Many people, myself included, take this time of year for a little introspection. We try to see where we have problems or weaknesses and then contemplate methods and strategies to make changes. If we're serious, we'll sit down and make a list of things to do in the new year. As the security officer for your i5-iSeries-AS/400 shop, this is a good opportunity to do just that for your installation and here's my list of some items you should consider.
Finally take the plunge and move the security level of your system up at least one level. If you're running at level 20 (shame on you!), move to level 30. If you're at level 30, move to level 40. Take the time to plan the move and use system security auditing to check results before you make the change.
Check your system for user profiles with permanent passwords; then change them all. This will, at least, enforce an annual change in these passwords. And, this means your personal password, too!
Review the user profiles on your system and look for people who have left the company. Make sure those profiles are disabled and their passwords have been changed to *NONE. If you can do so easily, remove the profiles.
Do a full audit of all of the security related system values on your box and make sure they are set up to enforce your company's security policies correctly.
Audit your system backup plan and make sure that the tapes are being properly labeled and stored for quick and accurate recovery if needed.
In light of recently publicized problems, check on the way your backup tapes are transported to and from your off-site storage facility to make sure they are secure in transit.
Dust off your disaster recovery plan and make sure it still works. Bring it up to date, and then schedule an actual test.
Review physical security arrangements for your computer room and for all terminals and PCs attached to your system. Do a walk through and actually look at the various work locations. Check for things like passwords on post-it notes and lists of system resources. Spank a few hands (not literally) for violators. Your physical presence in the end-user's environment will go a long way towards reinforcing the importance of security.
Resolve to review your system security audit journal on a regular basis. If you don't have it active, turn it on. If you have it turned on but never look at it, develop a review process to check for problem issues.
If you don't have network security implemented at the exit-point level on your system, commit to getting this done in the new year. Either write your own exit routines or take a look at one of the many packages available for this important area of system security.
If you have other items to add to the list, let me know. My e-mail address is at the end of this tip, and I'd love to hear about your new year's resolutions.
For me, I'm going to just resolve to loose 20 pounds this year. But then, that was my resolution last year, and I'm weighing in at the same rate this year. At least things didn't get worse. Let's hope that your system security resolutions fare better.
If you have specific questions about this topic, e-mail me at firstname.lastname@example.org. All e-mail messages will be answered.
About the author: Rich Loeber is president of Kisco Information Systems Inc. in Saranac Lake, N.Y. The company is a provider of various security products for the iSeries market.
Dig Deeper on iSeries system and application security