Transcription
PasswordResetTMThe Password Management Component ofUser ManualVersion 04Updated: November 11, 2015
Copyright Notice Copyright Raz-Lee Security Inc. All rights reserved.This document is provided by Raz-Lee Security for information purposes only.Raz-Lee Security is a registered trademark of Raz-Lee Security Inc. Action, System Control, UserManagement, Assessment, Firewall, Screen, Password, Audit, Capture, View, Visualizer, FileScope, AntiVirus, AP-Journal are trademarks of Raz-Lee Security Inc. Other brand and product names aretrademarks or registered trademarks of the respective holders. Microsoft Windows is a registeredtrademark of the Microsoft Corporation. Adobe Acrobat is a registered trademark of Adobe SystemsIncorporated. Information in this document is subject to change without any prior notice.The software described in this document is provided under Raz-Lee’s license agreement.This document may be used only in accordance with the terms of the license agreement. The softwaremay be used only with accordance with the license agreement purchased by the user. No part of thisdocument may be reproduced or retransmitted in any form or by any means, whether electronically ormechanically, including, but not limited to: photocopying, recording, or information recording andretrieval systems, without written permission given by Raz-Lee Security Inc.Visit our website at http://www.razlee.com.Record your Product Authorization Code Here:Computer Model:Serial Number:Authorization Code:Password Reset User Manual Version 42About this Manual
About this ManualWho Should Read This BookThis user manual is intended for system administrators and security administrators responsible for theimplementation and management of security on System i systems. However, any user with a basicknowledge of System i operations will be able to make full use of this product after reading this book.Product Documentation OverviewRaz-Lee takes customer satisfaction seriously. Our products are designed for ease of use by personnel atall skill levels, especially those with minimal System i experience. The documentation package includes avariety of materials to get you up to speed with this software quickly and effectively. We hope you findthis user manual informative; your feedback is important to us. Please send your comments about thisuser manual to docs@razlee.com.Printed MaterialsThis user manual is the only printed documentation necessary for understanding Password It is availablein user-friendly PDF format and may be displayed or printed using Adobe Acrobat Reader version 6.0 orhigher. If you do not have Acrobat Reader, you can download it from the Adobe website:http://www.adobe.com/.Typography Conventions Menu options, field names, screen names, and function key names are in Bold.References to chapters or sections are written in Italic.IBM i (OS/400) system messages are in Bold Italic.IBM i (OS/400) commands are in New Courier.Key combinations are separated by a dash, for example: Shift-Tab.Password Reset User Manual Version 43About this Manual
Table of ContentsAbout this Manual . 3Who Should Read This Book . 3Product Documentation Overview . 3Printed Materials . 3Typography Conventions . 3Password Reset Overview . 7Other iSecurity Products . 8Getting Started. 10Standard Fields, Options, and Command Keys . 10Accessing Password Reset . 11Initial Setup . 12Working with Password Reset . 13Persons . 13Create a New Person. 13Modify a Person . 15Copy a Person . 17Delete a Person . 18Add Private Questions for a Person . 18Delete Private Questions for a Person . 19Identification . 20Add P-R Classes . 20Modify P-R Classes . 23Copy P-R Classes . 24Delete a P-R Class . 25Add a Role/System . 26Modify the System for a Role. 29Copy a Role/System . 31Delete a Role/System . 32Definitions . 32Add a Location . 33Delete a Location . 34Add a Department. 35Delete a Department . 37Password Reset User Manual Version 44About this Manual
Add a Position . 38Delete a Position . 40Add Standard Questions . 41Modify Standard Questions . 43Copy Standard Questions. 44Delete Standard Questions . 45Display Error ID Descriptions . 46Reporting . 48Create a New Query . 48Modify a Query . 55Copy a Query . 57Delete a Query . 58Run a Query . 58Print a Query . 60Rename a Query . 62Run a Query as a Batch Job . 63Explanation and Classification of a Query . 65Schedule a Query . 66Unschedule a Query . 67Select a Query for DISPLAY . 67Select a Query for PRINT . 68Select a Query for SUBMIT. 69Test Password Reset . 70Change Current User Questions . 71Copy HR Data . 73Restart Correlation Project . 74Work with Field Correlation . 75Implement Setup Definition. 77Copy Local Users Data . 78Schedule Copy Local Users. 79Control . 80Activation . 80End Real Time Auth on Demand Screen . 82Work with Subsystems. 83Create Special User FORGOTyyy . 84Password Reset User Manual Version 45About this Manual
