How to protect DB2 against External Attack

08 April,2015 by Jack Vamvas

Fully protecting DB2 against an external attack requires solid design and regular Audits. Exposing some surface area to external connections ,creates an attack opportunity. As a DBA being aware of potential weaknesses and designing secure systems is a top priority.

These are some areas of focus when designing a DB2 security audit. The foundation of DB2 security is a solid DB2 security policy.   Any audit should be comparing the results with the security policy

1)     Do not use standard ports for DB2. Protect the DB2 server against scans. On Linux, you will have to define a port/service before making remote connections via TCP/IP.

2)     Change the default address of the DB2 instance port

3)     Review all accounts with OS and DB2 access. A DIY approach is OK. The key is to list the accounts, identify the list of accounts and privileges. Repeat on regular basis

4)     Review permissions directories and files.

5)     DB2 uses the password policies as defined in the Microsoft Active Directory and the local RedHat Linux. Familiarise yourself with the policies.

6)    Consider setting  Instance parameter AUTHENTICATION  to DATA_ENCRYPT. IBM recommends , If remote clients are connecting to the database server to use SERVER_ENCRYPT as suggested value to protect the user ID and password

To identify the current value assigned to the AUTHENTICATION parameter , use  db2pd -dbmcfg

7)     Review cryptographic methods used by DB2. Are they strong enough?

8)     Audit changes in privileges. Checkout the DB2 Audit facility.

9)     Implement a  DB2 server only installation. Maintaining a DB2 server only policy decreases the surface area

10)  Make sure a service account can’t logon directly to a terminal client(telnet,ssh etc) using a service account (like Instance owner). Set up a policy whereby Users must logon as themselves and then su to the required user.

 This is a brief list , but is enough to complete  a basic security review.

Read more on DB2 security

DB2 - A Security Primer - DBA DB2

How to prepare a Database audit - DBA DB2

DBA Interview Questions and Answers – DB2 Security Management

Author: Jack Vamvas(


Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment on How to protect DB2 against External Attack

Comments are moderated, and will not appear until the author has approved them. | DB2 Performance Tuning | DBA DB2:Everything | FAQ | Contact | Copyright