In setting up a security policy to minimize the risk of being hacked. I wonder if it is a good idea to disable the QSECOFR profile? With QSECOFR disabled it is still possible to login to the main console (DSP01) only and do any administrative tasks. The idea behind this is that it is more difficult for a possible hacker to guess both the user ID/PWD then only the password of the well-known QSECOFR profile. Do you see any side effects of disabling QSECOFR?
You are right to be concerned about QSECOFR. It is the first profile that a hacker or cracker with iSeries or AS/400 knowledge will try to abuse. Setting QSECOFR to status *DISABLED is a good approach. You still can sign on the console with QSECOFR even though it's disabled. As far as side affects - obviously the ONLY place you can sign on with QSECOFR will be the console. As far as OS/400 goes, disabling QSECOFR shouldn't cause any problems. If you're going to run into problems, it's most likely with your third-party applications. Third-party applications sometimes do some creative things with QSECOFR. But off the top of my head, I can't think of any that require QSECOFR to be enabled.
MORE INFORMATION ON THIS TOPIC
The Best Web Links: Tips, tutorials and more.
Search400's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Read this Search400 Featured Topic: Secure your iSeries
Dig Deeper on iSeries system and application security
Related Q&A from Carol Woodbury
Before changing password levels and upgrading operating systems on the AS/400, ensure the clients connecting to the NetServer do not need the old ... Continue Reading
Look in the audit journal (QAUDJRN) on the AS/400 for an authority failure message with the name of the library as the object name. Use the ... Continue Reading
The UPPWEI field corresponds to the password expiration interval field, and its values "0" and "-1" represent the *SYSVAL and *NOXMAX commands. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.