MC Press Online
Welcome to the MC Press Online!
Need help withour eBooks?
Click here, to go to our main store

  MC Press Online eBookStore  

IBM i Security Administration and Compliance
preview of book IBM i Security Administration and Compliance
text of book IBM i Security Administration and Compliance

IBM i Security Administration and Compliance

Publisher: MC Press Online
Publication Date: May 2012
Subject: Computer: Security
Category: System Admin
Number of Pages: 369

Free Preview    Email to Friend   Add to wish list
 Available as: (for format`s description click on its name)
Individual E-Version (PDF) Individual E-Version (PDF) ISBN: 978-1-58347-373-3  
 Reg.: $
69.99 per N pages
 You Save: 
$22.40 (32%)
 Online  Open CopyPrint    
all time
Printed Edition   see MC Press Online    
About this title
In this practical and highly readable guide---an update to her acclaimed IBM i & i5/OS Security & Compliance: A Practical Guide---security expert Carol Woodbury explains IBM i security and the way it functions within IBM i systems.

Writing in a clear, jargon-free style, Carol explains the importance of developing a security policy and details how to implement and maintain a compliant system. Throughout the book, which has been updated throughout for V7, she shares insights and recommendations based on her extensive experience designing and implementing security on IBM systems.

System security levels, user profiles, service tools, encryption, auditing, compliance, security administration, and incident response are among the topics covered. Internet and network security, as well as security considerations for IT personnel, vendors, and consultants, are discussed, and a full explanation of the IBM i security audit journal is provided. An all-new chapter focuses on security administration, highlighting the areas that need attention and explaining how to manage them effectively.

Carol also shares her methodology for successfully implementing an object-level security project, describing in detail the process of determining a system's current security settings, default access requirements, process access, and the rollout of new application security models.

Whether you're a new system administrator who needs to learn the basics of IBM i security, a seasoned veteran whose organization is required to be in compliance with certain laws or regulations, a security administrator who wants to understand how to more efficiently manage security on IBM i, or an auditor assigned to evaluate an IBM i shop, this book contains essential explanations that enable you to succeed. Every IBM i security and system administrator, security officer, compliance officer, and auditor will want to take advantage of the resources available in this book to help protect their systems from unauthorized activities and unplanned events.

With IBM i Security Administration and Compliance, you will:
  • Gain the knowledge you need to secure your IBM i system
  • Discover security best practices
  • Receive a comprehensive introduction to role-based access
  • Learn a methodology for implementing IBM i object-level security
  • Understand the issues your organization needs to address for audit and compliance requirements
  • Learn techniques for more efficiently and effectively administering security
  • Learn about helpful system tools and commands for managing IBM i security
About author
Carol Woodbury
Carol Woodbury is president of SkyView Partners, Inc., a firm she co-founded in 2002 that specializes in security policy compliance software and remediation services. Prior to forming SkyView Partners, Carol worked for IBM in Rochester, Minnesota, serving for more than 10 years as the AS/400 Security Architect and Chief Engineering Manager of Security Technology for IBM's Enterprise Server Group. During this time Carol provided security architecture and design consultations with IBM Business Partners and large AS/400 customers.

Carol is known worldwide as an author and award-winning speaker on security technology, specializing in IBM i and i5/OS security issues. She has authored three previous books on IBM i and i5/OS security. She also serves as a technical expert on security for numerous publications.

Carol is Certified in Risk Management and Information Systems Control (CRISC). You can follow Carol on Twitter @carolwoodbury.

Chapter 1: Security The Reasons You're Reading This Book
Evaluating Your Risks
Evaluating the Threats
Managing the Strategic Issues
   Control Access to Applications, Data, and Systems
   Review Requirements and Maintain Compliance
Getting Started
Don't Close the Book

Chapter 2: Policies and Procedures
Your Security Policy
   Physical Security
   Responsible Parties
   Data Classification
   Network Connections
   Application Design
   Platform-Specific Issues
   Employee Guidelines
   Notification, Enforcement, and Compliance
Business Events and Procedures
Getting Started with Your Policy
Legal Review

Chapter 3: Security at the System Level
The System Security Level
   System Value QSECURITY
   Security Level 20
   Security Level 30
   Security Level 40
   Security Level 50
   Moving to Security Level 40 or 50
Security-Related System Values
   General Security System Values
   Password-Related System Values
   Audit-Related System Values
Locking Down Security-Related System Values
A Helpful Tool

