RE: Buying an Exit point program -- MIDRANGE-L

<<snippet>>>
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx]On Behalf Of Burns, Bryan
Sent: Friday, May 23, 2003 1:24 PM
To: 'Midrange Systems Technical Discussion'
Subject: RE: Buying an Exit point program


What great benefits could we expect at level 40?
<<<end snippet>>>

from IBM's site, makes for easy understanding:

Choosing your security level
The QSECURITY system value lets you control how much security you want on
your system. To understand how the security levels work, think of your
system as a building, where people are trying to enter.



Level 20: Password security
If you select level 20, you have some security protection. The guard at the
door to the building asks for identification and a secret password. Only
people who have both are admitted to the building. But once people are
inside, they can go anywhere and do anything they want.
If someone overhears a secret password and uses it to get past the guard at
the door, you have no protection.


Level 30: Password and resource security
Level 30 gives you everything you had at level 20, plus you can control who
goes to certain parts of your building and what they do when they get there.
You can designate some parts of your building as public, while others are
restricted with guards at the doors.
You can allow people who have access to restricted sections to do anything
they want, or you can require that they make their requests for information
to authorized information clerks (programs). An intruder who gets in using
someone else's password might still have to get past the inside guards to
get to protected sections.


Level 40: Integrity protection
At level 40, you get all the protection of level 30, but the system verifies
a user's access. The guards at the doors inside the building checks the
passwords and logs all users entering the room.

Level 50: Advanced integrity protection
At level 50, the guards enforce an even stricter set of rules to prevent a
person with special knowledge from getting past the restricted doors by
validating the identity of anyone who signs the log.
Recommendations

As of V3R7, iSeries ship with a security level of 40. Security level 40 is
the best choice for most installations, whether your security policy is
strict, average, or relaxed. If you choose a relaxed approach, you can set
up public access to most of the resources on your system. By using security
level 40 from the very beginning, you have the flexibility to make your
system more secure in the future without making many changes.

If you are buying application programs, check with your application provider
to make sure the programs have been tested at level 40. Some applications
use operations that cause errors at security level 40. If your applications
have not been tested at level 40 or 50, start with level 30. Use the audit
journal function to see if your applications log authority failures. If not,
you can change to level 40 or 50.

Security level 50 prevents events that do not normally occur on most
systems. The system does additional checking whenever programs are run on
your system. This additional checking may have a negative effect on
performance.

After you enter your choice for security level on the System Values
Selection Form, you can choose system values that affect sign on.