IBM System i Security: Protecting i5/OS Data with Encryption


Book Description

Regulatory and industry-specific requirements, such as SOX, Visa PCI, HIPAA, and so on, require that sensitive data must be stored securely and protected against unauthorized access or modifications. Several of the requirements state that data must be encrypted. IBM® i5/OS® offers several options that allow customers to encrypt data in the database tables. However, encryption is not a trivial task. Careful planning is essential for successful implementation of data encryption project. In the worst case, you would not be able to retrieve clear text information from encrypted data. This IBM Redbooks® publication is designed to help planners, implementers, and programmers by providing three key pieces of information: Part 1, "Introduction to data encryption" on page 1, introduces key concepts, terminology, algorithms, and key management. Understanding these is important to follow the rest of the book. If you are already familiar with the general concepts of cryptography and the data encryption aspect of it, you may skip this part. Part 2, "Planning for data encryption" on page 37, provides critical information for planning a data encryption project on i5/OS. Part 3, "Implementation of data encryption" on page 113, provides various implementation scenarios with a step-by-step guide.




Security Guide for IBM i V6.1


Book Description

The IBM® i operation system (formerly IBM i5/OS®) is considered one of the most secure systems in the industry. From the beginning, security was designed as an integral part of the system. The System i® platform provides a rich set of security features and services that pertain to the goals of authentication, authorization, integrity, confidentiality, and auditing. However, if an IBM Client does not know that a service, such as a virtual private network (VPN) or hardware cryptographic support, exists on the system, it will not use it. In addition, there are more and more security auditors and consultants who are in charge of implementing corporate security policies in an organization. In many cases, they are not familiar with the IBM i operating system, but must understand the security services that are available. This IBM Redbooks® publication guides you through the broad range of native security features that are available within IBM i Version and release level 6.1. This book is intended for security auditors and consultants, IBM System Specialists, Business Partners, and clients to help you answer first-level questions concerning the security features that are available under IBM. The focus in this publication is the integration of IBM 6.1 enhancements into the range of security facilities available within IBM i up through Version release level 6.1. IBM i 6.1 security enhancements include: - Extended IBM i password rules and closer affinity between normal user IBM i operating system user profiles and IBM service tools user profiles - Encrypted disk data within a user Auxiliary Storage Pool (ASP) - Tape data save and restore encryption under control of the Backup Recovery and Media Services for i5/OS (BRMS) product, 5761-BR1 - Networking security enhancements including additional control of Secure Sockets Layer (SSL) encryption rules and greatly expanded IP intrusion detection protection and actions. DB2® for i5/OS built-in column encryption expanded to include support of the Advanced Encryption Standard (AES) encryption algorithm to the already available Rivest Cipher 2 (RC2) and Triple DES (Data Encryption Standard) (TDES) encryption algorithms. The IBM i V5R4 level IBM Redbooks publication IBM System i Security Guide for IBM i5/OS Version 5 Release 4, SG24-6668, remains available.




IBM System Storage Open Systems Tape Encryption Solutions


Book Description

This IBM® Redbooks® publication discusses IBM System Storage Open Systems Tape Encryption solutions. It specifically describes Tivoli Key Lifecycle Manager (TKLM) Version 2, which is a Java software program that manages keys enterprise-wide and provides encryption-enabled tape drives with keys for encryption and decryption. The book explains various methods of managing IBM tape encryption. These methods differ in where the encryption policies reside, where key management is performed, whether a key manager is required, and if required, how the tape drives communicate with it. The security and accessibility characteristics of encrypted data create considerations for clients which do not exist with storage devices that do not encrypt data. Encryption key material must be kept secure from disclosure or use by any agent that does not have authority to it; at the same time it must be accessible to any agent that has both the authority and need to use it at the time of need. This book is written for readers who need to understand and use the various methods of managing IBM tape encryption.




