• Subject: Re: AS/400 Security
  • From: MacWheel99@xxxxxxx
  • Date: Mon, 22 Jan 2001 13:30:41 EST

Level 50 is better security than level 10 but does your software work on the 
highest OS/400 security settings?  Probably not.

You should start with the basic IBM manuals on OS/400 security, that talk 
precisely about risks from PC connections to software designed for twinax era 
& what to do to protect yourself, but unfortunately much of the IBM security 
advice assumes you purchased corporate software from a vendor that cares 
about security.  

What we need are documents that tell us what is the best security we can get 
with an individual package that thousands of enterprises are running which is 
designed to mess up OS/400 security efforts.  One guide for each of the 
packages, so that users of those packages know what they can do, instead of 
being frustrated at IBM advice to do things that will cause the packages to 
quit working.

If you do not have access to the standard IBM manuals that come with every 
AS/400, I suggest you visit 
http://www.as400.ibm.com/tstudio/secure1/advisor/secwiz.htm

You might also check the archives of this discussion group
http://archive.midrange.com

there have been extensive discussions of various AS/400 Security Challenges.
As my time permits, I have been revieing our own Security to see what is 
practical to improve, which is leading to some tinkering with System Values 
... I could send you off-line some cut & paste from my security learning 
curve if you interested.

Do you have software that is based on certain file layout definitions, such 
that if PC users were to change the file layouts the software would break?  
Do the PC users who are doing file transfers know that, or is their level of 
400 literacy such that you just have to cross your fingers?

MacWheel99@aol.com (Alister Wm Macintyre) (Al Mac)
AS/400 Data Manager & Programmer for BPCS 405 CD Rel-02 mixed mode (twinax 
interactive & batch) @ http://www.cen-elec.com Central Industries of 
Indiana--->Quality manufacturer of wire harnesses and electrical 
sub-assemblies - fax # 812-424-6838

> From: freiss47@yahoo.com (Frank Reiss)
>   
>  What is the difference between level 30 and 40 - I had always thought that 
> 40 was a better choice. Also, what are some of the basic security concerns 
on 
> the AS/400, on a system that has no connection to the internet, but does 
have 
> PC file transfers. 
>  
>  If there is a FAQ on all this kindly direct me to it.
>  
>  Thanks,
>  
>  Frank


+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].