How does your iSeries shop line up in the physical security department? This article takes a look at the minimum requirements and suggests several things you can do to make sure physical security is covered for your shop.
When I first started out as a programmer, physical security was non-existent. In fact, computer technology was so new that companies wanted to show it off and built fantastic glass enclosed computer rooms so visitors could walk by and see their modern, up-to-date computer installation. In those days, if someone wanted to steal your customer master file, more often than not it would have involved lugging out several trays of heavy punched cards -- a feat even the governor of California would have some trouble with. It wasn't long, however, before the glass enclosed computer rooms all disappeared and physical security became a concern throughout corporate America.
Unfortunately, physical security comes with inconvenience, and often we allow it to slide just to make things easier. Here are some basics you should check your shop for:
- Make sure your system unit and its system console are in a secure location. This means it is not easily accessible to the public, and it is under lock and key.
- If your system has a key, make sure it is in the Secure or Auto position. Then, remove the key and store it in a separate secure location.
- Make sure your backup tapes are also stored in a secure location separate from the system unit.
- Make a list of your publicly accessible workstations and check them for security. Make sure security officers cannot use these public stations and they are in plain sight. You can control use of these workstations using object security on the device descriptions.
- Make sure the system value QLMTSECOFR is set to the value 1. This guarantees security officers can log on to devices that are explicitly authorized for their user profile only.
- Regularly check your audit journal for AF records to see if there have been any invalid logon attempts at restricted terminal devices.
Last week, I bought a little device that looks like a key chain but can hold up to 512 MB of data. It is a small hard drive the plugs into the USB port on any PC and becomes an additional hard drive for that system. It self installs and you don't even need to go through configuration steps to use it. With some simple download tools and a drag and drop, I could walk out with the customer master file in my pocket and nobody would be the wiser, unless I'm really doing my job as security officer. That includes a broad array of responsibilities, but it starts with physical security planning and implementation.
If you have any questions about this topic, you can reach me at rich@kisco.com, I'll give it my best shot. All e-mail messages will be answered.
---------------------------------------
About the author: Rich Loeber is president of Kisco Information Systems Inc.s in Saranac Lake, N.Y. The company is a provider of various security products for the iSeries market.
