× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. October 2002

Re: Fix Security (was: Paging file)

From: Steve Landess <steve_landess@hotmail.com>

> SO, what is the solution to the problem, Leif?
>
> What can IBM do to fix it?  Create a new level of system security?

Steve,

The programs that Leif writes about that can manufacturer pointers or
change themselves to system state are all patched programs. You can improve
the security of your system by preventing patch programs from being
restored onto it. One of the first steps to good security on iSeries is to
only use programs that are created with the trusted translator.

Some of my recommendations for best security are:

1. Move to the latest release of OS/400. With each new release IBM
continues to improve the security and integrity of the system. Once on the
latest release be sure to install PTFs for security and integrity fixes.

2. Set the QSECURITY (security level) system value to 40 or 50.

3. Set the QVFYOBJRST (verify object on restore) system value to 3 or
higher to verify the signatures of programs (in V5R1) and commands (in
V5R2) restored onto the system.

4. On V5R2, set the QFRCCVNRST (force conversion on restore) system value
to 6 or 7 to force the retranslation of all restored programs. If the
program was patched this will remove the patches. If the program does not
have observability it will not be restored to the system.

5. On V5R2, use the STRSST option to lock down the security relevant system
values. This will prevent installed user state programs from changing these
system values.

6. Let only trusted people use DST/SST.

Ed Fishel,
edfishel@us.ibm.com

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.