473,326 Members | 2,111 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

Database Administration Server (DAS) -- is there a stealth or IP lockout feature?

We have a number of production servers that soneone has decided that
the DAS is not to be enabled. The rationale is that the developers
should not run "discover" and then start plugging around on the
production machines as they could possibly make a change or do
something equally stupid.

However, I've just become the resident AppDetective expert and have
been asked to start discovering and scanning all the instances and
databases on our Production and UAT databases for vulnerability
ananlysis.

AppDetective has its own "discover" feature that does a port scan and
analysis to determine that there is a DB2 instance on a given port.
It then queries through the DAS to obtain the detailed information
like the instance name and the associated databases.

So, we now have to balance the job requirement of my being able to
sleuth out all the databases and to be able to scan them and the
security requirement that developers not be allowed to access
production databases.

I've already seen the discussion against movign the DAS to other
ports, so that quick-and-dirty stealth method is out.

The big question is if the DAS has a configuration setting that
permits only a list of "known" IP addresses or system names to access
it.

Better yet, is there a weblink to a discussion of the security
features available for the DAS?

Thanks in advance, and yes, I am not an experienced DB2 DBA
Nov 12 '05 #1
2 1982
The functionality you request is typically provided by insertion of a
firewall. Since you gave no platform information, I can't make any specific
recommendations.

"Byrocat" <bd******@sympatico.ca> wrote in message
news:b4**************************@posting.google.c om...
We have a number of production servers that soneone has decided that
the DAS is not to be enabled. The rationale is that the developers
should not run "discover" and then start plugging around on the
production machines as they could possibly make a change or do
something equally stupid.

However, I've just become the resident AppDetective expert and have
been asked to start discovering and scanning all the instances and
databases on our Production and UAT databases for vulnerability
ananlysis.

AppDetective has its own "discover" feature that does a port scan and
analysis to determine that there is a DB2 instance on a given port.
It then queries through the DAS to obtain the detailed information
like the instance name and the associated databases.

So, we now have to balance the job requirement of my being able to
sleuth out all the databases and to be able to scan them and the
security requirement that developers not be allowed to access
production databases.

I've already seen the discussion against movign the DAS to other
ports, so that quick-and-dirty stealth method is out.

The big question is if the DAS has a configuration setting that
permits only a list of "known" IP addresses or system names to access
it.

Better yet, is there a weblink to a discussion of the security
features available for the DAS?

Thanks in advance, and yes, I am not an experienced DB2 DBA

Nov 12 '05 #2
"Mark Yudkin" <my***********************@boing.org> wrote in message news:<cn**********@ngspool-d02.news.aol.com>...
The functionality you request is typically provided by insertion of a
firewall. Since you gave no platform information, I can't make any specific
recommendations.


These are IBM AIX servers.

However, what you've given is a starting point for what we can do.

Of course, I now need to know if the servers ahve their own firewalls,
or whether we have a perimeter firewall. Have to talk to the system
guys now...
Nov 12 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
by: Byrocat | last post by:
I'm using AppDetective to perform vulnerability analysis on a range of systems, inclduing DB2 servers. The "discovery" scan lets AppDetective identify that an instance hangs off of a given port....
2
by: Byrocat | last post by:
I just got pointed at a number of DB2 databases and found that the DAS has not been enabled on the server they reside upon. I'm trying to get an understanding of whether the DAS is installed as...
14
by: Arran Pearce | last post by:
Hi, I am looking for a way to use System.DirectoryServices to find all users on a domain whos accounts are either locked out or disabled. I have used ADSIEdit and the mmc schema add-in to try...
10
by: mjf | last post by:
Hello, We made a backup image file for a database on one machine (A), and we restored the database on another machine (B), using the backup image file. Everything went fine. But when we try to...
0
by: mvsguy | last post by:
Haw anyone seen the following error under the z/OS DB2 Administration Server? BPXF024I (DASUSER) CEE0454S The message number 9512 could not be 102 found for facility ID CLB. (It appears "102" in...
2
by: Gerobak | last post by:
I install the UDB Ver 8.2 FixPack 9 on HP Proliant Server running RHEL 4 and Java Version is 1.4.2. After install, i try to create new database. i got error "SQL22204N The DB2 Administration...
1
by: ZZ_Scarab | last post by:
Hi, <I posted this on the microsoft.public.dotnet.framework.aspnet.security newsgroup but before I got a reply this newsgroup has become unavailable!! So I'm posting it here again. Sorry for the...
0
by: db2dbdba | last post by:
Hi All, I am trying to connect to two different databases on different servers for Configure Automatic Maintenance through Control Center. But I am getting errors with these codes. DBA8001E &...
7
by: TG | last post by:
hi! I am trying to create a sql server table from an excel sheet. Here is the code I have: 'This procedure the xlsx file and dumps it to a table in SQL Server
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.