× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. July 2002

Re: Security Questions

Mike,
See my comments in-line.
Chuck

----- Original Message -----
From: "Wills, Mike N. (TC)" <MNWills@taylorcorp.com>
To: <midrange-l@midrange.com>; "Midrange - Security (E-mail)"
<security400@midrange.com>
Sent: Tuesday, July 16, 2002 4:49 PM
Subject: Security Questions


<snip>
>
> 1) What have you guys done to maintain security?
<Vendor Plug>Install Security Sentry/400</Vendor Plug>
Seriously, a good monitoring program can help watch for security holes and
potential threats.  There are several good packages out there (including
ours, I think) depending on your needs.  There are both monitoring packages,
as well as packages that will help implement tighter security.
>
> 2) How do you create new users? Do you have a "general" user which you
copy
> from? Do you start from scratch?
Look at using authorization lists for different job descriptions.  Then you
can have a set of basic, no special authority, template users that you can
copy and then add to the appropriate lists.
>
> 3) How do you eliminate the possibility of a user using the username for a
> password and not allow 'password' for a password?
A password validation program can do this for you.  (System value
QPWDVLDPGM)
>
> 4) How often do you review the users and security?
Depends on what you mean by review.  Could be daily, weekly, or monthly
(reviewing various reports from the monitoring software).
>
> 5) Payroll notifies us when people quit or have moved to a new position,
but
> it doesn't tell us when remote users quit or have moved on. How do you
> handle this?
How about running a monthly report that shows user profiles that haven't
been used in the past 30 days?  Then you can evaluate those profiles.
>
> Any suggestions would be appreciated.
You may find the following resources helpful:
Security Reference manual:
http://publib.boulder.ibm.com/pubs/html/as400/v5r1/ic2924/books/c4153025.pdf
Tips & Tools for Securing manual:
http://publib.boulder.ibm.com/pubs/html/as400/v5r1/ic2924/books/c4153005.pdf
There is also the Security Technical Studio that has the Security Advisor
that can help you examine some of your system's security settings:
http://www.redbooks.ibm.com/tstudio/secure1/secdex.htm
And of course, the beloved Information Center has a security section:
http://publib.boulder.ibm.com/pubs/html/as400/v5r1/ic2924/info/rzahgicsecuri
ty.htm

>
> Mike Wills

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.