When it comes to maintaining user level security on your AS/400, iSeries and IBM i power system, there are a bunch of overlooked system values that help to define and configure almost every aspect from the initial startup sequence and resources and yes even enforcement of passwords. And when it comes to managing your users for the maximum level of security there are a few system values that you should be aware of.
First of all is the QINACTITV which specifies in minutes how long an interactive sessions can sit idly before some sort of action if performed. You set this system value to a duration of minutes, typically around 60 minutes or more which can accommodate people taking lunch without losing their work. If you are setting this value you will also need to use the QINACTMSGQ value counterpart.
There are two things setting the inactive timeout setting can accomplish. First if you are concerned about securing regular dumb terminals when someone walks away for any length of time and they may have sensitive information displayed on the screen this can help put a stop that that.
This setting can also help secure things by closing out sessions that folks have left sign in to and then gone home for the day. Especially if you need to run some sort of day close process that requires everyone be off the system the sessions will have timed out so you don’t have to guess if someone is still working or not and save a few phone calls.
Now if your network is running a mix of Windows based workstations using QINACTITV is a moot point since they can be configured to do the same thing by locking the workstation itself without ending the users green screen session. This can be a better route so if a user walks away in the middle of entering in information and the job is ended it can cause issues with data integrity.
Next up is securing the users passwords and password standards. Good security practices will requires that users rotate out passwords every so often, usually a time span of one to three months. By using the QPWDEXPITV system value you can configure how often passwords will expire and be forced to change. You can also force a password to expire manually by working with a user profile with the CHGUSRPRF command and setting the password expire field to yes.
Lastly you may want to incorporate password rules that will force users to create more secure passwords that use a combination of special characters, numbers and so on. To do so you can use the QPWDRQDDGT and QPWDMINLEN system value to enforce that a numeric character be added to the password and that they have a minimum length of at least eight characters. You should also set the QPWDRQDDIF value to prevent users from reusing the same password over and over.
Of course there is a tradeoff to the password enforcement rules available on the AS/400, iSeries and IBM i platform. You can force users to create extremely secure passwords by using various security system values to restrict characters, digits, and requiring numeric but this will almost certainly increase the number of people calling you up for help because it can be confusing.
Published At: Isnare.com Free Articles Directory - http://www.isnare.com/
Permanent Link: http://www.isnare.com/?aid=641157&ca=Computers+and+Technology
DISCLAIMER: All information, content, and data in this article are sole opinions and/or findings of the individual user or organization that registered and submitted this article at Isnare.com without any fee. The article is strictly for educational or entertainment purposes only and should not be used in any way, implemented or applied without consultation from a professional. We at Isnare.com do not, in anyway, contribute or include our own findings, facts and opinions in any articles presented in this site. Publishing this article does not constitute Isnare.com's support or sponsorship for this article. Isnare.com is an article publishing service. Please read our Terms of Service for more information.
No comments:
Post a Comment