Introduction to IBM i security

The IBM Systems family covers a wide range of users. Security on the IBM® i platform is flexible enough to meet the requirements of this wide range of users and situations.

A small system might have three to five users, and a large system might have several thousand users. Some installations have all their workstations in a single, relatively secure, area. Others have widely distributed users, including users who connect by dialing in and indirect users connected through personal computers or system networks. You need to understand the features and options available so that you can adapt them to your own security requirements.

System security has three important objectives:

Confidentiality:
  • Protecting against disclosing information to unauthorized people
  • Restricting access to confidential information
  • Protecting against curious system users and outsiders
Integrity:
  • Protecting against unauthorized changes to data
  • Restricting manipulation of data to authorized programs
  • Providing assurance that data is trustworthy
Availability:
  • Preventing accidental changes or destruction of data
  • Protecting against attempts by outsiders to abuse or destroy system resources

System security is often associated with external threats, such as hackers or business rivals. However, protection against system accidents by authorized system users is often the greatest benefit of a well-designed security system. In a system without good security features, pressing the wrong key might result in deleting important information. System security can prevent this type of accident.

The best security system functions cannot produce good results without good planning. Security that is set up in small pieces, without planning, can be confusing. It is difficult to maintain and to audit. Planning does not imply designing the security for every file, program, and device in advance. It does imply establishing an overall approach to security on the system and communicating that approach to application designers, programmers, and system users.

As you plan security on your system and decide how much security you need, consider these questions:
  • Is there a company policy or standard that requires a certain level of security?
  • Do the company auditors require some level of security?
  • How important is your system and the data on it to your business?
  • How important is the error protection provided by the security features?
  • What are your company security requirements for the future?

To facilitate installation, many of the security capabilities on your system are not activated when your system is shipped. Recommendations are provided in this topic collection to bring your system to a reasonable level of security. Consider the security requirements of your own installation as you evaluate the recommendations.