Manage Learn to apply best practices and optimize your operations.

Security policy to minimize being hacked

In setting up a security policy to minimize the risk of being hacked. I wonder if it is a good idea to disable the QSECOFR profile? With QSECOFR disabled it is still possible to login to the main console (DSP01) only and do any administrative tasks. The idea behind this is that it is more difficult for a possible hacker to guess both the user ID/PWD then only the password of the well-known QSECOFR profile. Do you see any side effects of disabling QSECOFR?

You are right to be concerned about QSECOFR. It is the first profile that a hacker or cracker with iSeries or AS/400 knowledge will try to abuse. Setting QSECOFR to status *DISABLED is a good approach. You still can sign on the console with QSECOFR even though it's disabled. As far as side affects - obviously the ONLY place you can sign on with QSECOFR will be the console. As far as OS/400 goes, disabling QSECOFR shouldn't cause any problems. If you're going to run into problems, it's most likely with your third-party applications. Third-party applications sometimes do some creative things with QSECOFR. But off the top of my head, I can't think of any that require QSECOFR to be enabled.


The Best Web Links: Tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Read this Search400 Featured Topic: Secure your iSeries

Dig Deeper on iSeries system and application security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.