IBM E Server i Series Manual page 22

The iSeries console security consists of service device authentication, user
authentication, data privacy, and data integrity:
For more information, see Operations Console LAN security administration.
Operations Console LAN security administration
The following figure is intended to give you an overview of your Operations
Console LAN security. The access password (1), if correct, induces Operations
Console to send (2) the service tools device ID (QCONSOLE) and its encrypted
password to the server. The server checks the two values (3), and if they match
sends a new encrypted password to the device and also sends the console service
tools sign-on display to the PC (4). You must have a valid service tools user ID to
sign on to the console session.
16
iSeries: iSeries Access for Windows Operations Console
Service device authentication
This security assures one physical device is the console. Operations Console
local console directly attached to the server is a physical connection similar to
a twinaxial console. The serial cable you use for Operations Console using a
direct connection may be physically secured similar to a twinaxial connection
to control access to the physical console device. Operations Console local
console on a network uses a version of Secured Sockets Layer (SSL) that
supports device and user authentication, but without using certificates.
User authentication
This security provides assurance as to who is using the service device. All
problems related to user authentication are the same regardless of console
type. For more information, see Service tools.
Data privacy
This security provides confidence that the console data can only be read by
the intended recipient. Operations Console local console directly attached to
the server uses a physical connection similar to a twinaxial console or secure
network connection for LAN connectivity to protect console data. Operations
Console using a direct connection has the same data privacy of a twinaxial
connection. If the physical connection is secure as discussed under service
device authentication, the console data remains protected. To protect the data,
ensure only authorized people enter the computer room.
Operations Console local console on a network uses a secure network
connection if the appropriate cryptographic products are installed (AC3 and
CE3). The console session uses the strongest encryption possible depending
on the cryptographic products installed on the iSeries and the PC running
Operations Console. If no cryptographic products are installed, there will be
no data encryption.
Data integrity
This security provides confidence that the console data has not changed en
route to the recipient. Operations Console local console directly attached to
the server has the same data integrity as a twinaxial connection. If the
physical connection is secure, the console data remains protected. Operations
Console local console on a network uses a secure network connection if the
appropriate cryptographic products are installed (AC3 and CE3). The console
session uses the strongest encryption possible depending on the
cryptographic products installed on the iSeries and the PC running
Operations Console. If no cryptographic products are installed, there will be
no data encryption.