Chapter 4: The Facts About User Profiles
What Are User Profiles?
User Profile Attributes
   USRPRF (User Profile)
   PASSWORD (User Password)
   PWDEXP (Set Password to Expired)
   LCLPWDMGT (Local Password Management)
   PWDEXPITV (Password Expiration Interval)
   PWDCHGBLK (Block Password Change)
   STATUS (Profile Status)
   USRCLS (User Class) and SPCAUT (Special Authority)
   Initial Sign-On Options
   System Value Overrides
   Group Profiles
   UID (User Identification Number) and GID (Group Identification Number)
   USREXPDATE (User Expiration Date) and USREXPITV (User Expiration Interval)
   AUT (Authority)
Private Authorities and User Profiles
Helpful Tools
Navigator for i
Copying User Profiles
Validation List Users
   Security Implications of Validation List Users

Chapter 5: Service Tools Security
Service Tools User IDs
   Service Tools User ID Passwords
Service Tools Functional Privileges
Service Tools Features in V6R1
Device Profiles
The Work with System Security Panel
Monitoring Service Tools Use
Service Tools Security Recommendations

Chapter 6: Object-Level Security
Private Authorities
   Object Authorities
   Data Authorities
   Authority Relationships
   Authority Groupings
Group Profiles
   Multiple Group Profiles
   Why Grant Authority to Group Profiles?
Public Authority
Establishing Public Authority
Using Default Public Authority
Authorization Lists
How IBM i Checks Authority
   Authority Checking Example: Precedence Between Users and Groups
   Authority Cache
Adopted Authority
   Adopted Authority Example
Authorities and Save/Restore Functions
Object Ownership
Limit User Function
Helpful Tools
Navigator for i

Chapter 7: Security Considerations for the IFS
IFS Authorities
Managing Authorities to IFS Objects
   File Attributes
   Adopted Authority and the IFS
   Auditing Objects in the IFS
File Shares: Accessing Objects in the IFS
Gotchas and Helpful Hints
   General Cautions
   Creating New Objects
   Copying Objects
   Virus Scanning
Security Recommendations
   *PUBLIC Authority for Application and User Directories
   *PUBLIC Authority for IBM-Supplied Directories
   Determining Appropriate Authority
   Home Directory
   Web Applications
   QPWFSERVER Authorization List
   Review (and Remove) File Shares
   Final Advice
Helpful Tools

Chapter 8: Securing Your Printed Output
Security-Related Output Queue Attributes
   DSPDTA (Display Data)
   OPRCTL (Operator Control)
   AUTCHK (Authority Check)
   AUT (Authority)
   *SPLCTL Special Authority
Output Queue Ownership
Sample Output Queue Security Implementation
Helpful Tools
Navigator for i

Chapter 9: Encryption
Encryption Basics
   Public Key Infrastructure
Transmission of Data
Encrypting Data in Files
   Identify the Scope of Your Project
   Architecting Your Application to Use Encryption
   The Key Is Key Management
Encrypting Backup Media
   What IBM Provides
   Encrypted Auxiliary Storage Pools
Disaster Recovery Considerations
Success Depends on Planning
Helpful Resources

Chapter 10: Connecting to the System
Physical Security
System Values
*IOSYSCFG Special Authority
Network Security Attributes
Security Considerations for TCP/IP
   Starting TCP/IP Servers
   Securing Ports
   Internal Addresses
   IP Packet Filtering
   DRDA and DDM
Security Considerations for PCs
   IBM i Access for Windows
   ODBC Security Considerations
   IBM i Access for Web
Using Exit Points
Management Central
Secure Communications
   Digital Certificates
   Secure Sockets Layer
   Digital Certificate Manager
   Virtual Private Networks
   Secure Shell
Wireless Considerations
Helpful Tools
Navigator for i
IBM Director

Chapter 11: Internet Security
Determine Your Risk
The Process
Corporate Security Policy
Internet Service Provider
System Values
User Profiles
Resource Security
Controlling What Goes On
Secure Web Applications
Exit Programs
   Intrusion Detection
Security Considerations for Outsourcing and the Cloud
   Security Configuration
Testing and Evaluation
Business Contingency Plan
Be Careful Out There

Chapter 12: Evaluating Applications' Current Implementations and Designing New Ones
From the Beginning
Design Considerations
   What Roles Will Use the Application?
   Common Authorization Schemes
   Application Ownership
   Which Profile Runs the Application and Is There Adequate Logging?
   Does the Application Require a Powerful Profile?
   What Kind of Audit Trail Does the Application Require?
Implementation Details
   Set IBM i Authorities
   Define *PUBLIC Authority
Security Questionnaire for Vendors
   Secure Job Descriptions
   Manage Your Library List
   Make Library-Qualified Calls
   Don't Store Passwords in Clear Text
Testing, Testing
Moving Forward

Chapter 13: Role-Based Access
Defining the Roles
Group Profiles
Why Group Profiles?

Chapter 14: Role-Based Access for IT
Security and Your IT Staff
Identify the Roles
Define a Secure Environment for Each Business Function
   Network Administrator for IBM i
   Help Desk
   System and Security Administrators
Security for Vendors and Consultants
   Vendor Support
   Consultant Practices
Role-Based IT Access

Chapter 15: Auditing
The History Log
   History Log Housekeeping
   Inside Information
The Security Audit Journal
The Audit Journal
Auditing Controls
System-Wide Auditing
   Other Auditing Values
User Auditing
Object Auditing
   Object Auditing for New Objects
Event-Auditing Recommendations
   Auditing Controls Security Recommendations
   System and User Event-Auditing Security Recommendations
   Object-Auditing Recommendations
Working with the Audit Journal
   Understanding Journal Entry Formats
Displaying and Printing Audit Journal Entries
   Using the DSPAUDJRNE Command to Display Entries
   Using the DSPJRN Command to Display Entries
   Using the CPYAUDJRNE Command
Reporting on Activities from the Information in the Audit Journal
Benefits of the IBM i Architecture
Helpful Tools
Navigator for i

Chapter 16: Implementing Object-Level Security
Determine the Scope of Your Project
High-Level Design of the Architecture
Building the Big Picture
   Collecting the Information
   Dynamic SQL
Decision Points
   Owning All Application Objects Rather Than Being Authorized
   What Adopts
   Authorization Lists
   *PUBLIC Authority
Making Changes to the Application
Rolling Out the Changes
   Changes to Change Management
When Something Breaks: Debugging and Recovery Techniques
Making Sure the Changes Stick

Chapter 17: Security Administration
Remove Obsolete Objects
System Values
User Profiles
Managing Authorities
Regular Reviews
Controlling Who Can Do What
   Integrated File System (IFS)
Regular Updates

Chapter 18: Maintaining Compliance
Evaluating the Key Areas
   System Values
   User Profiles
   Object Authority
An Annual Security Assessment
Regular Reviews
   Group Profile Membership and Special Authority Assignments
   Authorization Lists
Policies and Processes

Chapter 19: Preparing for the Worst: Creating a Security Incident
Response Plan
Be Prepared
   Assembling the Incident Response Team
   Responding to an Incident
   Data Preservation
   Performing the Investigation
   Be Proactive
Make Sure You're Saving the Right Information
   Saving Security Data
   Restoring Security Data
Re-Creating the System After a Breach

Chapter 20: Creating a Security Awareness Program
What Method Do I Use to Communicate?
Getting Started

Related titles
Control Language Programming for IBM iControl Language Programming for IBM i
IBM i5/iSeries PrimerIBM i5/iSeries Primer
IBM Mainframe SecurityIBM Mainframe Security
IBM System i APIs at WorkIBM System i APIs at Work
Identity Management: A PrimerIdentity Management: A Primer
Understanding AS/400 System OperationsUnderstanding AS/400 System Operations
  Special Offer Code  
Enter your Special Offer Code here:
  Search for  

  Our Products  
Browse all »»
DB2 9 Fundamentals: Certification Study Guide (Exam 730)
From Idea to Print, Chapter 02: First Steps--Technical Articles
DB2 10 for z/OS Database Administration (Exam 612), Chapter 13: Stored Procedures

If download option is selected, Adobe Acrobat 5.0 or lateris requiredto read our e-books*

*Windows PC, Mac OS9/OSX, and Linux