Db2 Security And Compliance Solutions For Linux, Unix, And Windows

In this IBM Redbooks publication we discuss the existing and new DB2 security features introduced in DB2 9.5 for Linux, UNIX, and Windows. These enriched DB2 security features provide you with the capability to protect your data and comply with regulatory requirements.

We describe how you can control data access through DB2 authentication and authorization functions. The role feature provides new options for tighter security, more granularity, and flexibility in administrating data access. Data encryption offers the capability to protect sensitive data in the database, critical database files, and data transferred over the network.

Trusted contexts and trusted connections allow you to have more control over when a data access privilege becomes available to a user. Using label-based access control (LBAC), you can control read and write access of users to individual rows and columns at the table level. The enhanced audit facility generates, and allows you to maintain, an audit trail for a series of predefined database events for analysis and identifying system misuse.

At the end, we introduce other DB2 data security solutions including IBM Database Encryption Expert, DB2 Audit Management Expert, and IBM Optim Enterprise Data Management.

Table of Contents
Chapter 1. DB2 security overview
Chapter 2. SYSADM, DBADM, SECADM, and OS authorities
Chapter 3. Roles
Chapter 4. Trusted contexts and connections
Chapter 5. Label-based access control
Chapter 6. Auditing
Chapter 7. Data encryption
Chapter 8. IBM security solutions

Appendix A. Sample applications and scripts
Appendix B. Additional material

About the Authors
Whei-Jen Chen is a Project Leader at the International Technical Support Organization, San Jose Center. She has extensive experience in application development, database design and modeling, and DB2 system administration. Whei-Jen is an IBM Certified Solutions Expert in Database Administration and Application Development as well as an IBM Certified IT Specialist.

Ivo Rytir is an IBM Certified Solutions Expert with the DB2 Advanced Support Team at the IBM Toronto Software Lab. He has extensive application development experiences on Windows, Linux, and UNIX platforms with different programming languages. He holds a master's degree in Computer Science from the Brno University of Technology, Czech Republic.

Paul Read is a Relational Database Specialist with over 25 years of experience in BI and data management. Paul is the lead EMEA technical professional for Information Management products on the distributed platforms in the IBM BetaWorks team. He runs the beta and early support programs for data servers and associated products. He has also provided technical consultancy for the DB2 family and data management software products across all platforms.

Rafat Odeh has worked at IBM since 2000. He has been involved in many aspects of DB2 application development on LUW. Rafat is a member of the DB2 Tools and Connectivity Advanced Tech Support team. His area of expertise includes DB2 Authentication and DB2 DRDA. Before joining IBM, Rafat worked as an advanced Informix support analyst for nine years, where he became a Dialup Certified Analyst. During that time, he provided bug fixes, served as a subject matter expert, and taught various classes on IDS.