Skip to main content

Security Guide for IBM i V6.1

An IBM Redbooks publication

Note: This is publication is now archived. For reference only.


Published on 29 May 2009

  1. .EPUB (4.9 MB)
  2. .PDF (5.6 MB)

Google Play Books

Share this page:   

ISBN-10: 0738432865
ISBN-13: 9780738432861
IBM Form #: SG24-7680-00

Authors: Jim Cook, Juan Carlos Cantalupo and MinHoon Lee

    menu icon


    The IBM® i operation system (formerly IBM i5/OS®) is considered one of the most secure systems in the industry. From the beginning, security was designed as an integral part of the system. The System i® platform provides a rich set of security features and services that pertain to the goals of authentication, authorization, integrity, confidentiality, and auditing. However, if an IBM Client does not know that a service, such as a virtual private network (VPN) or hardware cryptographic support, exists on the system, it will not use it.

    In addition, there are more and more security auditors and consultants who are in charge of implementing corporate security policies in an organization. In many cases, they are not familiar with the IBM i operating system, but must understand the security services that are available.

    This IBM Redbooks® publication guides you through the broad range of native security features that are available within IBM i Version and release level 6.1. This book is intended for security auditors and consultants, IBM System Specialists, Business Partners, and clients to help you answer first-level questions concerning the security features that are available under IBM.

    The focus in this publication is the integration of IBM 6.1 enhancements into the range of security facilities available within IBM i up through Version release level 6.1. IBM i 6.1 security enhancements include:

    - Extended IBM i password rules and closer affinity between normal user IBM i operating system user profiles and IBM service tools user profiles

    - Encrypted disk data within a user Auxiliary Storage Pool (ASP)

    - Tape data save and restore encryption under control of the Backup Recovery and Media Services for i5/OS (BRMS) product, 5761-BR1

    - Networking security enhancements including additional control of Secure Sockets Layer (SSL) encryption rules and greatly expanded IP intrusion detection protection and actions.

    DB2® for i5/OS built-in column encryption expanded to include support of the Advanced Encryption Standard (AES) encryption algorithm to the already available Rivest Cipher 2 (RC2) and Triple DES (Data Encryption Standard) (TDES) encryption algorithms.

    The IBM i V5R4 level IBM Redbooks publication IBM System i Security Guide for IBM i5/OS Version 5 Release 4, SG24-6668, remains available.

    Table of Contents

    Part 1. Security concepts

    Chapter 1. Security management practices

    Chapter 2. Security process and policies

    Chapter 3. IBM i security overview

    Part 2. The basics of IBM i security

    Chapter 4. IBM i security fundamentals

    Chapter 5. Security tools

    Chapter 6. Security audit journal

    Chapter 7. Confidentiality and integrity

    Chapter 8. Disk and tape data encryption

    Part 3. Network security

    Chapter 9. TCP/IP security

    Chapter 10. Cryptographic support

    Chapter 11. Virtual private network

    Chapter 12. Firewalls

    Part 4. Authentication

    Chapter 13. IBM i authentication methods

    Chapter 14. Single sign-on

    Part 5. Security management

    Chapter 15. Regulations and standards

    Chapter 16. Security monitoring

    Chapter 17. Considerations and recommendations

    Appendix A. LPAR security considerations

    Appendix B. Operations Console

    Appendix C. Applications and middleware security considerations

    Appendix D. Program temporary fixes