July 1997: Volume 11, Number 5

Tips from Jackie

Security Toolkit

By Jackie Jansen

s everyone knows security is becoming a much larger issue as we open up our AS/400s to PCs, remote communications and of course, the Internet. Instead of my giving you tips on securing your AS/400 this month I am going to tell you how to get a book on security tips and additional security programs at no charge. This includes a lot more than I can put in one column.

IBM is providing a security toolkit for OS/400 V2R3 and later. If you received V3R1 or V3R6 very recently this toolkit will have been automatically provided. To find out if the toolkit is loaded on your system, look for library QSECLIB and user profile QSECUSR. These are both created at install time. For those of you that didn't automatically receive the toolkit you can order the no charge PRPQ listed in the table below. In addition to the toolkit you can also order some new security functions via PTFs. The PTF numbers in the table below are umbrella PTFs that include multiple security PTFs. The PTFs include additional security programs that are separate but complimentary to the toolkit.

Now that you know how to order this toolkit would you like to know what it is?

The security toolkit provides you with a set of programs that enable you to add additional security to your system. The toolkit also provides many reports to allow you to monitor and audit your current security implementation. New security functions include the ability to disable a user profile that hasn't been used in a specified number of days and the ability to schedule an expiry date for a user leaving the company. You can also schedule user profiles to be unavailable at certain hours. You might want to turn QSECOFR off at night so that even if the userid and password were obtained after hours, the profile wouldn't be available. The toolkit includes all this and more.

Program adoption has always been an excellent method of security on the AS/400 but like many things in this life, program adoption is a two edged sword. Many people have been concerned that there might be programs on their system that adopt authority and shouldn't. Part of the security toolkit will enable you to print a report that shows all programs that adopt a specific user or generic user authority (i.e. Q*). You might run this once and then in future run a report that shows only the changes since you last ran the report. You can print security information as it relates to communications, job descriptions, private authorities, signon information and more. You can print a list of trigger programs that are associated with database files on your system and then print a changed list in future.

Included with the Security Toolkit is an excellent publication that covers the toolkit and more. It is called "Tips and Tools for Securing Your AS/400". If you don't already have the security toolkit you should ask for it today; you can't afford not to.