Regardless of what hardware platform you’re running your business on or what software package you’re using, security should be your No. 1 priority. If it’s not, there may come a time when you’ll wish that it had been. It’s kind of like insurance. Until you need it, it’s a real pain to have to pay for it. And until someone crashes your system because he hacked his way through the holes you left on your server, worrying about security is something most of us would rather leave to someone else.

At Midrange Computing, we think security should be on the mind of every person in an IT shop. This issue of MC is focused on bringing you a wealth of security information for every level of experience. Information that you and your staff can begin using immediately to lock down your AS/400 and related systems, so that, when some unauthorized hacker comes calling, he’ll find nothing but a locked door.

There are many steps you can take to lock down your AS/400’s security, but a logical approach would work best, starting at the most basic level and working forward. In “Take Security to the Next Level,” John Earl, who writes the “Security Patrol” feature every month (see page 123), takes you on a step-by-step journey to upgrading your AS/400 from security level 30 to security level 40. John not only provides you with sound business reasons for making this upgrade but also warns you about some of the pitfalls you may face along the way. Running at the highest possible security level your shop can handle will go a long way toward making your AS/400 and your data secure.

After you’ve upgraded your AS/400 to level 40, what else can you do to secure your system and data? How about preventing unauthorized access to your data files? In “Object Level Security and Your Applications,” Christopher J. Devous gives you a unique take on something most of us consider mundane: database access. Chris’s article shows you why you shouldn’t take database security for granted. He explores the various methods of database access to a record, some of which you may have never even considered. Chris also provides suggestions on how to plug holes before your data can leak out.

OK...your system’s running at security level 40, your databases are secured, and you’re feeling pretty good about things, right? What about all those folks who are accessing your AS/400 from PCs via Client Access or the World Wide Web? Have you plugged those holes yet? In “Understanding Exit Programs,” Paul Culin provides the background and information and even some examples on exit programs so that you can understand what holes may exist on your system. Everything from TCP/IP services, such as FTP and Telnet, to access to your Web serving AS/400 through the HTTP server

exposes your business to risk. One thing you can do to minimize that risk is to use exit programs to close the gaps. Paul takes the mystery out of using exit programs and gives you some immediately useful information.

There’s another area you should be concerned with for your TCP/IP-connected AS/400 or PC Server, and that is unauthorized access to your system through holes you probably didn’t even know existed. In “Scan Your Way To Port Security,” Which can be found at www.midrangecomputing.com/mc. Vince LeVeque explains how a hacker can get into your system using TCP/IP services that you probably didn’t know were running. Vince details the various means a hacker might use to breach your system and provides you with a tool you can use to scan your own system for open ports.

Security has never been more important than it is today. Plan for potential security violations now so that you won’t have to deal with security breaches later on.