IBM i security protects the system and sensitive business information against intentional and/or unintentional security breaches and threats.
System-level security : physical location and access to the machine, system wide software options.
User-level security : user ID and password.
Ressource-level security : this determines who can use an object, what rights they have to the object and which functions they can perform.
The security plan for an IBM i system must take into account the three main levels of security: system, user and resource.
Objectives → system values, adequate backup power (UPS), system auditing, system-level security, climate-controlled environment, protected from unauthorized access, log of personal movement.
*System values define the working environment. They can be thought of as setting standards that affect the entire system. To modify system values, you should have the USE right to use the CHGSYSVAL system value modification command.
⛔ some system values require special authorization, others require a prior IPL to take effect
System values are not objects, but rather control information for the operation of certain parts of the system.
*→ To make it easier to use system values, IBM i groups them into categories. → to modify a system value, you need ALLOBJ (Security Officer Class) authorization. ⛔ an additional special authorization is also required, depending on the type of system value
**→ For example, for security-related system values, you need the special SECADM authority. To modify audit system values, you need the AUDIT authority.
⛔ these safety system values are provided here for information purposes only → a thorough understanding of the system and the company's requirements is necessary before modifying any of these values
QSECURITY → security level
QSECURITY **is the system value that defines overall system security. → 40 is the recommended security level. Security level 50 is intended for systems with very high security requirements. If we designate level 50, depending on the capabilities of the machines, we can see that this affects performance due to the additional verification carried out by the system. → to modify the QSECURITY value, we need ALLOBJ and SECADM. → the modification will take effect after the IPL.