In keeping with our theme for the month of September, which is DB2 Security, I want to highlight the capabilities in DB2 LUW to help you to secure your data and prevent unauthorized access and use of that data.
Data at Rest — DB2 provides native data encryption as of DB2 10.5 FP5. DB2 native data encryption capabilities include data at rest, and database backups. It conforms with NIST SP 800-131 and FIPS 140-2.
Data in Transit — Encrypts data while it is being transmitted through the network using DB2 SSL capability. DB2 SSL encrypts all data in transit along with credentials. It conforms to NIST SP 800-131 and FIPS 140-2.
Authentication — You can use OS authentication, LDAP or Kerberos along with custom plugins.
Authorization — DB2 verifies whether a certain user is authorized to perform the function. Users can be granted specific privileges to objects or assigned to roles.
Trusted Contexts —
Trusted contexts provide a way to build faster and more secure three-tier applications. Trusted contexts address many security concerns in the three-tier application model. You can limit a user from connecting to the database from only a certain IP address.
Row and Column Access Control (RCAC) — You can assign users to groups and roles and use these assignments to limit access to certain columns and rows for that particular role. This is great for separation of duties and for addressing security concerns in a multi-tenant database.
Auditing — DB2 provides an Audit Facility that enables you to capture access to data and help you identify unauthorized access or use of data.
For more information see the DB2 Security Guide.
With 95% of hack attacks involving a database backend, you will want to make sure your infrastructure and DB2 database are hardened against attacks. Check out this paper from our friends at Global Security.
Featured Free Resource
| Detecting DDoS: Attacks with Infrastructure Monitoring
Your data isn’t safe. And neither is your website or your business. Is your infrastructure able to defend against Distributed Denial of Services (DDoS) attacks? |
At IDUG Valley Forge I attended a session by Walid Rjaibi, CTO Guardium, IBM Toronto Lab. In this presentation Walid covered the essential minimum steps to secure your DB2 data and communications. With security in the forefront nowadays, this would be a great presentation for all security conscious DBAs to review and put into practice. The presentation is available at the IDUG.org website for those that attended and if you didn’t attend you can obtain access for a fee. The session code is C14. Check it out, you will be glad you did. Did you know that 95% of data breaches involve a database back-end?
As an FYI, I came across this useful link to the service expiration dates for Windows 2008 Server. I have many clients running DB2 on Windows 2008 Server R2. If you don’t have extended support you might want to think about it…
DB2 LUW has provided support for SSL for quite some time. But, now new in DB2 10.5 FP5 is DB2 Native Encryption. Native encryption is easy to implement and provides secure local key management that is based on Public Key Cryptography Standard #12 (PKCS#12). DB2® native encryption encrypts your DB2 database, requires no hardware, software, application, or schema changes, and provides transparent and secure key management. It comes with all DB2 Express-C, DB2 Advanced Workgroup Server, DB2 Advanced Enterprise Server, and DB2 Developer editions. It is available for purchase to add to DB2 Express, Workgroup Server edition, and Enterprise Server Edition. It is a compelling reason to upgrade to DB2 10.5 FP5, after all isn’t protecting the data, along with integrity of the data, a DB2 DBA prime responsibility? Look for a presentation here in the near future on securing your database with SSL and DB2 Native Encryption. I’ll be giving this presentation at the Central DB2 DBA Users Group in the fall. Stay tuned! or should I say secure….
For now here is the Knowledge Center link:
While I am at it today, I though I would post this useful link. As I indicated earlier, with many clients on many different releases
and versions, I sometimes 🙂 have to use more than one set of manuals….The link below will take you to the download for the DB2 10.5 manuals!
http://www-01.ibm.com/support/docview.wss?uid=swg27038855
Stay tuned!
If you are like me, I like to have quick access to the latest in DB2 LUW along with the specifics for each Fixpak as I have clients running on many different versions and Fixpaks. For example, what was included in the FP4 Cancun release and in the FP5 release? While there are many presentations on the web on DB2 10.5 and Cancun, there are not a lot with respect to other Fixpaks. So, I use this link to get me to the list of Fixpaks and get me to the details of each and thought I would share it with you.
Stay tuned!
New in DB2 9.7 is the mon_get_pkg_cache_stmt SQL table function. You may wonder why I am mentioning this now, several years since 9.7 has been out. Well, many folks are still not aware of it. In addition to the MONREPORT reporting module, and its various options, you should also use the mon_get_pkg_cache_stmt SQL table function to identify suboptimal dynamic and STATIC, yes, STATIC SQL. This was first capability to capture static SQL in DB2 via a point in time table function. Here is how to call it: SELECT * FROM TABLE(MON_GET_PKG_CACHE_STMT( null,null,null,-2 )) as x, however you will want to specify the columns of interest to you instead of using SELECT *. Refer to the DB2 Knowledge Center for a description of data returned at this link, http://www-01.ibm.com/support/knowledgecenter/SSEPGG_9.7.0/com.ibm.db2.luw.sql.rtn.doc/doc/r0055017.html?cp=SSEPGG_9.7.0%2F3-6-1-3-9-25 . Add this SQL table function to your toolbox if you haven’t already…Stay Tuned!
Here’s a screenshot of it in DB2 10.5:
I uploaded two presentations, Achieving High Availability with HADR and TSAMP and one primarily on HADR. You can download from the presentations tab.
I get asked this question all the time. IBM has a nice support reference on these dates. You should be off 9.5 unless you have extended support! Be sure to bookmark the following End of Support link for DB2 LUW. Note that while a date has not been announced for DB2 9.7, which is rock solid, I would anticipate that one would be announced in the not too distant future.
Gunning Technology Solutions, LLC. THE WORLD LEADER IN Db2 LUW CONSULTING! 