IBM i 6.1 Independent ASPs: A Guide to Quick Implementation of Independent ASPs


Book Description

This IBM® Redbooks® publication explains how to configure and manage independent disk pool (IASP) functionality of IBM i 6.1. It is designed to help IBM technical professionals, business partners, and customers understand and implement independent disk pools in the IBM i 6.1. In addition, this publication provides the background information that is necessary to plan, implement, and customize this functionality to your particular environment. It provides guidance on running user applications with either application data or most application objects residing in an independent disk pool. Considering that you can also use independent disk pools in a cluster environment, this publication shows you the basic steps to make your independent disk pool switchable between two Power SystemsTM servers or a single server with multiple LPARs. Independent auxiliary storage pools have many business and technical advantages for Power Systems using IBM i. Not only are independent auxiliary storage pools (IASPs) easy to create and maintain, most applications can use them by simple work management changes. IASPs can provide immediate benefits to your enterprise.




IBM i 6.1 Technical Overview


Book Description

This IBM® Redbooks® publication introduces a technical overview of the main new features, functions and enhancements available in IBM i 6.1 (formerly called i5/OS® V6R1). It gives a summary and brief explanation of new capabilities and what has changed in the operating system, and also discusses many of the licensed programs and application development tools associated with IBM i. Many other new and enhanced functions are described, such as virtualization of storage, security, JavaTM performance, improved performance with IBM System StorageTM devices, backup and recovery, including base IBM i, Backup, Recovery and Media Services (BRMS). The book introduces the PowerHATM product, IBM Systems Director-based system management and an easier Web enablement. The information provided in this book will be useful for customers, Business Partners, and IBM service professionals involved with planning, supporting, upgrading, and implementing IBM i 6.1 solutions.




IBM i 7.1 Technical Overview with Technology Refresh Updates


Book Description

This IBM® Redbooks® publication provides a technical overview of the features, functions, and enhancements available in IBM i 7.1, including all the Technology Refresh (TR) levels from TR1 to TR7. It provides a summary and brief explanation of the many capabilities and functions in the operating system. It also describes many of the licensed programs and application development tools that are associated with IBM i. The information provided in this book is useful for clients, IBM Business Partners, and IBM service professionals who are involved with planning, supporting, upgrading, and implementing IBM i 7.1 solutions.




IBM Power 520 Technical Overview


Book Description

This IBM Redpaper publication is a comprehensive guide covering the IBM Power 520 server, machine type model 8203-E4A. The goal of this paper is to introduce this innovative server that includes IBM System i and IBM System p and new hardware technologies. The major hardware offerings include: - The POWER6 processor, available at frequencies of 4.2 GHz and 4.7 GHz. - Specialized POWER6 DDR2 memory that provides greater bandwidth, capacity, and reliability. - The 1 Gb or 10 Gb Integrated Virtual Ethernet adapter that brings native hardware virtualization to this server. - EnergyScale technology that provides features such as power trending, power-saving, capping of power, and thermal measurement. - PowerVM virtualization technology. - Mainframe continuous availability brought to the entry server environment. This Redpaper expands the current set of IBM Power System documentation by providing a desktop reference that offers a detailed technical description of the Power 520 system. This Redpaper does not replace the latest marketing materials and tools. It is intended as an additional source of information that, together with existing sources, can be used to enhance your knowledge of IBM server solutions.




ABCs of IBM z/OS System Programming Volume 6


Book Description

The ABCs of IBM® z/OS® System Programming is an 11-volume collection that provides an introduction to the z/OS operating system and the hardware architecture. Whether you are a beginner or an experienced system programmer, the ABCs collection provides the information that you need to start your research into z/OS and related subjects. If you want to become more familiar with z/OS in your current environment or if you are evaluating platforms to consolidate your e-business applications, the ABCs collection can serve as a powerful technical tool. Following are the contents of the volumes: Volume 1: Introduction to z/OS and storage concepts, TSO/E, ISPF, JCL, SDSF, and z/OS delivery and installation Volume 2: z/OS implementation and daily maintenance, defining subsystems, JES2 and JES3, LPA, LNKLST, authorized libraries, IBM Language Environment®, and SMP/E Volume 3: Introduction to DFSMS, data set basics, storage management hardware and software, VSAM, System-managed storage, catalogs, and DFSMStvs Volume 4: Communication Server, TCP/IP, and IBM VTAM® Volume 5: Base and IBM Parallel Sysplex®, System Logger, Resource Recovery Services (RRS), global resource serialization (GRS), z/OS system operations, automatic restart management (ARM), and IBM Geographically Dispersed Parallel SysplexTM (IBM GDPS®) Volume 6: Introduction to security, IBM RACF®, digital certificates and public key infrastructure (PKI), Kerberos, cryptography and IBM z9® integrated cryptography, Lightweight Directory Access Protocol (LDAP), and Enterprise Identity Mapping (EIM) Volume 7: Printing in a z/OS environment, Infoprint Server, and Infoprint Central Volume 8: An introduction to z/OS problem diagnosis Volume 9: z/OS UNIX System Services Volume 10: Introduction to IBM z/Architecture®, IBM System z® processor design, System z connectivity, logical partition (LPAR) concepts, hardware configuration definition (HCD), and Hardware Management Console (HMC) Volume 11: Capacity planning, performance management, Workload Manager (WLM), IBM Resource Measurement FacilityTM (RMFTM), and System Management Facilities (SMF)




IBM Systems Director Navigator for i


Book Description

In this IBM® Redbooks® publication we discuss IBM Systems Director Navigator for i, which is a Web console interface for IBM i administration where you can work with the Web-enabled tasks of System i® Navigator. IBM Systems Director Navigator for i includes a number of welcome pages that allow you to quickly find the task that you want to perform. The IBM Systems Director Navigator for i interface is not just a set of URL addressable tasks, but is a robust Web console from which you can manage your IBM i system. However, the System i Navigator Tasks on the Web, which are a set of URL-addressable tasks, can be accessed by using the URL or from within the IBM Systems Director Navigator for i interface. The information in this book is intended to help you start using the Web-based console, IBM Systems Director Navigator for i, by providing you with a look at the new interface as well as tips for working with various parts of the new console.




Secure Messaging Scenarios with WebSphere MQ


Book Description

The differences between well-designed security and poorly designed security are not always readily apparent. Poorly designed systems give the appearance of being secure but can over-authorize users or allow access to non-users in subtle ways. The problem is that poorly designed security gives a false sense of confidence. In some ways, it is better to knowingly have no security than to have inadequate security believing it to be stronger than it actually is. But how do you tell the difference? Although it is not rocket science, designing and implementing strong security requires strong foundational skills, some examples to build on, and the capacity to devise new solutions in response to novel challenges. This IBM® Redbooks® publication addresses itself to the first two of these requirements. This book is intended primarily for security specialists and IBM WebSphere® MQ administrators that are responsible for securing WebSphere MQ networks but other stakeholders should find the information useful as well. Chapters 1 through 6 provide a foundational background for WebSphere MQ security. These chapters take a holistic approach positioning WebSphere MQ in the context of a larger system of security controls including those of adjacent platforms' technologies as well as human processes. This approach seeks to eliminate the simplistic model of security as an island, replacing it instead with the model of security as an interconnected and living system. The intended audience for these chapters includes all stakeholders in the messaging system from architects and designers to developers and operations. Chapters 7 and 8 provide technical background to assist in preparing and configuring the scenarios and chapters 9 through 14 are the scenarios themselves. These chapters provide fully realized example configurations. One of the requirements for any scenario to be included was that it must first be successfully implemented in the team's lab environment. In addition, the advice provided is the cumulative result of years of participation in the online community by the authors and reflect real-world practices adapted for the latest security features in WebSphere MQ V7.1 and WebSphere MQ V7.5. Although these chapters are written with WebSphere MQ administrators in mind, developers, project leaders, operations staff, and architects are all stakeholders who will find the configurations and topologies described here useful. The third requirement mentioned in the opening paragraph was the capacity to devise new solutions in response to novel challenges. The only constant in the security field is that the technology is always changing. Although this book provides some configurations in a checklist format, these should be considered a snapshot at a point in time. It will be up to you as the security designer and implementor to stay current with security news for the products you work with and integrate fixes, patches, or new solutions as the state of the art evolves.