IBM AS400 Security Procedures 下载本文

Auditor(s) Assigned Audit Date

Workpaper

Audit Objectives and Procedures Ref. By

________________________________________________________________________________________________________

K. 3 User/Group Profiles - Cont'd

K.3.4.1 Signing on with IBM-supplied user profiles that are designed to be object

owners is not permitted. Use a DSPAUTUSR list to verify that the following IBM-supplied user profiles have a password of *NONE:

QDBSHR QDFTOWN QDOC

QTSTROS

QDSNX QFNC QGATE QLPAUTO QLPINSTALL QSNADS QSPL QSPLJOB QSYS

K.3.5 Obtain a listing of user and group profiles using the following command:

To get to magnetic file: Enter [DSPUSRPRF]: press (PF4): Select output file and name the file: have the file transferred to a PC or XCOMM to mainframe where Office Services will copy the file/s to audits cc 0820 G drive.

DSPUSRPRF USRPRF(profile name) TYPE(*BASIC)

For each profile review the following settings:

K.3.5.1 GROUP (Group Profile)

Determine if members of each group are related to a common user function.

K.3.5.2 PWDEXPITV (Password Expiration Interval) UPGRPF

*SYSVAL: system default specified in QPWDEXPITV

If a number is specified it means that a specific interval has been set for this user.

K.3.5.3 CURLIB (Current Library) UPCRLB

Determine that the specified library is suitable to the user function. Ensure that this library is adequately secured.

SYSTEM SECURITY K/PROG

28

Page 10 of 22

Auditor(s) Assigned Audit Date

Workpaper

Audit Objectives and Procedures Ref. By

________________________________________________________________________________________________________

K.3 User/Group Profiles - Cont'd

K.3.5.4 LMTCPB (Limited Capability) UPLTCP

Specifies whether the user can change the initial program, initial menu, current library and attention-key-handling program values.

*NO: user may change all the values in his own user profile with the

CHGPRF command.

*PARTIAL: the initial program and current library values cannot be

changed. The initial menu value can be changed (using CHGPRF) and commands can be run from the command line of a menu.

*YES: the initial program, initial menu and current library values

cannot be changed. Some commands can be run on the command line of a menu.

E&Y recommended value: *YES for production users.

K.3.5.5 SPCAUT (Special Authority) UPSPAU

*ALLOBJ - allows unlimited access to almost every object *SECADM - allows administration of user profiles

*SAVSYS - for saving and restoring the system and data

*JOBCTL - allows manipulation of work queues and subsystems *SERVICE - allows many uncontrolled functions *SPLCTL - allows control of spool functions

*USRCLS: - user given special authorities that are appropriate for his

class

*NONE - no special authority assigned

Determine if the special authority assigned to each user class is suitable.

Generally, users and programmers should not have any special authorities. SECADM, QSECOFR, and SYSOPR by default, have *SAVSYS and *JOBCTL special authorities. IBM engineers may have *SERVICE.

E&Y recommendation: *PUBLIC must be set to *EXCLUDE.

SYSTEM SECURITY K/PROG

29

Page 11 of 22

Auditor(s) Assigned Audit Date

Workpaper

Audit Objectives and Procedures Ref. By

________________________________________________________________________________________________________

K.3 User/Group Profiles - Cont'd

K.3.5.6 INLPGM (Initial Program) UPINPG

*NONE: No initial program is used. User is given access to the

command level.

The initial program may not provide a way to exit from the program except to sign-off.

If a menu name is specified in the initial menu parameter then that menu is displayed. Ensure that there is no option in the menus/sub-menus to exit and access the command level.

K.3.5.7 INLMENU (Initial Menu) UPINMN

*SIGNOFF: the user will be signed off the system once the initial

program ends.

Menu security limits a user's capabilities and restricts the user to a predefined secured environment. The initial menu appears after the initial program terminates. Ensure that users are assigned menus and menu options that are suitable for their job functions.

The advantages of menu security are that it is easy to implement and therefore, incurs low security management cost; and provides ease to use interface.

Caveat: Initial menus are mostly user-defined and therefore, may contain loop-holes. The application design is critical to menu security.

E&Y recommendation: Use the limited capability approach where appropriate with library and object security.

K.3.5.8 LMTDEVSSN (Limit Device Sessions) UPLDVS

*(SYSVAL: the system value selected determines if the user is

limited to one device session.

*NO: does not limit the use of a user-id to one device session.

*YES: limits the use of a user-id to one device session.

E&Y recommended value: *YES or *SYSVAL and QLMTDEVSSN - Set to Option One(limit number of device sessions to one).

SYSTEM SECURITY K/PROG

30

Page 12 of 22

Auditor(s) Assigned Audit Date

Workpaper

Audit Objectives and Procedures Ref. By

________________________________________________________________________________________________________

K.3 User/Group Profiles - Cont'd

K.3.5.9 STATUS (Status of user profile) UPSTAT

K.3.5.10

K.3.5.11

Specifies whether the user profile is usable or not.

*ENABLED: profile is usable.

*DISABLED: profile is not usable.

E&Y recommendation: Inactive or dormant user profiles should be set to *DISABLE to prevent unauthorized usage.

Note that system profiles such as QSYS, QSECOFR, etc. must be set to *ENABLE.

Obtain a list of user profiles and review for the following: 1. Identify the users permitted access to individual and each group

profile.

2. Determine if all users are permitted access based on written

authorization by Departmental Management.

3. Confirm that all users are currently employed.

Determine whether unauthorized users can process critical

functions from their menu(s).

SYSTEM SECURITY K/PROG

31

Page 13 of 22