Sunday, February 24, 2008

DB2 Security

DB2 security best practices

With the escalating number of publicized system security breaches, administrators must constantly be on the lookout for security holes in their systems so that their company does not become the next public embarrassment. Security is a large topic, and can be applied at various levels in a system architecture. Today my post will be focusing on twelve security best practices that database administrators (DBAs) and developers can follow to ensure the highest level of security in DB2® for Linux®, UNIX®, and Windows®. These practices should complement other proactive security measures being applied at the other system levels.

A number of reports detailing wide-ranging system security breaches have been at the forefront of the news in the past couple of years. Typically, sensitive personal data such as Social Security Numbers (SSNs), credit card numbers, and bank account numbers are stolen from insecure systems, resulting in identity theft, financial fraud, or other unauthorized use of the information. As a result, system administrators must constantly be monitoring their systems and ensuring appropriate security precautions are taken.

Security can be applied at different levels of a system architecture. For example, a firewall might be installed to prevent unauthorized server access from outside of the network. A secure network protocol technology such as IPSec might be used to secure the communication channel between computers on a network. A strict password policy might be put in effect that requires users to select a strong password and change it on a frequent basis. Database-level security measures including authentication and authorization might also be used to enhance application security.

In this post, twelve security best practices for DB2 for Linux, UNIX, and Windows are mentioned. They focus specifically on elements that can be controlled from a database administration and programming standpoint, and do not include other security technologies or policies that might also be applicable on a wider system scale. The best practices are not listed in any particular order, but rather, all of them are equally important, as they all contribute toward the overall security level of your DB2 data server.

  1. Revoke implicit authorities and privileges from PUBLIC

  2. Use explicit values for the SYSxxx_GROUP parameters

  3. Track implicit privileges

  4. Do not grant unnecessary privileges

  5. Use an encrypted AUTHENTICATION mode

  6. Use orphan IDs to create and own objects

  7. Use views to control data access

  8. Use stored procedures to control data access

  9. Use LBAC to control data access

  10. Prevent SQL injection in applications

  11. Apply the latest DB2 fix packs

  12. Perform random security audits

If, you would like to read in detailed about each best practices mentioned above please visit: DB2 Database Security

No comments: