Unauthorized access

Use this checklist along with auditing journal to audit unauthorized attempts to access information.

  • Security-related events are logged to the security auditing journal (QAUDJRN) when the auditing function is active.
    To audit authority failures, use the following system values and settings:
    • QAUDCTL must be set to *AUDLVL.
    • QAUDLVL must include the values of *PGMFAIL and *AUTFAIL.
    The best method to detect unauthorized attempts to access information is to review entries in the audit journal on a regular basis.
  • The QMAXSIGN system value limits the number of consecutive incorrect access attempts to five or less. The QMAXSGNACN system value is set at 2 or 3.
  • The QSYSMSG message queue is created and monitored.
  • The audit journal is audited for repeated attempts by a user. (Authorization failures cause AF type entries in the audit journal.)
  • Programs fail to access objects using interfaces that are not supported. (QSECURITY system value is set to 40 or 50.)
  • User ID and password are required to sign on.
    Security levels 40 and 50 enforce this. At level 20 or 30, you must make sure that no subsystem descriptions have a workstation entry that uses a job description that has a user profile name.