Years ago, when I had a metabolism that permitted me to stay up late, I watched The Tonight Show before going to sleep. In one recurring bit, Johnny Carson would read a news article, and Ed McMahon would follow it by bellowing the "everything you ever wanted to know" incantation. I was reminded of this when I was reviewing ExpertAnytime because security expert Carol Woodbury's self-paced Windows videos contain not only everything you ever wanted to know, but also everything you should know about OS/400 security.
These training videos come in a series of eight with three to four Windows videos per series. Topics cover the range of administration, implementation, justification, and programming. All security topics that can be covered are covered, and while I can't break down everything in this limited space, I hope to provide a synopsis for anyone considering being trained in OS/400 security.
The first series is fundamental to any shop, regardless of platform. Directed at administrators, it addresses the issue of security policies, which coincidently is the name of the series. Woodbury is very careful not to be dogmatic. The concept of a security policy is alien to many institutions, and the nature of each company is unique. Instead of insisting that you must do this or that, the videos first define what a security policy is. Then, they explain how a security policy may be applied for your particular set of circumstances. The last video in this series concerns what happens when third-party software is purchased. Software vendors have their own security standards that may not conform to your requirements. A well-established set of rules may assist in ironing out the differences.
The next two video series are "General OS/400 Security" and "System Values." They cover security features available directly from the 5250 command line with particular attention to the SECTOOLS menu. Each security system value is described, and an explanation is provided for all options. Once again, dogma and rigidity are left out, instead providing the listener with the tools to determine the best solution.
It has been said that iSeries Navigator "is the best tool nobody is using." After watching series four, "Managing Security," at least you will know how, even if you choose not to. A comprehensive guide to using the iSeries Navigator to control various aspects of OS/400 security is provided here.
Authorization lists, validation lists, adopted authority, and object authority are covered in series five, "Miscellaneous Security Topics," and six, "Object Level Security." Woodbury offers interesting examples that may make you revise your thinking regarding user access.
The first six sets in this video series give you lots of tools to put into your security toolbelt. Having the knowledge of different methods of security implementation means that you can ensure that all users, developers, and managers have precisely the access they need to have--and no more. No one will be able to access the dark corners of your system, where they shouldn't be in the first place.
Series seven, "Designing Secure Applications," is directed at software developers, but it could just as easily be addressing project managers who are putting together a new set of secure software. ""Native and Web-based applications are the targets.
The final series, "Encryption Techniques," concerns digital encryption and SSL technologies. There are extraordinarily few iSeries or AS/400 boxes running today that don't have some form of remote access through the Web, Telnet, FTP, or some other means. Administering a safe system is essential. Expert Anytime delivers the facts and shows step by step how a successful configuration and implementation of SSL may be achieved.
I must admit that prior to watching the videos, I thought I knew more about OS/400 security than I actually did. The videos opened my eyes to some interesting possibilities for making my client's site more secure while maintaining user access and for improving application performance.
ExpertAnytime by security expert Carol Woodbury is available either as a complete series or separately at I strongly recommend a visit to the Web site.
David G. Abramowitz is an independent consultant.
8001 Irvine Center Drive, Suite 400
Irvine, CA 92618
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Tel: 949-595-8252
MC Press Online