System Configuration . 85Authentication Control . 85Initial Process Questions . 88Initial Process Defaults . 89Customize Password Reset Messages. 90Copy Screen Text Screen . 91Copy Attributes . 92Maintenance Menu. 94Trace Definition Modifications . 94Add Journal . 94Remove Journal. 95Display Journal . 96Uninstall . 98BASE Support . 98Other . 99Operators and Authority Codes . 103General . 109Network Support. 118Resetting Your Password . 127Resetting From the Sign On Screen . 127Resetting From a Web Browser . 131Comments . 135Password Reset User Manual Version 46About this Manual
Password Reset OverviewOne of the biggest time wasters for any organization is password resetting. Various surveys suggest thatthe time lost for this is up to 40 minutes for each password and that as many as 50% of the help deskcalls are for password resets.Organizations addressing the sensitive issue of how to best manage System i user passwords can nowenable their users to reset their own passwords with minimal effort or exposure. Password Reset, partof the iSecurity suite, allows users to verify themselves after composing personal questions withanswers that only they know.This unique and reliable solution allows a help desk to automatically assist users, without compromisingeither security or the efficiency of procedures.Password Reset is simple to use and administer by all relevant personnel: users, system administrators,and help desk staff. It enables an enterprise to introduce first time use of a straightforward passwordcontrol mechanism into the organization with minimum overhead, while ensuring that a user's passwordis not known to anyone except the user.After a user creates a password profile for self-authentication, which can be edited at any time, the usercan reset the password alone or request assistance from the help desk. In the event that a user hasforgotten a password when trying to login, the user simply enters FORGOT in the User field andPASSWORD in the Password field. This triggers the self-authentication process that the user set up inadvance - personal questions and responses that are also case sensitive.Control the type and number of challenge questions asked, in addition to the number of reset attemptsallowed, all based on your organization’s security policy. Unsuccessful attempts to reset passwordstrigger automatic notification to the relevant security personnel. Challenge questions discouragefraudulent reset requests and users can set their own default reset password—known only tothemselves—which adds another layer of security.The entire issue can be resolved in minutes and without the help desk, saving the company bothvaluable time and resources.FeatureIntegrates with otheriSecurity productsPassword templatesPassword generationPassword Reset classesMulti-systemMulti-lingualAlways availablePassword Reset User Manual Version 4How does it help meYou can seamlessly add Password Reset to your iSecurity suite and get allthe benefits of a full audit trail, triggered actions, and so on.Users can be assigned to a specific password template that ensures thatall users who need the same type of access have the same level ofpassword security.The passwords that are generated comply with your organization’spassword policy.Password Reset classes allow you to have different verification policiesfor different groups of users.A single reset action allows users to reset their password on all System isystems to which they have access.You can define different languages for different users.Password Reset is always available for your users, even during nonstandard working hours (late nights, weekends, and so on).7Password Reset Overview
Other iSecurity ProductsAction intercepts security breaches and other events in real-time and immediatelytakes appropriate corrective action. Actions may include sending alert messages tokey personnel and/or running command scripts or programs that take correctivesteps. No effective security policy is complete without Action.Anti-Virus provides virus detection and prevention. Anti-Virus scans, validates, andchecks IFS files as they are enrolled or modified, authenticates them, anderases/quarantines infected files. Includes updateable database and simpleinterface.AP-Journal automatically manages database changes by documenting andreporting exceptions made to the database journal.Assessment checks your ports, sign-on attributes, user privileges, passwords,terminals, and more. Results are instantly provided, with a score of your currentnetwork security status with its present policy compared to the network if iSecuritywere in place.Audit is a security auditing solution that monitors System i events in real-time. Itincludes a powerful query generator plus a large number of predefined reports.Audit triggers customized responses to threats via the integrated script processorcontained in Action.Authority on Demand (AOD) provides an advanced solution for emergency accessto critical application data and processes, which is one of the most commonsecurity slips in System i (IBM i) audits. Current manual approaches to suchsituations are not only error-prone, but do not comply with regulations and oftenstringent auditor security requirements.Capture silently captures and documents user screens for tracking and monitoring –without any effects on system performance. Capture can run in playback mode andcan be used to search within texts. It also preserves job logs for subsequent review.Screen captures can be according to user name, IP address, time of day, and more.Change Tracker automatically tracks modifications in the software and file structurewithin production libraries. Changes are tracked at both the object and sourcelevels. It does not require any special actions by programmers.Command monitors and filters commands and their parameters before they arerun, enabling you to control each parameter, qualifier or element, in conjunctionwith the context in which it is about to run. Options include Allow with Changes,and Reject. It includes a comprehensive log, proactive alerting and easily integrateswith SIEM.DB-Gate empowers IBM i customers with exciting data access capabilities, based onOpen database Connectivity (ODBC), employing standard IBM i facilities to enablefull database-transparent access to remote systems.Password Reset User Manual Version 48Password Reset Overview
Firewall protects and secures all types of access, to and from the System i, within oroutside the organization, under all types of communication protocols. Firewallmanages user profile status, secures entry via predefined entry points, and profilesactivity by time. Its Best Fit Algorithm decreases system burden with no securitycompromise.Password is a general-purpose password management product that ensures userpasswords cannot be easily guessed or cracked. Password allows you to manage avariety of password security parameters and maintains a history log of attempts tocreate passwords. This log can easily be displayed or printed.Screen protects unattended terminals and PC workstations from unauthorized use.It provides adjustable, terminal- and user-specific time-out capabilities. Screenlocking and signoff periods may be defined according to variable criteria such asdate, time of day or user profile.View is a unique, patent-pending, field-level solution that hides sensitive fields andrecords from restricted users. This innovative solution hides credit card numbers,customer names, and so on. Restricted users see asterisks or zeroes instead of realvalues. View requires no modification to existing applications.Visualizer is an advanced data warehouse statistical tool with state-of-the-arttechnology. It provides security-related analysis in GUI and operates on summarizedfiles; hence, it gives immediate answers regardless of the security data amountbeing accumulated.Password Reset User Manual Version 49Password Reset Overview
Getting StartedThis section describes the first steps you need to take when you start working with Password Reset, aswell as listing the standard field names, option s and command keys used in the product.Standard Fields, Options, and Command KeysAll standard fields, options and command keys are described in the table below. However, somestandard command keys are not documented here as they need to have links in their description in eachspecific UI (for example, F6).Field/Option/Command KeyLibraryOptSubsetF3 ExitF4 PromptF12 Cancel1 Select3 Copy4 DeletePassword Reset User Manual Version 4DescriptionLibrary name. Depending on the context, you may need to enter aspecific Library Name, a generic Library Name (for example, ABC*), oryou may also be allowed to enter *ALL.The option you want to use on the selected item from the list. Put thecursor on the Opt field in the appropriate row and then either type therequired option in the field or click on the required option in the list ofoptions at the top of the screen.Limits the list being displayed to only those members of the list whosevalue contains the value in the subset field. Use the Subset field tomake it easier to access the specific value you are searching for.Exits from the current display or option, and returns to the callingdisplay. In most cases, any information you have added or changed onthe current display is discarded.Displays a prompt window containing additional information about thecurrent input prompt, usually in the form of a list. You may be able tochoose any value from this list by typing 1 in the Opt