Unauthorized access

Use this checklist along with auditing journal to audit unauthorized attempts to access information.

• Security-related events are logged to the security auditing journal (QAUDJRN) when the auditing function is active.

  To audit authority failures, use the following system values and settings:

  • QAUDCTL must be set to *AUDLVL.
  • QAUDLVL must include the values of *PGMFAIL and *AUTFAIL.

  The best method to detect unauthorized attempts to access information is to review entries in the audit journal on a regular basis.

• The QMAXSIGN system value limits the number of consecutive incorrect access attempts to five or less. The QMAXSGNACN system value is set at 2 or 3.
• The QSYSMSG message queue is created and monitored.
• The audit journal is audited for repeated attempts by a user. (Authorization failures cause AF type entries in the audit journal.)
• Programs fail to access objects using interfaces that are not supported. (QSECURITY system value is set to 40 or 50.)
• User ID and password are required to sign on.

  Security levels 40 and 50 enforce this. At level 20 or 30, you must make sure that no subsystem descriptions have a workstation entry that uses a job description that has a user profile name.