DB2 must maintain the confidentiality and integrity of information during reception.

From IBM DB2 V10.5 LUW Security Technical Implementation Guide

Part of SRG-APP-000442-DB-000379

Associated with: CCI-002422

SV-89281r2_rule DB2 must maintain the confidentiality and integrity of information during reception.

Vulnerability discussion

: Information can be either unintentionally or maliciously disclosed or modified during reception, including, for example, during aggregation, at protocol transformation points, and during packing/unpacking. These unauthorized disclosures or modifications compromise the confidentiality or integrity of the information.This requirement applies only to those applications that are either distributed or can allow access to data non-locally. Use of this requirement will be limited to situations where the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process. When receiving data, the DBMS, associated applications, and infrastructure must leverage protection mechanisms.

Check content

The DB2 database system supports the use of Transport Layer Security (TLS) to enable a client to authenticate a server and to provide private communication between the client and server by use of encryption. Run the following command to find out what versions of TLS are supported by the server: $db2 get dbm cfg If the value of the ssl_versions parameter is not set to "TLSV1" or "TLSV12" this is a finding. Check the value of the DB2COMM parameter using the following command: $db2set –all If the value of DB2COMM is not set to "SSL", this is a finding. Note: When this topic mentions SSL, the same information applies to TLS, unless otherwise noted.

Fix text

Run the following DB2 command to set the value of ssl_versions to approved TLS or SSL version: $db2 update dbm cfg using SSL_VERSIONS Run the following command to set the value of db2comm parameter to SSL: $db2set db2comm=ssl Restart the database manager. Note: Details on key database creation and setting up SSL environment are in the following links Select the following knowledgebase link for more information regarding configuring SSL support: http://www.ibm.com/support/knowledgecenter/SSEPGG_10.5.0/com.ibm.db2.luw.admin.sec.doc/doc/t0025241.html?lang=en Select the following knowledgebase link for more information regarding SSL_versions: http://www.ibm.com/support/knowledgecenter/SSEPGG_10.5.0/com.ibm.db2.luw.admin.config.doc/doc/r0053616.html?cp=SSEPGG_10.5.0%2F2-4-4-8-88&lang=en Select the following knowledgebase link for setting communication protocol: http://www.ibm.com/support/knowledgecenter/SSEPGG_10.5.0/com.ibm.db2.luw.qb.server.doc/doc/t0004714.html?cp=SSEPGG_10.5.0&lang=en

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer