We have a number of production servers that soneone has decided that
the DAS is not to be enabled. The rationale is that the developers
should not run "discover" and then start plugging around on the
production machines as they could possibly make a change or do
something equally stupid.
However, I've just become the resident AppDetective expert and have
been asked to start discovering and scanning all the instances and
databases on our Production and UAT databases for vulnerability
ananlysis.
AppDetective has its own "discover" feature that does a port scan and
analysis to determine that there is a DB2 instance on a given port.
It then queries through the DAS to obtain the detailed information
like the instance name and the associated databases.
So, we now have to balance the job requirement of my being able to
sleuth out all the databases and to be able to scan them and the
security requirement that developers not be allowed to access
production databases.
I've already seen the discussion against movign the DAS to other
ports, so that quick-and-dirty stealth method is out.
The big question is if the DAS has a configuration setting that
permits only a list of "known" IP addresses or system names to access
it.
Better yet, is there a weblink to a discussion of the security
features available for the DAS?
Thanks in advance, and yes, I am not an experienced DB2 DBA