Kisco Systems

Kisco U

IBM i OS 7.5 TR3 Security Enhancements

Home : Kisco U : IBM i OS 7.5 TR3 Security Enhancements

We believe these four fundamental security practices are essential to any IBM i environment

  • Product lifecycle and patch management
  • Data backup and recovery
  • Dister recovery
  • Automated monitoring

So it's critical to pay attention when IBM releases major updates for the IBM i operating system. The latest update, TR3, includes several security features and enhancements. Here's a quick summary:

Access Client Solutions (ACS) VPN Create Wizard

The option displays and supports updated to the properties for connections. These can include editing policy filters and editing the interface.

Security Audit Journal

Configuration in Navigator

Until now, getting the System Security Journal configured with the exact combination of settings that you need has been confusing. With TR3, ACS consolidates this all into a single place located until Audit Journal > Configuration. The Action option will let you manipulate the needed system values.

Audit Journal SQL Services

Expanded support for AU (attribute change) and LD (link, unlink, look up directory) entries.


Digital Certificate Manager (DCM)

TR3 includes another round of changes intended to improve the Digital Certificate Manager (DCM) client in ACS. This includes the ability to create certificates with multiple names, implementation of IPv6 options, the ability to work with multiple certificates when validating or deleting certificates and the ability to import and validate certificates created with RSA keys with 8192 bits in length.

Other SQL Functions

These new or enhanced functions are applicable to monitoring and/or auditing your system security.

  • QSYS2.NETSTAT_JOB_INFO: information about jobs that use network connections

  • QSYS2.SYSTEM_VALUE_INFO: information about system values, including a new column SHIPPED_DEFAULT_VALUE that be used to track which values have been changed since new

  • QSYS2.USER_INFO_BASIC: information about user profiles, including a change in behavior to the USER_DEFAULT_VALUE column