One of the 1st things to restrict is the users ability to use Win Explorer
or other
such tools to "roam" thru the entire system (the ifs is all files systems,
including
the QSYS.LIB file system). IBM supplies an auth list call QPWFSERVER
that controls Explorer type functions. A user authorized this auth list can
"explore".
I would suggest changing to *public authority to *exclude (default is *use).
This will not stop Ops Nav exploring, but normal users should not have
OpsNav
functions.
btw-any cmd line user with access to wrklnk cmd can do same exploring.
think about commands such as:
del (delete) also rmvlnk and erase
cpy and copy and mov and move and rnm and ren(rename)
all the link commands (go cmdlnk)
secure ftp use (can get & put files into or from the ifs)

this is a very long subject and have barely scratched the surface.
read Implementing AS/400 Security by Carol Woodbury & Wayne Madden
read the Tips & Tools for Securing Your AS/400 (previous releases or
probably
now lost in the cd.
Check out Security Advisor in Ibm's Tech Studio
http://www.iseries.ibm.com/tstudio/

Very short story - am in the process of cleaning up at a customer, where a
net tech loaded Ops Nav on the receptionist pc, she stayed 2 months and
left.
Somehow her profile now owns several major directories in the ifs, including
QIBM.
(this customer never wanted to spend the time for a truly secure system)
hth
jim franz

----- Original Message -----
From: "Joel Fritz" <JFritz@sharperimage.com>
To: <midrange-l@midrange.com>
Sent: Monday, January 14, 2002 5:49 PM
Subject: RE: Securing the IFS


> The simple answer is: "lots of ways." <g>
>
> At the simplest level you can use either wrkaut or ops nav to set up
> permissions on files, directories, and shares.  Depending on how your
system
> security is set up you can do all sorts of things with groups. I suspect
> there may be something you can do with the netserver shares from the
> NT/w2k/xp side also.
>
> > -----Original Message-----
> > From: Wills, Mike N. (TC) [mailto:MNWills@taylorcorp.com]
> > Sent: Monday, January 14, 2002 2:18 PM
> > To: Midrange - Tech (E-mail)
> > Subject: Securing the IFS
> >
> >
> > How do I secure the IFS folders? We have just started to really take
> > advantage of it and I would like to make sure the users can
> > only see what we
> > let them. We are on V4R5 and our users are on CA or CAE (we
> > user both).
> >
> > Mike Wills
> > Taylor Corporation
> > IT Corporate Support
> > mnwills@taylorcorp.com
> > Phone: (507) 386-3187
> >
> > _______________________________________________
> _______________________________________________
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
> To post a message email: MIDRANGE-L@midrange.com
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
> or email: MIDRANGE-L-request@midrange.com
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>
>




As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.