Table of Contents
Advertisement
encryption possible, depending on the cryptographic products installed on the system and the PC
running Operations Console. Data encryption can only occur if a cryptographic product is
installed on the system.
Data integrity
This security provides confidence that the console data has not changed en route to the recipient.
An Operations Console local console that is directly attached to the system has the same data
integrity as a twinaxial connection. If the physical connection is secure, the console data remains
protected. An Operations Console local console on a network uses a secure network connection if
the appropriate cryptographic products are installed. The console session uses the strongest
encryption possible, depending on the cryptographic products installed on the system and the PC
running Operations Console. Data encryption can only occur if a cryptographic product is
installed on the system.
Data encryption
Enhanced authentication and data encryption provide network security for console procedures.
Operations Console local console on a network uses a version of SSL which supports device and
user authentication but without using certificates.
Administration
Operations Console administration allows system administrators to control access to console functions,
including the remote control panel and virtual control panel. When using Operations Console local
console on a network, device and user authentication are controlled through the service tools device ID.
Important: Consider the following situations when administering Operations Console local console over
a network:
v For the remote control panel, mode selections require security authorization for the user
that authenticates the connection, such as that provided by QSECOFR. Mode selections
include Manual, Normal, Auto, and Secure. Auto and Secure are only available on systems
with a keystick. Also, when connecting the remote control panel using a network, the
service tools device ID must have authority to the control panel data on the system or on
the partition that the remote control panel connects to.
v When a mismatch occurs in the service tools device ID password between the system and
|
|
the Operations Console PC, you might need to resynchronize the password on the system.
|
A mismatch occurs if one is the following conditions happens:
– Your PC fails.
|
– You decide to exchange the PC for a different one.
|
– You upgrade the system and Autocreate service tools device IDs on the system is set to
|
|
zero or you are using Licensed Internal Code earlier than i5/OS V6R1.
|
For more information, see Operations Console simplification.
v Because QCONSOLE is a default service tools device ID, if you choose not to use this
device ID, it is suggested that you temporarily configure a connection using this ID to
successfully connect. Then, delete the configuration but do not reset the device ID on the
system. This prevents unauthorized access from someone using the known default service
tools device ID. If you need to use this device ID later, you can reset it then using the
control panel or menus.
v If you implement a network security tool that probes ports for intrusion protection, be
aware that Operations Console uses ports 449, 2300, 2301, 2323, 3001, and 3002 for normal
operations. In addition, port 2301, which is used for the console on a partition running
Linux, is also vulnerable to probes. If your tool were to probe any of these ports, it may
cause loss of the console, which might result in an IPL to recover. These ports should be
excluded from intrusion protection tests.
17
Operations Console
Advertisement
Table of Contents
Troubleshooting
