My present iSeries 400 is at a level 30-security setting. Is there an easy way or plan to go to level 40? I feel that this is a good idea but what are the main differences/benefits between the two?
You are correct! Moving to security level 40 or higher is an excellent idea. The benefit you get with security level 40 and 50 is system integrity. What is system integrity, exactly? System integrity protects the operating system from being used inappropriately. For example, at security level 30, database files can be programmatically updated bypassing all auditing and some security checking. In addition, operating system programs can be called and exploited, internal control structures can be manipulated allowing the potential for OS/400 to be unstable and have unpredictable results. Also, users can use any job description that specifies a user profile without having to have authority to that user profile. On most systems, this issue alone poses a huge security risk. Security is easily circumvented at security level 30. However, at security level 40 and above, all the previously mentioned problems are prevented.
At security level 50, you get all the protection of 40 and then some. Some very imaginative people have circumvented some safeguards at security level 40 over the past couple of years, but were stopped at security level 50. Running at the highest level of security IBM provides is a very wise move. It is your best defense against those individuals and business partners who attempt to operate outside the parameters IBM has set.p>==================================
MORE INFORMATION ON THIS TOPIC
The Best Web Links: tips, tutorials and more.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Search400's targeted search engine: Get relevant information on security.
Dig Deeper on iSeries system and application security
Related Q&A from Carol Woodbury
Before changing password levels and upgrading operating systems on the AS/400, ensure the clients connecting to the NetServer do not need the old ... Continue Reading
Look in the audit journal (QAUDJRN) on the AS/400 for an authority failure message with the name of the library as the object name. Use the ... Continue Reading
When error messages arise concerning attempts to use a permanent system object without authority, find the source of the issue by looking for an AF ... Continue Reading