From IBM DB2 V10.5 LUW Security Technical Implementation Guide
Part of SRG-APP-000142-DB-000094
Associated with: CCI-000382
In order to prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types), organizations must disable or restrict unused or unnecessary physical and logical ports/protocols/services on information systems.
Find out the communication protocol used by running the following command: $db2set DB2COMM If DB2 is not set to SSL, this is a finding. Run the following command to find the service names/port numbers used by the database manager: $db2 get dbm cfg Find the port numbers used by the TCP/IP and SSL services used by database manager (SVCNAME, SSL_SVCENAME) or match the service name in services file to find port numbers. Default Location for services file Windows Service File: %SystemRoot%\system32\drivers\etc\services UNIX Services File: /etc/services If ports used by the database manager are non-approved or deemed unsafe, this is a finding.
Run the following command to set the value of the DB2COMM parameter to the organization-approved communication protocol:
$db2 set DB2COMM=TCPIP,SSL
Set the SSL version:
$db2 update DBM CFG using SSL_VERSIONS TLSV12
The database manager can be set to a service name or an organization-approved port number directly for the SVCENAME parameter.
Use the following command to change the database manager configuration:
$db2 update dbm cfg using svcename
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer