Sold Out
Book Categories |
Part I | AS/400 Security Basics | |
Chapter 1 | Security Is a Business Function | 1 |
Evaluating Your Risks | 1 | |
Evaluating the Threats | 4 | |
Managing the Strategic Issues | 4 | |
Getting Started | 8 | |
Chapter 2 | Security at the System Level | 11 |
The System Security Level | 11 | |
Security Level 10 | 12 | |
Security Level 20 | 13 | |
Security Level 30 | 14 | |
Security Level 40 | 15 | |
Security Level 50 | 19 | |
Security-Related System Values | 21 | |
A Helpful Tool | 42 | |
Operations Navigator | 42 | |
Chapter 3 | The Facts About User Profiles | 45 |
Why User Profiles? | 45 | |
What Is a User Profile? | 45 | |
User Profile Attributes | 46 | |
Helpful Tools | 59 | |
Operations Navigator | 61 | |
Chapter 4 | Object Authorization | 63 |
Specific Authorities | 63 | |
Authority Classes | 66 | |
Granting and Revoking Specific Authorities | 68 | |
Group Profiles | 69 | |
Public Authority | 71 | |
Authorization Lists | 75 | |
How OS/400 Checks Authority | 77 | |
Authority Cache | 80 | |
Adopted Authority | 80 | |
Authorities and Save/Restore Functions | 83 | |
Object Ownership | 84 | |
Limit User Function | 86 | |
Helpful Tools | 88 | |
Operations Navigator | 88 | |
Chapter 5 | Database Security | 89 |
Database File Authorities | 89 | |
Data Authorities and Logical Files | 108 | |
Field-Level Security | 108 | |
Row-Level Security | 128 | |
What About SQL Tables and Views? | 128 | |
Chapter 6 | Output Queue and Spooled-File Security | 129 |
The Security-Related Output Queue Attributes | 129 | |
Output Queue Ownership | 132 | |
Sample Output Queue Security Implementation | 133 | |
An Output Queue Security Management Utility | 134 | |
Helpful Tools | 163 | |
Operations Navigator | 163 | |
Chapter 7 | Network Security | 165 |
Physical Security | 165 | |
Network Configuration | 166 | |
Network Security Attributes | 166 | |
DDM Security | 168 | |
Security Considerations for PCs | 177 | |
Using Exit Points | 182 | |
Installing USRFTPLOGC | 187 | |
Helpful Tools | 187 | |
Chapter 8 | Communications Security | 189 |
TCP/IP Security Considerations | 189 | |
Data Encryption | 204 | |
APPN/APPC Communications Configuration Security | 209 | |
Helpful Tools | 213 | |
Operations Navigator | 213 | |
Chapter 9 | Internet Security | 215 |
Corporate Security Policy | 216 | |
Internet Service Provider | 217 | |
Firewalls | 217 | |
AS/400 System Values | 219 | |
User Profiles | 222 | |
Use Resource Security | 223 | |
Control What Goes On | 223 | |
Write Secure Web Applications | 224 | |
Use Exit Points | 226 | |
Monitor | 227 | |
Test | 228 | |
Update Your Business Contingency Plan | 229 | |
The Good News | 229 | |
Part II | The Invisible Threat | |
Chapter 10 | Thwarting Hackers | 231 |
Hacker Terminology | 231 | |
Access--A Hacker's First Hurdle | 232 | |
Bypassing or Gaining Authority | 238 | |
Preventing Trojan Horses | 243 | |
Preventing Viruses | 245 | |
Preventing Worms | 246 | |
Internet Attacks | 247 | |
Final Words of Advice | 247 | |
Part III | How to Build an AS/400 Security Strategy | |
Chapter 11 | Evaluating Your Current Strategy | 249 |
Common Authorization Models | 249 | |
Evaluating the Key Areas | 257 | |
Determining Your Level of Threat | 262 | |
Chapter 12 | Establishing and Controlling System Access | 267 |
Verify Security Level | 267 | |
Plan for User Profiles | 267 | |
Plan the Physical Connections | 269 | |
Chapter 13 | Building Object and Role Authorization | 281 |
Fundamental Tenets | 281 | |
Evaluating Object Security Requirements | 283 | |
Identifying Application Security Requirements | 283 | |
Identifying Data File Security Requirements | 286 | |
Identifying Program Security Requirements | 288 | |
