Comprehensive introduction to DB2 database security

Comprehensive introduction to DB2 database security

The problem we are facing is that the database security topic is not as eye-catching as the world record and report for determining the shortest downtime. When did you last read a wise article about security tokens and encryption? However, as the theft of credit card numbers from some e-commerce companies announced last year, the security gap is indeed remarkable-and it can weaken the confidence of customers. Even if security is not the most exciting topic, it is also an important concern for any enterprise that uses database management systems. At the same time, as more and more enterprises participate in the electronic space, it is particularly important to separate private data from public data.

The database systems of any given company may need to collect, store, and analyze thousands of rows of information, which is essentially public and private. Because of this responsibility, the database administrator must be able to properly authorize and restrict access to the database. In addition, the database must provide methods to prevent unauthorized users from accessing confidential data.

However, sometimes the database security information is hard to obtain or understand. Although you often hear how scalable and robust DB2 Universal Database (UDB) is, how long will it take you to hear about the security features of DB2?

Because protecting database security is one of the most important responsibilities of DBA, you should not try to learn database security through repeated experiments. Protecting your database security involves:

Prevent unauthorized access to confidential data from the Enterprise

Prevents unauthorized users from maliciously deleting and damaging or changing data without authorization

Use audit technology to monitor user access data

In this article, I will show you the security features in DB2 UDB v.7.1 for Windows, Unix, and OS/2 and describe some internal controls that can help you maximize security.

Verify

One of the most basic concepts of database security is verification. This is a simple process through which the system confirms the user's identity. The user can respond to the authentication request by providing authentication or verification token.

You may be familiar with this concept. If you have been asked to present a photo ID (for example, when a new account is opened at a bank), someone has already requested a verification. You have presented your driving license (or other photo ID) to prove your identity. In this case, your driver's license acts as a verification token.

Figure 1. DB2 authorization role
No matter what you see in a movie, most software programs cannot use future systems (such as facial recognition) for verification. Conversely, most authentication requests require you to provide the user ID and password. Your User ID indicates that you claim that you are authorized to access the environment, and the password will provide your personal verification evidence. Of course, this verification assumes that your password is well protected and you are the only one who knows the password.

User verification is completed by a security tool outside DB2, which is usually part of an operating system or an independent product. In fact, security is not only a database problem; operating system vendors also spend a lot of time, money, and effort to ensure that their products are secure. However, some operating systems, including Microsoft Windows 95 and 98, do not have local security mechanisms. If you are using an operating system without a security mechanism, you can configure the environment to provide this security by running the DB2 server on a safer system. For example, you can use reliable client options. I will discuss these options more later in the article. (For more information, see the DB2 Administration Guide .)

You can also use third-party products (such as Distributed Computing Environment (DCE) Security Services defined by Open Group) to add a Security layer to your Environment. DB2 can coordinate these external security work with its security initiative to protect the transaction or analysis environment.

Once the user authentication is successful, DB2 records the user's identity and other related security information, such as the user group list. You must use the SQL authorization name or authid to be recognized by DB2. The authorization name or authorization ID can be the same as the user ID or ing value. This connection information will be retained during user connection.
This article from: Hongke network security official Network Security Forum http://bbs.honkwin.com