|
midrange.com
Cheryl,
Cheryl Bisson wrote:
>
> Our production box is set to a security level of 30. My manager wants it at
>40. What are the pros and cons? Where would I start?
> Thanks for the help
> Cheryl Bisson
> CTG
Congratulations, you are doing the right thing!
Your part is really quite easy. You have to check your system for
any programs (usually vendor writtten) that violate the level 40
rules. Here's a step by step for that part.
1) If It's not already activated, turn of the Security Audit
Journal (QAUDJRN) and monitor for Program Failures
CHGSECAUD QAUDCTL(*AUDLVL) QAUDLVL(*PGMFAIL)
2) Wait a goodly amount of time so that you can build up some
history (at least a week, maybe longer).
3) Reveiw the journal entries for a program failures that violate
QSECURITY level '40'. These would appear in the QAUDJRN journal
as CODE 'T', and any of the following TYPES:
B Restricted instruction use
C Validation failure
D Object domain or storage protect failure
R Hardware protection error
If any programs generate these types of journal entries, you will
need to refer to the program's author to get a "fixed" version of
the program that will operate at QSECURITY level '40'. At this
point I'm not aware of a single company that does not have a Level
'40' compliant version of their software (that doesn't mean that
none exists..... list members?)
You could also receive a one of these two errors:
J Submit job profile error
S Default sign-on attempt
These are simple enough to fix yourself. If you receive a 'J'
type, it means that a user is submitting a job and the JOBD they
are using contains a user profile that the user is not authorised
to. At level 30 this will work, but it is blocked at level 40.
A 'S' type is an indication that a subsystem allows signon without
using a password. This is typically used for kiosk, or shared
terminals, and is unsupported at level '40'. If you get 'S'
types, you'll have to fix the subsystem description that allows
automatic signon.
There are some other codes that could be generated by the *PGMFAIL
audit level, but they are not important to Level 40 security.
Cheryl, this is just an overview. Refer to the Security Manuals
to get the straight scoop.
HTH,
jte
>
> +---
> | This is the Midrange System Mailing List!
> | To submit a new message, send your mail to MIDRANGE-L@midrange.com.
> | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
> | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
> | Questions should be directed to the list owner/operator: david@midrange.com
> +---
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
