Volume 10, Number 31 -- September 7, 2010

PowerTech to Overhaul Free IBM i Security Policy Template

Published: September 7, 2010

by Alex Woodie

Defining the steps one must complete to achieve one's goals is the first step in many higher endeavors. When the endeavor is achieving a certain level of security on an IBM i server or any other kind of IT system, the goals are put down on paper in the form of a detailed security policy. For organizations that are looking to bolster their IBM i security practices but don't know where to start, PowerTech provides a free, downloadable IBM i security policy template to get them going.

It is hard to believe, but many IBM i shops today don't have security policies, which, unfortunately, is just one of many security failings at IBM i shops. These organizations are flying blind by the seat of their administrator's pants, hoping they don't have a security problem (presuming they could detect it in the first place). Without a security policy to go by, it's very difficult for an organization to practice any kind of rigor in pursuit of higher security. In other words, a security policy is the foundation block of all security practices, and without it, no security structures can be built on top of it.

That's not to say every company needs a Fort Knox-like security policy. Each organization's security policy is a unique reflection of the risks they are willing to take. A small company with just a dozen users accessing an IBM i server with no ODBC, FTP, or HTTP links outside the firewall will require a much simpler security policy than a national retailer handling billions of dollars of electronic transactions, which must adhere to the strict PCI DSS requirements.

But any organization that values its data--and its relationship with customers who are represented by that data--should have, at the very least, a semblance of a security policy. For IBM i shops that don't, PowerTech's "OS/400 Security Policy" provides a good place to start.

The 13-page security policy is broken down into various sections, such as physical security, data access security, user profile security, etc. Many of the entries are no-brainers, such the computer must be located in a secure room. It seems simple to say, but without a lock on the office or computer room door, no security can be achieved.

PowerTech's policy provides examples for how IBM i should be configured for security. Some of the recommendations are quite detailed, and some administrators may choose to have stricter or more lenient settings, depending on their particular needs. The document does not provide a complete security policy, but is a starting point for developing a custom security policy.

PowerTech will be updating the policy in the near future, and welcomes suggestions and submissions from the IBM i community, according to an August blog posting by PowerTech's director of security technologies Robin Tatam.

"This popular document will continue to be a free resource to the IBM i security community, and we invite anyone to download, edit, and return the changes to us for possible (and credited) inclusion in a future edition," Tatam writes.

You can obtain PowerTech's OS/400 Security Policy as a free PDF download from its website at www.powertech.com.

                     Post this story to del.icio.us
               Post this story to Digg
    Post this story to Slashdot

Sponsored By

DBU 9.0 Now Available!

Just when you thought DBU had it all, we've added MORE!

                                                                 New DBUSQL command
                                                                 Enhanced Audit Logging
                                                                 Execute DBUJRN in batch
                                                                 Supports DBCS for Chinese,
                                                                   Korean and Japanese
                                                                 Wizard-based DBU security set-up


Download today!

Editor: Alex Woodie
Contributing Editors: Dan Burger, Joe Hertvik,
Shannon O'Donnell, Timothy Prickett Morgan
Publisher and Advertising Director: Jenny Thomas
Advertising Sales Representative: Kim Reed
Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

Sponsored Links

PowerTech:  FREE Webinar! Protect IBM i Data from FTP, ODBC, & Remote Command. Sept 15, 10 am CT
looksoftware:  RPG OA & Beyond Webinar. Sept 28 & 29. Enter to win an Amazon Kindle™
COMMON:  Join us at the Fall 2010 Conference & Expo, Oct. 4 - 6, in San Antonio, Texas


IT Jungle Store Top Book Picks

Easy Steps to Internet Programming for AS/400, iSeries, and System i: List Price, $49.95
The iSeries Express Web Implementer's Guide: List Price, $49.95
The System i RPG & RPG IV Tutorial and Lab Exercises: List Price, $59.95
The System i Pocket RPG & RPG IV Guide: List Price, $69.95
The iSeries Pocket Database Guide: List Price, $59.00
The iSeries Pocket SQL Guide: List Price, $59.00
The iSeries Pocket Query Guide: List Price, $49.00
The iSeries Pocket WebFacing Primer: List Price, $39.00
Migrating to WebSphere Express for iSeries: List Price, $49.00
Getting Started With WebSphere Development Studio Client for iSeries: List Price, $89.00
Getting Started with WebSphere Express for iSeries: List Price, $49.00
Can the AS/400 Survive IBM?: List Price, $49.00
Chip Wars: List Price, $29.95

The Four Hundred
Entry IBM i Server Deals Greased With License Discounts

Prices Jacked on Power Systems Tape Drives and Expansion Drawers

The Server Racket Strengthens in Q2, But Will It Hold?

Mad Dog 21/21: Craft Nouveau

IDC Raises Global IT Spending Projections for 2010

Four Hundred Guru
An Introduction to Python on IBM i, Part 1

DB2 for i: Process Stored Procedure Result Sets as Cursors

Admin Alert: One Year Out--Preparing for Your Next Power IBM i Upgrade

Four Hundred Monitor
Four Hundred Monitor's
Full iSeries Events Calendar

System i PTF Guide
September 4, 2010: Volume 12, Number 36

August 28, 2010: Volume 12, Number 35

August 21, 2010: Volume 12, Number 34

August 14, 2010: Volume 12, Number 33

August 7, 2010: Volume 12, Number 32

July 31, 2010: Volume 12, Number 31

TPM at The Register
Semi biz starts to cool off

HyTrust takes auditing, monitoring to the clouds

MokaFive outs bare-metal PC hypervisor

Cray and SGI push upgrades to latest supers

Gartner chops PC shipment forecasts for 2010

SGI bleeds less than expected

Xsigo rejiggers virtual I/O director for Ethernet

Big Blue finally punts an Opteron 6100 server

Project Horizon: VMware's plan to restitch the desktop

Retired joint chiefs chairman dons a Red Hat

Citrix eats VMLogix for self-service clouds

Voltaire chases cloudy server networks


ProData Computer Services
RJS Software Systems

Printer Friendly Version

MKS Offers Full Support for IBM i 7.1 in ALM Tool

Vanguard Adds Graphical Workflow Features to IBM i Imaging Solution

Valid and TGS Gang Up on Buddy Punchers

Quantum Adds Fibre Channel to Midrange De-dupe Boxes

CCSS Cracks Down on IBM i Jobs with Excessive I/O

News Briefs and Product Shorts:

PowerTech to Overhaul Free IBM i Security Policy Template . . . Wavelink Finds Another Use for Smartphones . . . BackOffice Unveils Cloud-Based Data Migration Tool . . . IBM Moves Rational Cafes to New Website . . . Why Surging Security Vulnerability Rate May Be a Good Thing . . .

Four Hundred Stuff


Subscription Information:
You can unsubscribe, change your email address, or sign up for any of IT Jungle's free e-newsletters through our Web site at http://www.itjungle.com/sub/subscribe.html.

Copyright © 1996-2010 Guild Companies, Inc. All Rights Reserved.
Guild Companies, Inc., 50 Park Terrace East, Suite 8F, New York, NY 10034

Privacy Statement