Security levels for basic Internet readiness

Before you connect to the Internet, you should decide what security level you need to adopt for protecting your system.

Your system security measures represent your last line of defense against an Internet-based security problem. Your first step in a total Internet security strategy must be to properly configure i5/OS basic security settings. Do the following tasks to ensure that your system security meets the minimum requirements:

  • Set the security level (QSECURITY system value) to 50. Security level 50 provides the highest level of integrity protection, which is suggested for protecting your system in high risk environments, such as the Internet.
    Note: If you are currently running at a security level lower than 50, you might need to update either your operating procedures or your applications. You need to review the System i® Security Reference before changing to a higher security level.
  • Set your security-relevant system values to be at least as restrictive as the recommended settings. You can use the System i Navigator Security wizard to configure the recommended security settings.
  • Ensure that no user profiles, including IBM-supplied user profiles, have default passwords. Use the Analyze Default Passwords (ANZDFTPWD) command to check whether you have default passwords.
  • Use object authority to protect your important system resources. Take a restrictive approach on your system. That is, by default, restricting everyone (PUBLIC *EXCLUDE) from system resources such as libraries and directories. Allow only a few users to access these restricted resources. Restricting access through menus is not sufficient in an Internet environment.
  • You must set up object authority on your system.

To help you configure these minimum system security requirements, you can use the Security wizard, which is available from the System i Navigator interface. The wizard uses the recommendations to configure your system security settings for you.

The i5/OS inherent security features, when properly configured and managed, provide you with the ability to minimize many risks. When you connect your system to the Internet, however, you need to provide additional security measures to ensure the safety of your internal network. After ensuring that you have general system security in place, you are ready to configure additional security measures as part of your comprehensive security plan for Internet use.