Recommended approach to testing | IBM Safenet/400 guide

Recommended approach to testing

A recommended approach to using the On-Line Transaction Testing program is:

1.Set all of the important server functions to Security Level 1, Log All. This will log all requests without affecting any users. Set your Future Server settings or use the pre- loaded recommended values.

Turn off logging on the non-critical servers to limit logging.

2.Collect your requests and print out the Security Report by User from the Network Transaction Analysis Reports Menu. Select Historical Review.

3.Set up your User to Server and User to Object, SQL, FTP, CL, etc. tables if you wish to go to Security Level 4.

4.You can use several tools provided with SafeNet/400 to test your security settings. Use the Security Report by User or the on-line version, PCTESTR. These can be run to test the collected transactions against the current or future server settings. (Use Future Setting)

5.Use ‘Show only Rejections’ on PCTESTR and ‘Print only Rejections’ on the batch report. If your settings are correct for the Security Levels being tested, you should receive messages only for transactions that would be rejected.

If any of the requests are rejected, check the message description and make the appropriate corrections to the SafeNet/400 settings. Try the transaction again.

Note: If you request Level 4, you may only get a security check to Level 3 since some servers support only up to Level 3. This is noted on each record in the On-Line Transaction Testing as “Level Requested”, “Level Checked” and “Max Level”.

	SafeNet/400 Reference Guide
	♥ Copyright 2008 MP Associates of Westchester, Inc.	7.9
	V8.50 - May 2008	7.9
	V8.50 - May 2008

Image 79

IBM Safenet/400 manual Recommended approach to testing

Contents

MP Associates of Westchester, Inc SAFENET/400 How to contact us Table of Contents 10.9 10.110.3 10.7 Group Profiles Navigating through the screens Logging Level N Setting the User Logging LevelsLogging Level a Logging Level R SafeNet Administrator Super Trusted User Control Maintain User to Server Security screen appears Entering User Security Levels ALL Active Servers Entering User Authorities to Objects Add New Object Authorization screen appearsWork User to Object Security screen is displayed Not Allowed for library Not Allowed for object Reminder Exclusions Copyright 2008 MP Associates of Westchester, Inc V8.50 May Maintain Authorized SQL Statements screen appears Entering User Authorities to SQL StatementsWork User to SQL Statements screen is displayed Type the user profile, the Group or *PUBLIC, then Enter Copyright 2008 MP Associates of Westchester, Inc V8.50 May Type the user profile or *PUBLIC then Enter Entering User Authorities to FTP StatementsWork with Authorized FTP Statements screen appears Path Encrypted List Format Using FTP ClientUsing FTP Server Name Format Maintain Authorized CL Commands screen appears Work User to CL Commands, Enter User ID screen is displayedType each CL command that this user is permitted to use Copyright 2008 MP Associates of Westchester, Inc Maintain Path Names screen appears Entering Long Path Names Copyright 2008 MP Associates of Westchester, Inc Removing a User from SafeNet/400 Copy SafeNet User/Authorities screen is displayedRemove Users from SafeNet screen appears Maintain all Security for a User Authorized to At this time? Setting up Time of Day Controls Type the user profile, Enter and then press F10 User Time-of-Day Maintenance screen appears Copyright 2008 MP Associates of Westchester, Inc V8.50 May Copyright 2008 MP Associates of Westchester, Inc Setting UP Servers Level SafeNet/400 Server Function Security Levels Level Setting the Server Function Logging Levels Intermediate Server Security Supported by all Servers Basic Server Security Supported by all ServersAdvanced Server Security Supported by Specific Servers Level 1, Log None Recommended Server Settings Level 1, Log None Level 3, Log All Limit user Distributed Data Management Level 1, Log All Log all requests Pwrdwnsys Maintain Server Security screen is displayed Entering Server Function Security Levels Copyright 2008 MP Associates of Westchester, Inc Customer Exit Programs Copyright 2008 MP Associates of Westchester, Inc Setting up Telnet Restricting Access to Specific Device Names Controlling Telnet Access by IP Address Setting the Required Password Type Allow Auto Signon Enter the password type 0 or 1 is required Logging of Telnet Sessions Turning on TCP/IP Address Checking Setting up TCP/IP Address ControlsType Wrksrv Example Setting up TCP/IP Address Control Table Copyright 2008 MP Associates of Westchester, Inc Anonymous FTP Logon Libname Parameter Screen Selections Value DescriptionUse Wrktcpipa *FTPSERVER Use Wrktcpipa *FTPCLIENT Recommended that you leave this as Profilename Pword Password of *NONE and *USER for Example Setting up for Anonymous FTPLocate the FTP Logon Server point Page Select Option 6 Work with User to CL Command Security Setting up for Normal User IDs and FTP ServersPage Dynamic Host Configuration Protocol Dhcp Control and Reports Menu appears Working with Dhcp Current Dhcp Activity Copyright 2008 MP Associates of Westchester, Inc Maintaining MAC Addresses Fixed IP Addresses Purging Expired Dhcp Lease Information Ping Checker Reports Setup Reports Usage Reports Copyright 2008 MP Associates of Westchester, Inc Security Report by User in test mode Menu SN4, Option Testing Your Security Settings Copyright 2008 MP Associates of Westchester, Inc Security Levels to Check field Copyright 2008 MP Associates of Westchester, Inc Copyright 2008 MP Associates of Westchester, Inc V8.50 May On the Print Security Report screen fill in the following Batch Transaction Test Review/Report Security Report by User Copyright 2008 MP Associates of Westchester, Inc V8.50 May Copyright 2008 MP Associates of Westchester, Inc Recommended approach to testing Pcreview Copyright 2008 MP Associates of Westchester, Inc V8.50 May Copyright 2008 MP Associates of Westchester, Inc Log file Purge Strprg DAYS060 To perform a standard purge Strprgarc DAYS060 ARC*YES PRT*YES PRTR*NO RMVDEL*NO To purge the log and archive the records Automating the One Step Security Report Automating the log file purge Strprgarc DAYS005 Strprgarc DAYS001 Enter command Chgspcset LOGALL*NO Daily Backup ProcedureChgspcset LOGALL*YES to begin logging Copyright 2008 MP Associates of Westchester, Inc Before de-activating De-activating SafeNet/400 To activate or de-activate SafeNet/400 Removing SafeNet/400 from your system Copyright 2008 MP Associates of Westchester, Inc 10.1 Error Message Received on the System 10.2 Check the request log for a ‘REJECTED’ response Error Message Received on the Client10.3 10.4 10.5 Also try Endtcpsvr *ALL, Endhostsvr *ALL then Strtcp If you still cannot resolve the problem10.6 10.7 Examples of Client Error Messages 10.8 10.9 Error Codes which Appear in the Log 10.10 10.11 Additional Troubleshooting Tips 10.12 11.1 Resetting Level 5 within SafeNet/400 11.2 Select Option 6 Activate/De-Activate SafeNet/400 11.3 Pre-Power Down Program Point 11.4 Using Automatic Alert Notification Creating a Distribution List Activating SafeNet/400 Alert Notification11.5 11.6 Profile SwappingOPT SafeNet/400 RQD Maintain Authorized Swap Profiles screen appears Setting up a Swap Profile11.7 11.8 Journaling SafeNet/400 Security Files 11.9 Errord FileFiles Contained in SafeNet/400 Traparcw File 11.10 Trapod File Commands Description SafeNet/400 Commands11.11 11.12 11.13 Wrkusrsec 11.14 12.1 Server Function Descriptions 12.2 Original Servers Levels Supported Where usedServer Identifier Format Name 12.4 12.5 Limitations 12.6 12.7 Usrlibl ALL 12.8 12.9 Original Message Server Description Original Message Server 12.10 12.11 12.12 12.13 Optimized Servers 12.14 12.15 12.16 12.17 12.18 12.19 Access to System i5 database through Odbc interface Database Server Entry Description Database Server Entry 12.21 Usage 12.22 12.23 12.24 12.25 12.26 Data Queue Server Description Data Queue Server 12.27 12.28 12.29 Access to entire file systemFile Server Description File Server Windows Explorer and other applications 12.30 Allflr ALL 12.31 Personnel ALL 12.32 PAYROLL.LI SALARY.FIL Usage Notes/Limitations Recommended Setting Level 4, Log All12.33 12.34 12.35 FTP Logon Server Description FTP Logon Server 1 12.36 FTP Logon Server Description FTP Logon Server 2 12.37 FTP Logon Server Description FTP Logon Server 3 12.38 12.39 12.40 12.41 Pre-Power Down Description Pre-Power Down Server 12.42 Usage Notes Rexec Logon Server Description Rexec Logon Server 112.43 12.44 Rexec Logon Server Description Rexec Logon Server 2 12.45 12.46 Important Notes on setting up a user for ShowCase** Strategy 12.47 TCP Signon Server Description TCP Signon Server 12.48 12.49 12.50 Server Identifier Format Index Public