What are some basic principles that I should have in place and enforce to make my iSeries box secure?
A few suggestions:
- Make sure the system is running at security level 40.
- Reduce the number of users that have *ALLOBJ special authority to only those users that require it for the job functions -- in other words, system administrators or security officers (notice I did mot include operators or programmers in this list!).
- Use object level security to secure files containing private or sensitive data. Object-level security is the only authorization method that is always in effect, no matter what interface is used to access the object (files).
If you want to understand the current state of your security configuration, I suggest that you look into my company's risk assessment product -- SkyView Risk Assessor for OS/400 and i5/OS, which describes each issue, explains why it's an issue and helps you get started remediating the issues.
This was first published in May 2006