• +1-818-527-9935
  • Register
Assignment Help

Home >> Computer Science Help >> Database Homework Help >> DB2 Security

Submit Assignment

Payment Online Assignment Help sfsf

DB2 Security

When analyzing DB2 database, there are several areas in the database layer that should validate security.  Each area is explained in detail and provide suggestions for ensuring DB2 security. Remember, though, it only takes one hole to compromise the entire security model. The areas are just a portion of the constant and never-ending process of securing the database server and the entire enterprise.

Authentication types: In DB2, the authentication type is used to identify users. It defines where and how authentication occurs. Several authentication types are available; which one to use should be carefully determined by the environment, operating system, and purpose of the DB2 server.

The authentication type is configured on both the client and server. However, authentication type is defined only on the server in the database manager configuration file. That configuration file is associated with an instance and applies to all databases with that instance as well as all users within the database.

DB2 currently supports the following authentication types:

SERVER

SERVER_ENCRYPT

CLIENT

DCE (replaced by KERBEROS with LDAP in v.8)

DCS (holds the same meaning as SERVER in DB2 v8, with the exception of federated servers)

DCS_ENCRYPT (holds the same meaning as SERVER_ENCRYPT in DB2 v.8, with the exception of federated servers)

KERBEROS (for Windows 2000/XP/2003, planned for Unix/Linux expansion)

KRB_SERVER_ENCRYPT (for Windows 2000/XP/2003, planned for Unix/Linux expansion).

For CLIENT authentication, two other parameters are used: TRUST_ALLCLNTS and TRUST_CLNTAUTH. When determining a secure mechanism, don't depend on client authentication. You can't assume clients are secure. Even TRUST_CLNTAUTH is ineffective because the client can be spoofed (a term that refers to a hacker observing and modifying a target's Web pages).

Use either SERVER_ENCRYPT or KBR_SERVER_ENCRYPT for fewer security weaknesses.

IBM DB2 usernames and passwords. For DB2 UDB installed on Windows, make sure you change all default usernames and passwords immediately. Hackers use these default names and passwords as an easy first attempt to break into your database once they've broken through the other layers of security.

DB2 database privileges. IBM DB2 databases don't have database-specific accounts as other databases do. Instead, authentication is performed under the operating system with operating specific accounts. As a result, DB2 doesn't have a table where all accounts are listed. Accounts are stored in the following tables instead:

IBMSysDBAuth

IBMSysTabAuth

IBMSysINDEXAuth

IBMSysCOLAuth

IBMSysSCHEMAAuth

IBMSysPASSTHRUAuth.

Revoke privileges on the system catalogs listed in order to help prevent easy access. For security lockdown, you should also remove all permissions granted to public and carefully examine all users within the SYSADMIN group.

Services: - DB2 Security Homework | DB2 Security Homework Help | DB2 Security Homework Help Services | Live DB2 Security Homework Help | DB2 Security Homework Tutors | Online DB2 Security Homework Help | DB2 Security Tutors | Online DB2 Security Tutors | DB2 Security Homework Services | DB2 Security