Experts' Guide to OS/400 and i5/OS Security,9781583040966

Experts' Guide to OS/400 and i5/OS Security

by ;
ISBN13: 9781583040966
ISBN10: 158304096X
Format: Paperback
Pub. Date: 2004-05-01
Publisher(s): PENTON
List Price: $79.00

Rent Book

Select for Price
Add to Cart
There was a problem. Please try again later.

New Book

We're Sorry
Sold Out

Used Book

We're Sorry
Sold Out

eBook

We're Sorry
Not Available

Buy from our Marketplace starting at $47.41

How Marketplace Works:

  • This item is offered by an independent seller and not shipped from our warehouse
  • Item details like edition and cover design may differ from our description; see seller's comments before ordering.
  • Sellers much confirm and ship within two business days; otherwise, the order will be cancelled and refunded.
  • Marketplace purchases cannot be returned to eCampus.com. Contact the seller directly for inquiries; if no response within two days, contact customer service.
  • Additional shipping costs apply to Marketplace purchases. Review shipping costs at checkout.

Table of Contents

Preface xxi
Security Is a Business Function
1(8)
Evaluating Your Risks
2(2)
Confidentiality
2(1)
Integrity
2(1)
Availability
3(1)
Privacy
4(1)
Evaluating the Threats
4(1)
Managing the Strategic Issues
5(2)
Control Access to Applications, Data, and Systems
5(1)
Establish and Perform Security Auditing
6(1)
Build and Test a Business Contingency Plan
6(1)
Getting Started
7(1)
Don't Close the Book
8(1)
Policies and Procedures
9(8)
Your Security Policy
9(5)
Physical Security
10(1)
Document and Data Classification
10(1)
Responsible Parties
10(1)
Data Ownership and Access Control
11(1)
Network Connections
11(1)
Application Design
12(1)
Platform-Specific Issues
12(1)
Employee Guidelines
13(1)
Notification, Enforcement, and Compliance
13(1)
Business Events and Procedures
14(1)
Maintaining Security Policies and Procedures
15(1)
Legal Review
15(2)
Security at the System Level
17(42)
The System Security Level
17(1)
System Value QSECURITY
17(1)
Security Level 10
18(1)
Security Level 20
18(1)
Security Level 30
19(1)
Security Level 40
20(3)
State and Domain Restrictions
21(1)
Use of Restricted MI Instructions
21(1)
Job Initiation Validation
22(1)
Restoration of Modified Programs
22(1)
Parameter-Passing Validation
23(1)
Why Use Security Level 40?
23(1)
Security Level 50
23(2)
Message Restrictions and Pointer Removal
23(1)
Prevention of Control-Block Modification
24(1)
QTEMP Library Maintenance
24(1)
Why Use Security Level 50?
25(1)
Moving to Security Level 40 or 50
25(31)
Security-Related System Values
26(1)
General Security System Values
26(17)
Password-Related System Values
43(7)
Audit-Related System Values
50(6)
Locking Down Security-Related System Values
56(1)
A Helpful Tool
56(1)
iSeries Navigator
56(2)
A Secure Foundation
58(1)
The Facts About User Profiles
59(28)
What Are User Profiles?
59(1)
User Profile Attributes
60(10)
Usrprf (User Profile)
61(2)
Password (User Password)
63(1)
Pwdexp (Set Password to Expired)
64(1)
Status (Profile Status)
65(1)
Usrcls (User Class) and Spcaut (Special Authority)
65(4)
Initial Sign-On Options
69(1)
LMTCPB (Limit Capabilities)
70(5)
System Value Overrides
71(1)
Group Profiles
71(2)
UID (User Identification Number) and GID (Group Identification Number)
73(1)
AUT (Authority)
73(2)
Private Authorities and User Profiles
75(1)
Helpful Tools
75(1)
iSeries Navigator
76(2)
Validation List Users
78(9)
Security Implications of Validation List Users
85(2)
Service Tools Security
87(20)
Service Tools User IDs
88(4)
Service Tools User ID Passwords
90(1)
Default Password Policy Details
90(1)
Alternate Password Policy Details
91(1)
Choosing a Password Policy
92(1)
Service Tools Functional Privileges
92(8)
Making Use of Functional Privileges
99(1)
Device Profiles
100(2)
The Work with System Security Panel
102(3)
Monitoring Service Tools Use
105(1)
Service Tools Security Recommendations
106(1)
Object Authorization
107(26)
Specific Authorities
107(5)
Object Authorities
108(1)
Data Authorities
109(1)
Authority Relationships
110(1)
Authority Classes
111(1)
Group Profiles
112(2)
Multiple Group Profiles
113(1)
Why Grant Authority to Group Profiles?
114(1)
Public Authority
114(4)
