Use DB2 and z/OS to prevent security breaches.
Securing data requires a holistic and layered approach that takes into consideration the broad range of threats. This is commonly referred to as defense in depth, and requires a “security-by-design” approach, which embeds security as part of the core design of database environments, the supporting infrastructures and business practices around these environments. These layers of security all work together to provide the ultimate in confidentiality, integrity, and availability.
DB2 9 for z/OS offers a stronger defense that seeks to delay, rather then prevent, the advance of an attacker, buying time by yielding space. With DB2 defenses, intruders are blocked at all fronts, by focusing on a series of layers. These security layers, also known as zones, include:
- Network layer: The z/OS Communications Server prevents intrusions with real-time detection aimed at statistical anomalies, including IPSec and SSL for end-to-end security.
- Server layer: IBM’s System z server provides a robust security layer, with self-destructing cryptography upon tampering. It provides the highest security as noted by the Common Criteria EAL 5-certification for LPARs providing granular controls to protect each DB2 subsystem.
- Operating-environment layer: z/OS is easily the most robust and secure place to run your business. z/OS has an EAL4+ certification. DB2 exploits the z/OS Security Server using RACF to provide a centralized auditable security infrastructure for all access to DB2 and to DB2 objects at the OS layer.
- Data-protection layer: DB2 provides a barrier to defend your most important asset: your data. DB2 controls access to its objects and data through authorization identifiers or roles and the privileges assigned to them. Each privilege and its associated authorities enable you to take specific actions on data or an object in DB2. Therefore, you manage access to DB2 objects through granting and revoking privileges associated with user or with the application.
DB2 has EAL3+ certification for Controlled Access Protection Profile (CAPP) and Labeled Security Protection Profile (LSPP). CAPP mode provides a single-access control mechanism based on discretionary access controls. LSPP mode provides two classes of access-control mechanisms based on discretionary and mandatory access controls. DB2 also provides label-access controls using z/OS multi-level security, based on security labels, which addresses government requirements for highly secure data that can be shared between agencies on demand. DB2 relies on RACF access controls to provide an auditable security infrastructure for users and applications that access to data and objects in DB2. Also, data-protection facilities include encrypting tape, encrypting data in DB2 tables, and a number of network encryption options using industry standards to encrypt sensitive data on the network.
Defense in Depth
To simplify the task of implementing effective data-server security, there are preventative measures to help address the new threats. These steps reflect current best practices. Preventative measures using the new security options introduced in DB2 9 for z/OS to include:
- Using authentication and authorization methods that adhere to the principle of least privilege by only permitting users to do what they really need to do, and minimize overlap
- Setting and controlling privileges on sensitive data by setting the privileges to perform certain job using a trusted context.
- Improved auditing of user access, particularly to sensitive data and actions by a DBA
- Limiting access of sensitive data by controlling access of users by associating the user’s role which represents within the organization the privileges necessary to perform a certain job, application, or role.
- Encrypting sensitive data at the table level and backup files at the OS level
- Using z/OS AT-TLS to transmit data securely on the network providing secure sockets
- Using new trusted contexts to secure connections from application servers