Here is your iSeries security tip for September, 2006 from SkyView
Partners, Inc., World Class i5/OS and OS/400 Security Experts.
Besides changing the password system values (as discussed in last
month’s newsletter,) another way to prevent default passwords is to
change the default setting for the PASSWORD parameter on the Create
User Profile (CRTUSRPRF) command. I recommend that you set the parameter
to the value of *NONE as shown below:
CHGCMDDFT CMD (CRTUSRPRF) NEWDFT('PASSWORD(*NONE)')
This method allows the profile to be created ahead of time but provides
assurance that it cannot be used by someone else for sign on. When
the person begins work with your organization, they can put in a request
to the help desk or the security administrator to have a password
assigned to the profile. Of course you’ll want to set the password
to be expired so that the person will have to change it the first
time they use it for sign on.
Want to know that your system EXACTLY matches your security policy
requirements?
Policy Minder Tip - Ensuring no profile has a default password.
Using Policy Minder to ensure none of the profiles on your systems
have a default password is very easy. Take option one from the Policy
Minder Main Menu to Work with Policies. Take option 5 next to the
User profile (*USRPRF) category. Now press F6 to create a new template.
On the first screen specify to include all user profiles. Like the
following:
I *ALL *USRPRF
Scroll now to the last screen. Specify *NODFT for the Password attribute.
Press Enter until you’re back at the User profile template screen.
Now simply run a compliance check and any profiles that have a default
password will be identified.
Now that the setup is complete, you’ll want to regularly run a compliance
check against this template to ensure this part of your security policy
remains in compliance.
Hint: To run a compliance check on a regular basis, schedule the
SKYVIEWPMP/CHECK command using your favorite job scheduler.
Want
to know more about SkyView Policy Minder? Join a webinar
Are you overwhelmed with the details of managing your security policy
compliance requirements? Let SkyView Policy Minder automate that process.
IBM thought enough of SkyView products to certify them as ‘Server
Proven” and as “i5/OS ready”.
In the News: The Payment Card Industry (PCI) recently announced the
formation of a Security Standards Council and releases a new version
of its Data Security Standards. Click
here to read more.
Sincerely,
Carol Woodbury
SkyView Partners, Inc.
About the author
Carol Woodbury is co-founder of SkyView Partners, Inc., a firm specializing
in security compliance management and assessment software as well
as security services. Carol is the former chief security architect
for AS/400 for IBM in Rochester, Minnesota, and has specialized in
security architecture, design, and consulting for more than 15 years.
Carol speaks around the world on a variety of security topics and
is coauthor of the book Experts' Guide to OS/400 and i5/OS Security.
