The IBM® i operation system (formerly IBM i5/OS®) is considered one of the most secure systems in the industry. From the beginning, security was designed as an integral part of the system. The System i® platform provides a rich set of security features and services that pertain to the goals of authentication, authorization, integrity, confidentiality, and auditing. However, if an IBM Client does not know that a service, such as a virtual private network (VPN) or hardware cryptographic support, exists on the system, it will not use it.

In addition, there are more and more security auditors and consultants who are in charge of implementing corporate security policies in an organization. In many cases, they are not familiar with the IBM i operating system, but must understand the security services that are available.

This IBM Redbooks® publication guides you through the broad range of native security features that are available within IBM i Version and release level 6.1. This book is intended for security auditors and consultants, IBM System Specialists, Business Partners, and clients to help you answer first-level questions concerning the security features that are available under IBM.

The focus in this publication is the integration of IBM 6.1 enhancements into the range of security facilities available within IBM i up through Version release level 6.1. IBM i 6.1 security enhancements include:

- Extended IBM i password rules and closer affinity between normal user IBM i operating system user profiles and IBM service tools user profiles

- Encrypted disk data within a user Auxiliary Storage Pool (ASP)

- Tape data save and restore encryption under control of the Backup Recovery and Media Services for i5/OS (BRMS) product, 5761-BR1

- Networking security enhancements including additional control of Secure Sockets Layer (SSL) encryption rules and greatly expanded IP intrusion detection protection and actions.

DB2® for i5/OS built-in column encryption expanded to include support of the Advanced Encryption Standard (AES) encryption algorithm to the already available Rivest Cipher 2 (RC2) and Triple DES (Data Encryption Standard) (TDES) encryption algorithms.

The IBM i V5R4 level IBM Redbooks publication IBM System i Security Guide for IBM i5/OS Version 5 Release 4, SG24-6668, remains available.

Part 1. Security concepts

Chapter 1. Security management practices

Chapter 2. Security process and policies

Chapter 3. IBM i security overview

Part 2. The basics of IBM i security

Chapter 4. IBM i security fundamentals

Chapter 5. Security tools

Chapter 6. Security audit journal

Chapter 7. Confidentiality and integrity

Chapter 8. Disk and tape data encryption

Part 3. Network security

Chapter 9. TCP/IP security

Chapter 10. Cryptographic support

Chapter 11. Virtual private network

Chapter 12. Firewalls

Part 4. Authentication

Chapter 13. IBM i authentication methods

Chapter 14. Single sign-on

Part 5. Security management

Chapter 15. Regulations and standards

Chapter 16. Security monitoring

Chapter 17. Considerations and recommendations

Appendix A. LPAR security considerations

Appendix B. Operations Console

Appendix C. Applications and middleware security considerations

Appendix D. Program temporary fixes