Use activation schedules to limit the potential impact of a compromised user profile. If a user profile is compromised and the compromised activity is attempted outside of regular working hours then the break-in will not be successful at that time.
The IBM i OS "Activation Schedule" feature lets you specify what days and what hours in the day that a user profile can be used. This extends not only to terminal session signon but to all server activity, such as FTP, the system file server, etc.
Two commands are used to maintain the system Activation Schedule:
Exit points for time-of-day control
Use IBM i exit points to implement granular "time of day" access controls to specific network connected services.
Our SafeNet/i product includes this functionality out of the box for all relevant OS exit points.