746%" headers="d0e42 "><ul><li>Allow access to all objects.</li>
<li>User profile created automatically.</li>
</ul>
</td>
</tr>
<tr><td colspan="4" valign="top" headers="d0e34 d0e36 d0e40 d0e42 "><ol><li>Security level 10 is no longer supported. If you change from security
level 10 to 20, 30, 40 or 50, you will not be able to change it back to level
10.</li>
<li>IBM ships
all new systems with a security level of 40. IBM strongly recommends that you leave the
security level set to 40.</li>
<li>At security level 50, no system internal control blocks can be modified.
In comparison some system internal control blocks can be modified at security
level 40.</li>
</ol>
</td>
</tr>
</tbody>
</table>
</div>
<p><span class="uicontrol">Relationship to your security policy</span></p>
<div class="p">In your security policy, you try to maintain a balance between protecting
your assets, user access, and system performance. If the system contains highly
confidential material or information that would seriously compromise your
business if it was lost or stolen, that system would require a higher security
level than a system that contains less sensitive information. In addition,
you may have a system that is connected to an insecure network, such as the
Internet and could be potentially targeted for an attack. These systems also
need a higher security level to protect them. <div class="note"><span class="notetitle">Note:</span> Security level alone does
not protect systems connected to insecure networks from attack. If you are
planning to connect to the Internet or any other insecure network, you need
analyze the risks not only to your system but also your entire network. </div>
</div>
<div class="p">
<div class="tablenoborder"><a name="seclvl__quickref"><!-- --></a><table cellpadding="4" cellspacing="0" summary="" id="seclvl__quickref" frame="border" border="1" rules="all"><caption>Table 2. Quick reference. Provides
details for the security level system value.</caption><thead align="left"><tr valign="bottom"><th valign="bottom" id="d0e244">iSeries Navigator name</th>
<th valign="bottom" id="d0e248">Security level</th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e244 ">Character-based interface name</td>
<td valign="top" headers="d0e248 ">QSECURITY</td>
</tr>
<tr><td valign="top" headers="d0e244 ">Authority</td>
<td valign="top" headers="d0e248 "><p>All object (*ALLOBJ)<br />
Security administrator (*SECADM)</p>
<div class="note"><span class="notetitle">Note:</span> The Security Officer (QSECOFR) user profile is shipped with
these authorities. </div>
</td>
</tr>
<tr><td valign="top" headers="d0e244 ">How to access</td>
<td valign="top" headers="d0e248 "><div class="p"><strong>iSeries Navigator</strong><ol><li>Expand <span class="menucascade"><span class="uicontrol">Security</span> &gt; <span class="uicontrol">Policies</span></span>.</li>
<li>Right click <span class="uicontrol">Security Policy</span> and select <span class="uicontrol">Properties</span>.</li>
<li>On the <span class="uicontrol">General</span> page, you will find the options
for security level.</li>
</ol>
</div>
<div class="p"><span class="uicontrol">Character-based interface</span><ol><li>In the character-based interface, type <samp class="codeph">WRKSYSVAL QSECURITY</samp>.</li>
</ol>
</div>
</td>
</tr>
<tr><td valign="top" headers="d0e244 ">Changes take effect</td>
<td valign="top" headers="d0e248 ">At next restart of the server</td>
</tr>
<tr><td valign="top" headers="d0e244 ">Default value</td>
<td valign="top" headers="d0e248 ">40 (Protect from undocumented system interfaces)</td>
</tr>
<tr><td valign="top" headers="d0e244 ">Recommended values</td>
<td valign="top" headers="d0e248 ">40 (Protect from undocumented system interfaces)</td>
</tr>
<tr><td valign="top" headers="d0e244 "><a href="rzamvlockdown.htm">Lockable</a></td>
<td valign="top" headers="d0e248 ">Yes</td>
</tr>
<tr><td valign="top" headers="d0e244 ">Special considerations</td>
<td valign="top" headers="d0e248 ">If you change from security level 10 to 20, 30, 40 or
50, you will not be able to change back to level 10. </td>
</tr>
</tbody>
</table>
</div>
</div>
<p>For more detailed information about this security value, see Chapter 3,
"Security System Values" in <a href="../books/sc415302.pdf" target="_blank">Security Reference</a>.</p>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvgensecsysval.htm" title="General security system values provide the cornerstone for your security policy.">General security system values</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink