Difference between revisions of "Security Basics"

From MidrangeWiki
Jump to: navigation, search
(Objects Owned)
(Authorization List)
Line 31: Line 31:
  
 
=== Authorization List ===
 
=== Authorization List ===
 +
* GO CMDAUTL
 +
* [[ADDAUTLE]]
 +
* [[CRTAUTL]]
 +
* [[DLTAUTL]]
 +
* [[DSPAUTL]]
 +
* [[DSPAUTLOBJ]]
 +
* [[EDTAUTL]]
 +
* [[RMVAUTLE]]
 +
* [[WRKAUTL]]
 +
 
=== Adopted Authority ===
 
=== Adopted Authority ===
 
* [[DSPGMADP]] Display Program Adopt
 
* [[DSPGMADP]] Display Program Adopt

Revision as of 18:19, 24 June 2005

See General Computer Security for info and links about Security outside of the 400.

Security Commands

User Profile

Password

  • GO CMDPWD
  • CHGPWD change password
  • CHKPWD makes user re-enter password that was used to sign onto the 400

Object Authority

Objects Owned

Authorization List

Adopted Authority

  • DSPGMADP Display Program Adopt
    • Specify a user profile and get a list of the programs that adopt that user's authority.

Security 400 Professionals

Wayne Evans

  • Wayne O. Evans http://www.woevans.com/ is a former IBM 400 Security Architecture specialist http://woevans.freeyellow.com/WOEBIO.html who now has his own 400 Security Consulting firm
    • He designed many of the security features of the 400 and its predecssor machines, also many 400 features in addition to security
    • He advises us to get a more secure web browser than Microsoft IE
    • He does 400 Security columns and seminars
      • He has a book out with a collection of his 400 Security articles
    • OS/400 Security Education and Training
      • Security/400 FAQ

http://woevans.freeyellow.com/Qst_Ans.pdf

        • Biggest threats to overall 400 security
        • Best Practices
        • What can be done at the Sign On Screen
        • How secure are 400 passwords
        • Why security level 40
        • Security 400 auditing
        • Client Access
        • Operations Navigator
        • Exit Programs
        • Authorization Lists
        • ODBC
        • Encryption 400
        • How evaluate security software vendors
        • VPN interesting factoid
          • The use of VPN (Virtual Private Network) causes all traffic over the VPN to be encrypted.
          • Al Mac notes that this may not help if Spyware gets onto the PC of the person using VPN to access the 400
        • and lots more

Milt Habek of UPI

Milt is CEO of Unbeaten Path International UPI http://www.unbeatenpathintl.com/ which markets many security solutions for the 400, and stuff for ERP such as BPCS.

Sky View

One of the founders of Skyview is Carol Woodbury, who is also one of the mothers of IBM 400 Security architecture, former Chief Security Architect for OS/400 for IBM and one of the leading authorities on OS/400 security.

http://www.skyviewpartners.com/java-skyviewp/index.jsp

Skyview offers 400 Security and General Computer Security info

  • education
  • assessment
  • security tools
  • remediation services
  • compliance info about gov regulations
  • white papers