× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. August 2008

Re: How do you manage your QSECOFR profile and other Q profiles?

We have different IT people with different view points on this.
1. 100% of our Q profiles either cannot be signed on period, or have a
password different from how it came from IBM.
2. There are consultants we trust, and consultants in another category.
Invariably we are told by higher management to give them whatever they need,
then when they are done, we undo some of the bone headed things they did to
our security, and change all the security passwords.
3. We have security auditing going on, with job scheduler sending recent
report to a particular OUTQ eevery nite, for us to study next morning &
react accordingly to the latest bad stuff.
4. After turn-over with a bunch of people who worked high management & knew
passwords of tons of people, including those used by IT, management was
persuaded to change our IP address, in addition to IT changing all passwords
for IT.
5. I am frequently called away from my desk while I am in middle of signed
on ... I hate to close out what I was in middle of, such as changing a
program, but I also hate to leave my work station unattended ... thus I have
several sign ons, one I use ONLY for security work, and I always sign THAT
off when I am called away from my work area.
6. Our security auditing caught instances of
* management people left their offices open when went to lunch
* unknown person went into manager office-A, buessed up to maximum for
passwords until hit ceiling & plug pulled on that office
* unknown person went next door, same thing
* next door, same thing
I showed evidence to occupants of those offices, who now close & lock them
when they going to be away for a while.

Al Macintyre
at and even smaller shop than yours

We have a small shop and the five of us - two developers, an
administrator, a manager and a VP - all have powerful enough
profiles that we rarely need to sign on as QSECOFR or any other Q profile.

Because of the powerful profiles we have, we don't really have a
policy on usage of the QSECOFR profile but I need to write a policy
and manage the QSECOFR profile properly. What's the best practice
here? Should just one person know it and keep it a record of it in
the safe, so if he's not here, someone can at least get at it?

What about changing it? It seems kind of senseless and error prone
to change it every ninety days in accordance with the rest of our
policy if it hasn't been used in 90 days.

QSYSOPR hasn't been used since August 2000. Do any of you use the
QSYSOPR profile? I'm thinking the administrator (that'd be me)
should start using it as a day to day profile just for tracking
purposes.

Bryan Burns
iSeries Specialist
ECHO, Incorporated
Lake Zurich, Illinois

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To
subscribe, unsubscribe, or change list options, visit:
http://lists.midrange.com/mailman/listinfo/midrange-l or email:
MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment
to review the archives at http://archive.midrange.com/midrange-l.


--
WOW! Homepage (http://www.wowway.com)


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.