Here is your iSeries security tip for August, 2006 from SkyView Partners, Inc., World Class i5/OS and OS/400 Security Experts.

This is to enable Help Desk personnel and Administrators to service users who have forgotten their password. They can change the password to something simple and require the user to change the password after sign on. If you continue to have a problem with default passwords on your system, check to see who has *SECADM special authority and access to the CHGUSRPRF command. In addition, make sure your policy and procedures prevent the Administrators and Help Desk from setting the password to a default password.Changing just one of the password system values (the system values beginning with QPWD*) from their default setting causes i5/OS to not allow users to change their password to a default password. That is, they cannot change their password to be the same as their user profile name. However, if the user has access to the Change User Profile (CHGUSRPRF) command and has *SECADM special authority, the password composition rule system values are (intentionally) by-passed by i5/OS, including the check for a default password.

This is to enable Help Desk personnel and Administrators to service users who have forgotten their password. They can change the password to something simple and require the user to change the password after sign on. If you continue to have a problem with default passwords on your system, check to see who has *SECADM special authority and access to the CHGUSRPRF command. In addition, make sure your policy and procedures prevent the Administrators and Help Desk from setting the password to a default password.

Policy Minder Version 1.1 is now available for download from the SkyView Partners website. Just login with your user id and password and choose the option to Download a product. Policy Minder 1.1 provides additional flexibility when importing templates for the User profile, Library authority and Directory authority categories. In Version 1.0, when importing templates, any templates existing on the target system were deleted and replaced with the imported templates. Now, you can specify to not replace the templates. If you don't replace templates, any existing templates on the target system will be preserved. If a template that is being imported has the same name as an existing template on the target system, the imported template will have a number added to the end of the name, as in *USERS_01. In addition, the Check and FixIt attributes of the template are also imported. Note: To use the new Import features, both the target and the source systems must be at Policy Minder 1.1.

Policy Minder Tip - Importing Policies.
Since the main focus of Policy Minder Version 1.1 is Import enhancements, let’s talk about how and why you might use the Import function. Any time you have more than one system you may want to consider using the Import policy option. To import a policy, take option 61 from the Policy Minder Main Menu or you can run or schedule the IMPPOL command found in the SKYVIEWPMP library.

Importing policies can be used to: • Make sure your production and QA systems and applications are configured with the same security settings. • Propagate policies that are common for all systems in your organization • Check to make sure your fail-over system is configured the same as your production system before you attempt a roll-swap in a high availability (HA) environment.

Want to know more about SkyView Policy Minder? Join a free Webinar.

Are you overwhelmed with the details of managing your security policy compliance requirements? Let SkyView Policy Minder automate that process. IBM thought enough of SkyView products to certify them as ‘Server Proven” and as “i5/OS ready”.

Can your security implementation “take the heat”? Much of the country has suffered with incredible heat waves this summer. As more demands were placed on our power grids, some of them failed. Why? They couldn’t take the stress or the heat. Many security configurations that, if put to the test, wouldn’t be able to “take the heat” of someone attempting to inappropriately access private or company confidential data. To know for sure whether your system is able to withstand the next “heat wave” run SkyView Risk Assessor for OS/400 and i5/OS.

Sincerely,