Establishing Public Authority
114(2)
Using Default Public Authority
116(2)
Authorization Lists
118(2)
How OS/400 Checks Authority
120(2)
Authority Cache
122(1)
Adopted Authority
122(3)
Adopted Authority Example
123(2)
Authorities and Save/Restore Functions
125(1)
Object Ownership
126(2)
Limit User Function
128(2)
Helpful Tools
130(1)
iSeries Navigator
131(2)
Security Considerations for the IFS
133(16)
IFS Authorities
134(1)
Managing Authorities to IFS Objects
135(5)
File Attributes
138(1)
Adopted Authority and the IFS
139(1)
Auditing Objects in the IFS
140(1)
File Shares: Accessing Objects in the IFS
140(2)
Gotchas and Helpful Hints
142(2)
General Cautions
142(1)
Creating New Objects
143(1)
Copying Objects
143(1)
Virus Scanning
144(1)
Security Recommendations
144(3)
*Public Authority for Application and User Directories
145(1)
*Public Authority for IBM-Supplied Directories
145(1)
Determining Appropriate Authority
145(1)
Home Directory
146(1)
Web Applications
146(1)
Qpwfserver Authorization List
146(1)
Review (and Remove) File Shares
147(1)
Final Advice
147(1)
Helpful Tools
147(2)
Database Security
149(28)
Database file Authorities
149(1)
Controlling How Databases Are Accessed
149(14)
A Program Example
152(11)
Data Authorities and Logical Files
163(1)
Column Security
164(11)
Implementing Column Security
165(3)
A Program Example
168(7)
Row-Level Security
175(1)
What About SQL Tables and Views?
176(1)
Output Queue and Spooled File Security
177(20)
Security-Related Output Queue Attributes
177(3)
DSPDTA (Display Data)
178(1)
OPRCTL (Operator Control)
178(1)
AUTCHK (Authority Check)
178(1)
AUT (Authority)
179(1)
*Splctl Special Authority
179(1)
Output Queue Ownership
180(1)
Sample Output Queue Security Implementation
180(2)
An Output Queue Security Management Utility
182(13)
Helpful Tools
195(1)
iSeries Navigator
195(2)
Accessing OS/400 over the Network
197(28)
Physical Security
197(1)
System Values
198(1)
*IOSYSCFG Special Authority
198(1)
Network Security Attributes
198(2)
JOBACN
199(1)
PCSACC
199(1)
DDMACC
199(1)
Security Considerations for TCP/IP
200(12)
Starting TCP/IP Servers
200(1)
Session Time-out Value
201(1)
Securing Ports
201(1)
Securing Addresses
202(1)
IP Packet Filtering
202(1)
NAT
202(1)
PPP
203(1)
FTP
203(2)
LPR and LPD
205(1)
SMTP
205(1)
POP
206(1)
BOOTP and TFTP
207(1)
DHCP
208(1)
DNS
208(1)
REXEC
209(1)
Route D
209(1)
SNMP
209(1)
INETD
209(1)
DRDA and DDM
210(1)
DDM
210(1)
DRDA
211(1)
Security Considerations for PCs
212(4)
iSeries Access for Windows
212(1)
Connection Issues
212(1)
Data Transfer and Remote Command Issues
213(1)
Host Servers
213(1)
Limiting What Users See from the Desktop
214(1)
Microsoft Policies
214(1)
Application Administration
214(1)
Selective Install
214(1)
ODBC Security Considerations
215(1)
iSeries Access for the Web
215(1)
Using Exit Points
216(1)
Management Central
217(1)
Data Encryption
217(5)
Public Key Infrastructure
217(1)
Digital Certificates
218(1)
Secure Sockets Layer
219(1)
Digital Certificate Manager
220(1)
Virtual Private Networks
221(1)
Other Encryption Options
221(1)
System Requirements for OS/400 Encryption
222(1)
Wireless Considerations
222(1)
Helpful Tools
222(1)
iSeries Navigator
223(2)
Internet Security
225(14)
Determine Your Level of Risk Tolerance
225(1)
Corporate Security Policy
226(1)
Internet Service Provider
227(1)
Firewalls
228(1)
OS/400 System Values
229(1)
User Profiles
230(1)
Resource Security
231(1)
Controlling What Goes On
231(1)
Secure Web Applications
232(2)
Exit Programs
234(1)
Monitoring
235(1)
Intrusion Detection
235(1)
Denial-of-Service Attacks
235(1)
Security Configuration
236(1)
Testing
236(1)
Business Contingency Plan
236(1)
The Good News
237(2)
Single Sign-On
239(32)
Sign-on Terminology
239(1)
The Problem of Multiple User Registries
240(1)
OS/400's Single Sign-on Strategy
241(1)
Benefits of SSO
241(1)
Interfaces Enabled for Single Sign-on
242(3)
Planning for Single Sign-on
245(1)
Planning Your Kerberos Implementation
245(5)
Kerberos Prerequisites
246(1)
Time Synchronization
247(1)
Kerberos Planning Questions
248(2)
Enterprise Identity Mapping
250(4)
Planning an EIM Implementation
254(3)
Step 1: Identify and Meet All EIM Prerequisites
254(1)
Step 2: Identify Needed Skills, Roles, and Authorities
255(1)
Step 3: Plan Your EIM Domain
256(1)
Step 4: Plan Your EIM Domain Controller
257(1)
Binding Mechanisms
257(11)
Step 5: Develop Your EIM Identifier Naming Plan
261(1)
Step 6: Develop Your EIM Registry Definition Naming Plan
262(1)
Step 7: Plan Association Types
263(1)
Step 8: Plan EIM Associations for People and Entities
264(4)
Implementing Single Sign-on
268(1)
Security Issues Related to Single Sign-on
268(1)
Whew!
269(2)
Evaluating Current Implementations and Designing New Ones
271(12)
From the Beginning
271(1)
Design Considerations
272(7)
Who Will Use the Application?
273(1)
Common Authorization Models
273(1)
Menu Authorization
274(1)
Group Authority
275(1)
Application-only Access
276(1)
Variations on Application-only Access
276(1)
Application Ownership
277(1)
Which Profile Runs the Application?
277(1)
Does the Application Require a ``Powerful'' Profile?
278(1)
What Kind of Audit Trail Does the Application Require?
278(1)
Implementation Details
279(3)
Set OS/400 Authorities
279(1)
Define *Public Authority
279(1)
Secure Job Descriptions
279(1)
Manage Your Library List
280(1)
Make Library-Qualified Calls
280(1)
Don't Store Passwords in Clear Text
280(1)
Secure Application Objects
281(1)
Implementing Object-Level Authority
281(1)
Testing, Testing
282(1)
Gaining Control of Your System's Security Configuration
283(14)
Evaluating the Key Areas
283(5)
Physical Security
285(1)
Security Level
285(1)
System Configuration
285(2)
Communications and Device Configurations
287(1)
Initial Programs and Menus
287(1)
Resource Security
288(1)
Plan for User Profiles
288(2)
Plan the Physical Connections
290(3)
The iSeries System Unit
290(1)
Workstation Access
290(1)
Dial-Up Workstation Sessions
290(1)
User Access to Data Through Network Interfaces
291(1)
DDM
292(1)
Interactive Subsystems
292(1)
TCP/IP Applications
292(1)
Printers and Output Queues
293(1)
Backup Media
293(1)
Take Control of What's Restored onto Your System
293(2)
Restore-Related System Values
293(2)
Locking Down System Values
295(1)
Controlling What's on Your System
295(1)
A Good Start
296(1)
Building Object and Role Authorization
297(20)
Fundamental Tenets
297(2)
Object Security Is a Continuum
297(1)
Object Security Is Flexible with System Organization
298(1)
Object Security Uses Multiple Methods
298(1)
Purchased Software Is Not Exempt from Object Security
299(1)
Evaluating Object Security Requirements
299(8)
Identifying Application Security Requirements
299(3)
Identifying Data File Security Requirements
302(1)
Identifying Program Security Requirements
303(4)
Identifying Authorization Roles
307(1)
Defining Enterprise Roles
307(1)
Defining Authorizations
308(2)
Operations and Objects
309(1)
Defining Authentication Mechanisms
309(1)
Implementation Example
310(2)
Documenting Role Authorizations
312(5)
Security for IT Professionals
317(14)
Security and Your IT Staff
317(1)
Identify the Business Functions
317(1)
Define a Secure Environment for Each Business Function
318(7)
Operator
318(2)
Communications Administrator
320(1)
Programmer/Analyst
320(1)
Security Administrator
321(3)
Network Administrator
324(1)
Webmaster
325(1)
Security for Vendors and Consultants
325(4)
The Super Program
325(2)
The Super Profile
327(1)
Vendor Dial-In Support
327(1)
Consultant Practices
328(1)
Secure IT
329(2)
Security Implementation Example
331(30)
Application Security Requirements
332(2)
Organizational Chart
334(1)
User Profile and Password Rules
334(2)
Role Authorization Samples
336(15)
Network Security Considerations
351(1)
Firewall
351(1)
VPN
351(1)
Network Attributes
351(1)
Port Restrictions
351(1)
IP Packet Filtering
352(1)
Antivirus Software
352(1)
Exit Programs
352(1)
Application Administration
352(1)
System Integrity Checks
352(1)
System Values
353(1)
User Profile Listing
354(2)
Special Authorities Listing
356(1)
Library/Object Authorities Listing
356(2)
Directory Authorities Listing
358(1)
Planning Pays Off
359(2)
Is Your Strategy Working?
361(4)
What Can Change?
361(3)
Business Model Changes
361(1)
Operating System Updates
361(1)
New Products
362(1)
Procedural Changes
362(1)
New User Profiles
362(1)
Changing Roles
362(1)
Terminations and Resignations
363(1)
New and Changed Objects
363(1)
Deleted Objects
363(1)
Temporary Authorities and Objects
363(1)
Changes to System Values and Network Attributes
363(1)
User Identification
363(1)
Auditing Overview
364(1)
Status Auditing
365(26)
Physical Security Auditing
366(2)
System-Level Security Auditing
368(1)
User Profile Monitoring
368(17)
Expanded User Profile Auditing
372(4)
Ownership of IFS Objects
376(9)
Critical Objects and Object Authorities Monitoring
385(1)
Miscellaneous Audit Activities
386(3)
Worth the Investment
389(2)
Event Auditing
391(26)
The History Log
391(2)
History Log Housekeeping
393(1)
Inside Information
393(1)
The Security Audit Journal
393(1)
The Audit Journal
394(2)
The CHGSECSAUD Command
395(1)
Auditing Controls
396(1)
System-wide Auditing
397(3)
Other Auditing Values
399(1)
User Auditing
400(1)
Object Auditing
401(4)
Object auditing for New Objects
404(1)
Event-Auditing Recommendations
405(1)
Auditing Controls Security Recommendations
405(1)
System and User Event-Auditing Security Recommendations
405(1)
General Recommendations
405(1)
Working with the Audit Journal
406(3)
Detailed Information About OS/400 Audit Entries
406(1)
Understanding Journal Entry Formats
406(3)
Displaying and Printing Audit Journal Entries
409(6)
Using the DSPJRN Command to Display Entries
409(2)
Using the DSPJRN Command to Print Entries
411(4)
Helpful Tools
415(1)
iSeries Navigator
416(1)
Building a Business Contingency Plan: A Workbook
417(22)
Have a Purpose
417(1)
Find the Leaders
418(1)
Recognize Reality
418(1)
Risk Analysis
419(7)
Identifying Functional Exposures
419(1)
Identifying Functional Dependencies
420(1)
Identifying Functional Threats
420(1)
Evaluating Financial Risks: Expenses
421(1)
Evaluating Financial Risks: Losses
421(1)
Identifying Recovery Priorities
422(1)
Getting the Information You Need
422(4)
Disaster Avoidance
426(5)
Avoiding Disaster Through Prevention
426(1)
Physical Security
426(1)
Data Center Security
427(1)
System Security
427(1)
Network Security
427(1)
Fire Prevention and Natural Disaster Preparedness
427(1)
Employee Policies
428(1)
Uninterruptible Power Supply
428(1)
Records/Data Storage Options
428(1)
Preventive Maintenance
429(1)
Avoiding Disaster Through Effects Reduction
430(1)
Employee Training
430(1)
Alternative Facilities
430(1)
IT Hot Sites
430(1)
High-Availability Solutions
431(1)
Emergency Procedures
431(1)
Establishing Evacuation Procedures
431(1)
Establishing Notification Procedures
432(1)
Establishing Shutdown Procedures
432(1)
Establishing Departmental Procedures
432(1)
A Complete Recovery Program
432(4)
Building a Recovery-Program Document
433(1)
Identifying Recovery-Program Tasks
433(1)
Assigning Recovery-Program Teams
434(1)
Evaluation Team Activities
435(1)
Administration and Support Team Activities
435(1)
Operations Team Activities
435(1)
IT Operations/Recovery Team Activities
435(1)
Salvage/Facilities-Recovery Team Activities
435(1)
Communications Team Activities
435(1)
Testing and Auditing
436(3)
Performing a Level 1 Test
436(1)
Performing a Level 2 Test
436(2)
Auditing Your Contingency Plan
438(1)
Appendix Implementing OS/400 Single Sign-on
439(32)
Step 1: Configuring OS/400 to Use Windows Domain Authentication (a.k.a. a Kerberos KDC)
439(6)
Step 2: Configuring the KDC
445(5)
Create a Windows 2000 User ID
445(1)
Associate Each Service Principal with a Windows Domain User
446(1)
Testing Your Configuration
447(2)
Debugging Kerberos Errors
449(1)
Step 3: Configuring EIM
450(7)
Step 4: Adding Information to the EIM Domain
457(9)
Testing Your Configuration
462(1)
Debugging Your EIM Implementation
462(4)
Debugging Your SSO Implementation
466(1)
Adding to Your EIM Domain
467(1)
EIM Application Development
467(2)
Other Considerations
469(1)
Summary
470(1)
Index 471

An electronic version of this book is available through VitalSource.

This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.

By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.

Digital License

You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.

More details can be found here.

A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.

Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.

Please view the compatibility matrix prior to purchase.