Security Guide for IBM i V6.1
An IBM Redbooks publication
Published 29 May 2009
IBM Form #: SG24-7680-00
Authors: Jim Cook, Juan Carlos Cantalupo, MinHoon Lee
The IBM® i operation system (formerly IBM i5/OS®) is considered one of the most secure systems in the industry. From the beginning, security was designed as an integral part of the system. The System i® platform provides a rich set of security features and services that pertain to the goals of authentication, authorization, integrity, confidentiality, and auditing. However, if an IBM Client does not know that a service, such as a virtual private network (VPN) or hardware cryptographic support, exists on the system, it will not use it.
In addition, there are more and more security auditors and consultants who are in charge of implementing corporate security policies in an organization. In many cases, they are not familiar with the IBM i operating system, but must understand the security services that are available.
This IBM Redbooks® publication guides you through the broad range of native security features that are available within IBM i Version and release level 6.1. This book is intended for security auditors and consultants, IBM System Specialists, Business Partners, and clients to help you answer first-level questions concerning the security features that are available under IBM.
The focus in this publication is the integration of IBM 6.1 enhancements into the range of security facilities available within IBM i up through Version release level 6.1. IBM i 6.1 security enhancements include:
- Extended IBM i password rules and closer affinity between normal user IBM i operating system user profiles and IBM service tools user profiles
- Encrypted disk data within a user Auxiliary Storage Pool (ASP)
- Tape data save and restore encryption under control of the Backup Recovery and Media Services for i5/OS (BRMS) product, 5761-BR1
- Networking security enhancements including additional control of Secure Sockets Layer (SSL) encryption rules and greatly expanded IP intrusion detection protection and actions.
DB2® for i5/OS built-in column encryption expanded to include support of the Advanced Encryption Standard (AES) encryption algorithm to the already available Rivest Cipher 2 (RC2) and Triple DES (Data Encryption Standard) (TDES) encryption algorithms.
The IBM i V5R4 level IBM Redbooks publication IBM System i Security Guide for IBM i5/OS Version 5 Release 4, SG24-6668, remains available.
Table of contents
Part 1. Security concepts
Chapter 1. Security management practices
Chapter 2. Security process and policies
Chapter 3. IBM i security overview
Part 2. The basics of IBM i security
Chapter 4. IBM i security fundamentals
Chapter 5. Security tools
Chapter 6. Security audit journal
Chapter 7. Confidentiality and integrity
Chapter 8. Disk and tape data encryption
Part 3. Network security
Chapter 9. TCP/IP security
Chapter 10. Cryptographic support
Chapter 11. Virtual private network
Chapter 12. Firewalls
Part 4. Authentication
Chapter 13. IBM i authentication methods
Chapter 14. Single sign-on
Part 5. Security management
Chapter 15. Regulations and standards
Chapter 16. Security monitoring
Chapter 17. Considerations and recommendations
Appendix A. LPAR security considerations
Appendix B. Operations Console
Appendix C. Applications and middleware security considerations
Appendix D. Program temporary fixes
Others who read this publication also read
Follow IBM Redbooks
Follow IBM Redbooks