The following series of screens demonstrates how you can setup and control network security on your iSeries server (AS/400) using SafeNet/400. After installing the product, the following main menu will be displayed on your system:
Menu option #1 allows you to review and change Server Security Settings. When you choose this option from the Main Menu, the following screen is displayed:
This screen lists all of the server functions that are available on your iSeries system. The exact number of server functions displayed will vary depending on which release of OS/400 your system is running and what PTF level your system has installed. From this screen, you can activate different levels of SafeNet/400 security features. We recommend that you start your installation by leaving the servers available for unlimited access (level 1) with logging all information (log setting A'). This will allow you to accumulate information about how the server functions are being used on your system. Once your baseline use is established, you can then return to this display and begin the process of tightening up server security on your system.
When you choose to specify user security, you can then modify SafeNet/400 to control which users are allowed to use the various server functions on your system. Once this feature is activated, you can select option #2 from the Main Menu. When you do, you can specify which user profile rule set you want to work with and then the following screen will be displayed:
From here, you can make changes to limit the selected user so that they can only use the server functions that you want them to have access to. You can also specify the logging level for this user's accesses to various servers and control the priority for this user when attached to various servers.
Once user server security is set up, you can also control specific object access by selecting menu option #3 from the Main Menu:
From here, you can limit access to specific libraries on your system and even specific objects or groups of objects within each library.
When you want to add access controls by user profile for SQL functions, you must return to the Main Menu and selection option #4:
The above list of SQL statements will be displayed. From here, you can implement controls for the selected user on the specific SQL statements that you want them to be able to use.
SafeNet/400 also lets you control remote FTP access to your system. Menu option #5 on the main menu gives you access to the FTP settings. Once you have selected the user profile to contol, the following screen will be displayed:
Using this display, you can grant permission for the user to use the indicated FTP functions on your system. If the user is not granted specific permission, then their FTP requests will be refused.
SafeNet/400 gives you control over the CL commands that can be issued by each network user on your system. When you select menu option #6 from the main menu, the following screen is shown after you select the user you want to set up:
Using this screen, you can authorize a network user to have access to *ALL CL commands or just specific CL commands that you place in the list.
Another feature of SafeNet/400 lets you control which TCP/IP Addresses can gain access to your system via Telnet, FTP and Work Station Gateway (WSG). The following screen is an example of a setup screen for Telnet:
Using this screen, you can list known IP addresses that you want to grant access to. Once this is activated, Telnet requests from all other IP addresses are denied. This screen also enables automatic signon, providing protection for your user profiles from snoopers on the Internet.