Preventing and detecting security exposures

This information is a collection of tips to help you detect potential security exposures.

• Checking for altered objects
  This topic describes how to use the Check Object Integrity (CHKOBJITG) command to look for objects that have been altered.

• Evaluating registered exit programs
  You can use the system registration function to register exit programs that should be run when certain events occur. To list the registration information on your system, type WRKREGINF OUTPUT(*PRINT).

• Checking scheduled programs
  Ensure that all scheduled programs are legitimate.

• Checking for user objects in protected libraries
  Use object authority to control who can add programs to protected libraries. User objects other than programs can represent a security exposure when they are in system libraries.

• Limiting the use of adopted authority
  When a program runs, the program can use adopted authority to gain access to objects in two different ways:

• Monitoring abnormal deletions
  The Print Private Authorities (PRTPVTAUT) command allows you to print a report of all the private authorities for objects of a specified type in a specified library, folder, or directory.

• Monitoring abnormal system use
  This topic describes the task, monitor abnormal system use, explains why it is important, and provides step-by-step instructions.

• Monitoring blatant access attempts
  Monitor access to output and job queues.

• Monitoring for new objects installed on the system
  Prevent or restrict users' from installing their own programs

• Monitoring for use of trigger programs
  This topic describes the task, monitor for use of trigger programs, explains why it is important, and provides step-by-step instructions.

• Preventing new programs from using adopted authority
  The passing of adopted authority to programs located later in the stack provides an opportunity for a knowledgeable programmer to create a Trojan horse program.

• Using digital signatures to protect software integrity
  Using digital signatures gives you greater control over which software can be loaded onto your system, and allows you more power to detect changes once it has been loaded.

• Modifying architected transaction program names
  Learn the techniques used to prevent architected transaction program names from running on the system.

Parent topic: