Security Guide for IBM i V6.1

The IBM® i operation system (formerly IBM i5/OS®) is considered one of the most secure systems in the industry. From the beginning, security was designed as an integral part of the system. The System i® platform provides a rich set of security features and services that pertain to the goals of authentication, authorization, integrity, confidentiality, and auditing. However, if an IBM Client does not know that a service, such as a virtual private network (VPN) or hardware cryptographic support, exists on the system, it will not use it.

In addition, there are more and more security auditors and consultants who are in charge of implementing corporate security policies in an organization. In many cases, they are not familiar with the IBM i operating system, but must understand the security services that are available.

This IBM Redbooks® publication guides you through the broad range of native security features that are available within IBM i Version and release level 6.1. This book is intended for security auditors and consultants, IBM System Specialists, Business Partners, and clients to help you answer first-level questions concerning the security features that are available under IBM.

The focus in this publication is the integration of IBM 6.1 enhancements into the range of security facilities available within IBM i up through Version release level 6.1. IBM i 6.1 security enhancements include:
- Extended IBM i password rules and closer affinity between normal user IBM i operating system user profiles and IBM service tools user profiles
- Encrypted disk data within a user Auxiliary Storage Pool (ASP)
- Tape data save and restore encryption under control of the Backup Recovery and Media Services for i5/OS (BRMS) product, 5761-BR1
- Networking security enhancements including additional control of Secure Sockets Layer (SSL) encryption rules and greatly expanded IP intrusion detection protection and actions.

DB2® for i5/OS built-in column encryption expanded to include support of the Advanced Encryption Standard (AES) encryption algorithm to the already available Rivest Cipher 2 (RC2) and Triple DES (Data Encryption Standard) (TDES) encryption algorithms.

The IBM i V5R4 level IBM Redbooks publication IBM System i Security Guide for IBM i5/OS Version 5 Release 4, SG24-6668, remains available.