Here is your iSeries security tip for August, 2006 from SkyView Partners,
Inc., World Class i5/OS and OS/400 Security Experts.
This is to enable Help Desk personnel and Administrators to service
users who have forgotten their password. They can change the password
to something simple and require the user to change the password after
sign on. If you continue to have a problem with default passwords
on your system, check to see who has *SECADM special authority and
access to the CHGUSRPRF command. In addition, make sure your policy
and procedures prevent the Administrators and Help Desk from setting
the password to a default password.Changing just one of the password
system values (the system values beginning with QPWD*) from their
default setting causes i5/OS to not allow users to change their password
to a default password. That is, they cannot change their password
to be the same as their user profile name. However, if the user has
access to the Change User Profile (CHGUSRPRF) command and has *SECADM
special authority, the password composition rule system values are
(intentionally) by-passed by i5/OS, including the check for a default
password.
This is to enable Help Desk personnel and Administrators to service
users who have forgotten their password. They can change the password
to something simple and require the user to change the password after
sign on. If you continue to have a problem with default passwords
on your system, check to see who has *SECADM special authority and
access to the CHGUSRPRF command. In addition, make sure your policy
and procedures prevent the Administrators and Help Desk from setting
the password to a default password.
Overwhelmed with managing security compliance?
Policy Minder Version 1.1 is now available for download from the SkyView
Partners website. Just login with your user id and password and
choose the option to Download a product. Policy Minder 1.1 provides
additional flexibility when importing templates for the User profile,
Library authority and Directory authority categories. In Version 1.0,
when importing templates, any templates existing on the target system
were deleted and replaced with the imported templates. Now, you can
specify to not replace the templates. If you don't replace templates,
any existing templates on the target system will be preserved. If
a template that is being imported has the same name as an existing
template on the target system, the imported template will have a number
added to the end of the name, as in *USERS_01. In addition, the Check
and FixIt attributes of the template are also imported. Note: To use
the new Import features, both the target and the source systems must
be at Policy Minder 1.1.
Policy Minder Tip - Importing Policies.
Since the main focus of Policy Minder Version 1.1 is Import enhancements,
let’s talk about how and why you might use the Import function. Any
time you have more than one system you may want to consider using
the Import policy option. To import a policy, take option 61 from
the Policy Minder Main Menu or you can run or schedule the IMPPOL
command found in the SKYVIEWPMP library.
Importing policies can be used to: • Make sure your production and
QA systems and applications are configured with the same security
settings. • Propagate policies that are common for all systems in
your organization • Check to make sure your fail-over system is configured
the same as your production system before you attempt a roll-swap
in a high availability (HA) environment.
Want
to know more about SkyView Policy Minder? Join a webinar
Are you overwhelmed with the details of managing your security policy
compliance requirements? Let SkyView Policy Minder automate that process.
IBM thought enough of SkyView products to certify them as ‘Server
Proven” and as “i5/OS ready”.
Can your security implementation “take the heat”? Much of the country
has suffered with incredible heat waves this summer. As more demands
were placed on our power grids, some of them failed. Why? They couldn’t
take the stress or the heat. Many security configurations that, if
put to the test, wouldn’t be able to “take the heat” of someone attempting
to inappropriately access private or company confidential data. To
know for sure whether your system is able to withstand the next “heat
wave” run SkyView
Risk Assessor for OS/400 and i5/OS.
Sincerely,
Carol Woodbury
SkyView Partners, Inc.
