APPC, APPN, and HPR security
For iSeries systems that communicate with each other using APPC, APPN, and HPR, consider the following security aspects.
- General security considerations: Consider the following measures when securing your network:Note: The following password considerations only apply if password protection is not active.
- When application program security is used, specify SECURELOC(*VFYENCPWD). This means that you only get to log on if BOTH your user profile name AND password are the same on both systems.
- The person responsible for network security ensures that each user has a unique user ID throughout the network.
- Have your system administrator set a limit on the number of consecutive password attempts that are not valid for a given display device. When this limit is reached, the device is then varied off. Set the limit with the system value QMAXSIGN. This is only true for Display devices, not for APPC devices.
- Users can sign on to more than one iSeries system with the same profile. To limit the user profile to one sign-on, Set the system value (*SYSVAL) for LMTDEVSSN parameter on either the Create User Profile (CRTUSRPRF) or Change User Profile (CHGUSRPRF) command.
- Physical security considerations:
You are responsible for the physical security of your system when you specify *NONE for the location password (LOCPWD) parameter during APPC configuration. In this case, the iSeries system does not validate the identity of a remote system when a session is being established. However, you can still use application-level security if the remote system supports it. For example, if the remote system is an iSeries system with security level 20 or above. Security needs to be consistent across all the systems in a network if intersystem access is to be controlled and yet not unnecessarily restricted.