Get his FREE Security e-book when you sign up for his valuable Security newsletter.
Dan Reihl, from http://www.securemyi.com/
These are the chapters:
1. Restricting the change of Security Related System Values
2. Libraries Higher than QSYS
3. The Security Tools Menu
4. How secure are your Passwords?
5. Disabled and Forgotten QSECOFR
6. System Service Tools Profiles Management Tips
7. Security Policy?
8. Journaling your files and other objects
9. How-to start Journaling
10. And your Save Restore backup media?
11. Nefarious Masqueraders
12. Where Does *PUBLIC Get All That Authority?
13. Making System Value QCRTAUT More Restrictive
14. Keep Users from Adding Files to Libraries
15. The Nasty Exposures inherent in iSeries QUERY
16. SQL vs i/OS Assignment of Authorities
17. Restoring Private Authorities
18. Securing IFS files
19. IFS and Adopted Authority
20. Using i/OS Security Auditing
21. Starting Security Auditing
22. Are you auditing security related events?
23. Auditing inquisitive users
24. More on User Auditing
25. More on Object Auditing
26. Auditing in the IFS
27. Setting the auditing value for newly created objects
28. Wait! Don’t kill ALL those trees!
30. Capture Unauthorized Access Attempts
31. Who Belongs to That Group Profile?
32. The Exposures in assigning excess Special Authorities
33. Determining who has special authorities
34. User Profiles with Limited Capabilities
35. LMTCPB Warning
36. Clear-Text Passwords John Earl
37. User Profiles with Matching Passwords
38. Resetting User Profiles and Passwords
39. Can I make passwords bulletproof?
40. User Profile Naming Rules
41. But what about Insiders and Social Engineering?
42. Quick Reporting on User Profiles
43. Just what can a disabled user profile do?
43. Scheduled User Profile activation
44. Handling Dormant Users
45. Hijacking a User Profile
46. Having your way with *ALLOBJ
47. Tracking QSECOFR with the Security APIs
48. The SWPUSER Program
49. Debugging FTP Sessions
50. DDM and Limit Capabilities? I don't think so!
51. Exposures of DDM and other TPN Communication Requests
52. Slowing FTP DOS(Denial-of-Service) attacks
53. Who’s accessing my FTP Server?
54. Passwords in Batch FTP
55. Signon Screen Password Exposure
56. Change the Signon Display File
57. Don’t tell all you know on the Signon Screen
58. Securing Output Queues and Spooled files
59. Who said you had to spool sensitive reports?
60. Securing the QSYSOPR Message Queue
"Take the 5 Minute Security Test"
Dan presents this Podcast in which he reveals some common System i security vulnerabilities and explains how you can test your own system to determine if it is vulnerable.
Listen to the Podcast!