DB2 Security

In keeping with our theme for the month of September, which is DB2 Security, I want to highlight the capabilities in DB2 LUW to help you to secure your data and prevent unauthorized access and use of that data.

Data at Rest — DB2 provides native data encryption as of DB2 10.5 FP5. DB2 native data encryption capabilities include data at rest, and database backups. It conforms with NIST SP 800-131 and FIPS 140-2.

Data in Transit — Encrypts data while it is being transmitted through the network using DB2 SSL capability. DB2 SSL encrypts all data in transit along with credentials. It conforms to NIST SP 800-131 and FIPS 140-2.

Authentication — You can use OS authentication, LDAP or Kerberos along with custom plugins.

Authorization — DB2 verifies whether a certain user is authorized to perform the function. Users can be granted specific privileges to objects or assigned to roles.

Trusted Contexts —

Trusted contexts provide a way to build faster and more secure three-tier applications. Trusted contexts address many security concerns in the three-tier application model. You can limit a user from connecting to the database from only a certain IP address.

Row and Column Access Control (RCAC) — You can assign users to groups and roles and use these assignments to limit access to certain columns and rows for that particular role. This is great for separation of duties and for addressing security concerns in a multi-tenant database.

Auditing — DB2 provides an Audit Facility that enables you to capture access to data and help you identify unauthorized access or use of data.

For more information see the DB2 Security Guide.