Table of Contents
Advertisement
Operating System/400 (5722-SS1)
Security
Description
Level
Enables iSeries servers to operate at the C2 level of trust as defined by the U.S. Government. Refer to
publication DOD 5200.28-STD, "Department of Defense Trusted Computer System Evaluation Criteria"
(Orange Book) for details on the U.S. Government definition of C2 trust level.
The OS/400 operating system is distributed with the security level set to 40. A reference
manual is provide for implementing security Tips and Tools for Securing Your AS/400 ,
SC41-5300.
Network Authentication Service
Network Authentication Service provides APIs to verify the identity of a user in a network.
Application programs can use these APIs to authenticate a user and securely pass on it's
identity to other services on the network. Once a user is known, separate functions are
needed to verify the user's authorization to use the network resources. Network
Authentication Service is an implementation of:
• Kerberos Version 5 protocol as defined by RFC 1510
• Generic Security Service (GSS) application program interface (API) defined in RFCs
1509, 1964, and 2078
Many of the de facto standard Kerberos protocol APIs that are prevalent in the industry today.
The OS/400 implementation is designed for inter operability with authentication, delegation,
and data confidentiality services compliant with these RFCs such as Microsoft Windows 2000
Security Service Provider Interface (SSPI) APIs.
Security - New with V5R1
• Digital signature and object signing: Support for digital signatures on several
OS/400 object types provides an even greater degree of integrity. Software providers,
or system administrators, can add digital signatures to software. They can use those
signatures to verify the source of the software and to ensure that the software has not
been changed since it was signed. This added layer of protection against altered
software, unintentional or malicious, is also being used by the operating system to
protect itself from unauthorized changes.
• Digital Certificate Manager (DCM) restructure and enhancements: The user
interface for DCM is redesigned to improve functionality and ease-of-use.
Enhancements include support for:
– Certificate extensions
– Storing the certificate private keys using the IBM Cryptographic Coprocessor (#4758)
– Certificate Revocation Lists (CRLs)
– Digitally signing objects and verifying the signature
454
iSeries Handbook
Use of this Level
Considerations
- Quick Links:
- Table of Contents
Hide quick links:
Advertisement
Table of Contents