prompt next tothe value you want to use. Prompt is context-sensitive. You need toposition the cursor on the input prompt to which the informationapplies before you press F4.Exits from the current display or option, and returns to the previousdisplay. Any information you have added or changed on the currentdisplay is discarded.Displays the selected item in a list in a screen that allows you to modifythe selected item.Displays a screen that allows you to copy the selected item. You will beable to change the major identifier of the item. You will then the needto select the new item to make all other necessary changes.Deletes the selected item in a list. You may be asked to confirm yourchoice before the delete operation is performed.10Getting Started
Accessing Password ResetYou access all Password Reset functionality through the Password Reset main menu.To access the system: Type strpwdrst in the command line and press Enter. The Password Reset Main Menu appears.Password Reset Main MenuField/Option/Command Key1. Work with Persons11. P-R Classes12. Systems for Roles31. Locations32. Departments33. PositionsPassword Reset User Manual Version 4DescriptionOpens the Work with Persons for Password-Reset screen, where youdefine and modify User definitions.Opens the Work with P-R Classes screen, where you see a list ofavailable classes.Opens the Work with Systems for Roles screen, where you can definewhich systems can be worked on by which Roles.Opens the Work with Locations screen, where you can define thelocations of your organization.Opens the Work with Departments screen, where you can define thedepartments of your organization.Opens the Work with Positions screen, where you can define thepositions of your organization.11Getting Started
Field/Option/Command Key38. Standard Questions39. Error IDs41. Queries and Reports61. Test Password Reset62. Change Current UserQuestions64. Copy HR Data to PersonsFile71. Activation81. System Configuration82. Maintenance MenuDescriptionOpens the Work with Standard Questions screen, where you candefine the standard questions which will be asked for verification.Opens the Display Message Descriptions screen to show detaileddescriptions of the errors that users may encounter when resettingtheir passwords.Opens the Queries Menu, from which you can run the variousPassword Reset queries and reports.Opens the Test Password Reset screen, where you can verify that agiven person will be able to use the Reset Password self-servicefunctionality.Opens the Change P-R Questions screen to allow users to change theirown private identification questions.Opens the Copy Persons Info From Existing Files screen, where you candefine and control the mapping of the organization’s files to thePassword Reset Person file.Opens the Activation menu, from which you define under whichcircumstances the system activates the product.Opens the System Configuration menu, where you can configure theproduct and its relationship with other iSecurity products.Opens the Maintenance menu, where you can set internal productdefinitions.Initial SetupBefore you can work with Password Reset, you must ensure that all your staff members are correctlyentered to the product database. Use the following workflow to do that:1. Set up system and control definitions, using the System Configuration options.2. Set up all the information relating to the structure of the organization, using the Definitions andIdentification options.3. Set up your Users, using the Persons options.4. Set up the special user for Password Reset, using the Create Special User FORGOTyyy option.For a more detailed quick guide to initial setup, see the Password Reset Out of the Box document.Password Reset User Manual Version 412Getting Started
Working with Password ResetThis section describes all the tasks that you can perform in Password Reset. The tasks are described inthe order they appear in the Password Reset main menu.PersonsThe Person is the unique ID with which a user is identified to the Password Reset system. Usually thePerson is the same as the User ID (User Profile) assigned to the user. However, there may be situationswhere many users are all assigned to the same User ID (for example, when there is a departmental UserProfile). There may also be situations where a user is assigned to many User IDs (for example, whencompany policy requires different IDs for different computers).Create a New PersonTo add persons:1. Select 1. Work with Persons in th
After a user creates a password profile for self-authentication, which can be edited at any time, the user can reset the password alone or request assistance from the help desk. In the event that a user has forgotten a password when trying to login, the user simply enters FORGOT in the User field and PASSWORD in the Password field.