Identifying Authorization Roles | 291 | |
Defining Enterprise Roles | 291 | |
Defining Authorizations | 292 | |
Implementation Example | 294 | |
Documenting Role Authorizations | 295 | |
Chapter 14 | Security for IT Professionals | 301 |
Security and Your IT Staff | 301 | |
Identify the Business Functions | 301 | |
Define a Secure Environment for Each Business Function | 302 | |
Security for Vendors and Consultants | 309 | |
Chapter 15 | Security Implementation Example | 313 |
Application Security Requirements | 314 | |
Organizational Chart | 315 | |
User Profile and Password Rules | 316 | |
Role-Authorization Samples | 317 | |
Network Security Considerations | 332 | |
Exit Programs | 333 | |
Application Administration | 334 | |
System Values | 334 | |
User Profile Listing | 336 | |
Special Authorities Listing | 337 | |
Library/Object Authorities Listing | 337 | |
Part IV | Auditing Your Security Strategy | |
Chapter 16 | Is Your Strategy Working? | 341 |
What Can Change? | 341 | |
Auditing Overview | 344 | |
Chapter 17 | Status Auditing | 345 |
Physical Security Auditing | 347 | |
System-Level Security Auditing | 347 | |
User Profile Monitoring | 348 | |
Critical Objects and Object Authorities Monitoring | 359 | |
Miscellaneous Audit Activities | 362 | |
Chapter 18 | Event Auditing | 375 |
Monitoring the History Log | 375 | |
The Security Audit Journal | 377 | |
The Audit Journal | 378 | |
Auditing Controls | 380 | |
System-wide Auditing | 381 | |
User Auditing | 382 | |
Object Auditing | 383 | |
Event-Auditing Recommendations | 386 | |
Working with the Audit Journal | 387 | |
Displaying and Printing the Audit Journal Entries | 390 | |
Helpful Tools | 398 | |
Operations Navigator | 398 | |
Chapter 19 | Building a Business Contingency Plan--A Workbook | 401 |
Have a Purpose | 401 | |
Find the Leaders | 401 | |
Recognize Reality | 402 | |
Risk Analysis | 403 | |
Disaster Avoidance | 410 | |
Emergency Procedures | 414 | |
A Complete Recovery Program | 416 | |
Testing and Auditing | 419 | |
Appendices and References | ||
Appendix A | Security APIs | 423 |
User and Group ID APIs | 427 | |
Digital Certificate APIs | 429 | |
Profile Token APIs | 430 | |
User Function Registration APIs | 431 | |
Validation-List APIs | 432 | |
Appendix B | Security Journal Entry Types (Detail) | 435 |
Action Auditing | 435 | |
Object Auditing | 439 | |
References | 441 | |
IBM Manuals | 441 | |
IBM Redbooks | 441 | |
IBM Web Sites | 441 | |
Articles from NEWS/400 Magazine and AS400 Network | 442 | |
Other Publications | 442 | |
Index | 443 |
Login|Complaints|Blog|Games|Digital Media|Souls|Obituary|Contact Us|FAQ
CAN'T FIND WHAT YOU'RE LOOKING FOR? CLICK HERE!!! X
You must be logged in to add to WishlistX
This item is in your Wish ListX
This item is in your CollectionImplementing As/400 Security
X
This Item is in Your InventoryImplementing As/400 Security
X
You must be logged in to review the productsX
X
X
Add Implementing As/400 Security, In today's networked world, security is crucial. As e-business sweeps the enterprise, effectively protecting data can mean the difference between secure businesses that can build and maintain trustworthy relationships with customers and business partners , Implementing As/400 Security to the inventory that you are selling on WonderClubX
X
Add Implementing As/400 Security, In today's networked world, security is crucial. As e-business sweeps the enterprise, effectively protecting data can mean the difference between secure businesses that can build and maintain trustworthy relationships with customers and business partners , Implementing As/400 Security to your collection on WonderClub |