I am interested in finding out the best practices for security system policies on the iSeries. For example: minimum password age, maximum password age, length of password, etc.
Hopefully, you understand that, while the large auditing firms often focus solely on system value settings and call that "security best practices for OS/400" best practices for OS/400 security entail much, much more – appropriate assignment of special authorities, use of object authority for both libraries and directories, appropriate settings for TCP/IP services, etc.
You can find recommendations for the most secure settings in IBM's iSeries Security Reference manual available in the IBM Information Center
However, the "most secure" settings may not be the best way to accomplish the security objective and/or may cause disruption across your enterprise. For a discussion on how various settings affect your environment, I suggest the book I co-authored with Patrick Botz, Experts' Guide to OS/400 and i5/OS Security.
If you are looking for a good set of best practice recommendations, I recommend that you look at the security settings being required from the credit card companies. Click here to view all of the requirements. These provide the high level requirements. You can then translate these into the appropriate settings on each of the operating systems you may have in your environment.
MORE INFORMATION ON THIS TOPIC
The Best Web Links: tips, tutorials and more.
Search400's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Check out this Search400.com Featured Topic: Top ten security tips
Visit the ITKnowledge Exchange and get answers to your security questions fast.
This was first published in January 2005