We all know how important database security is -- no one wants to hear that their precious data was hacked or compromised in anyway. According to the article The Job of Securing the Database published on DATE: 21-SEP-2007 by Deborah Perelman, a Forrester Research study shows that DBAs are only able to spend 7% of their time ensuring that data is secure.
The worst message in the article is that DBAs are so overworked in their day to day duties that they are typically unable to spend more time on addressing security issues AND they are unlikely to have time to upgrade their skills in this area.
I have some good news for you if you are in this situation. Earlier this year, Rebecca Bond and three database security experts from the Toronto lab published a book about database security. The book, Understanding DB2 9 Security, is the only comprehensive guide to securing DB2 and leveraging the powerful new security features of DB2 9. This book gives DBAs and their managers a wealth of security information that is available nowhere else. It presents real-world implementation scenarios, step-by-step examples, and expert guidance on both the technical and human sides of DB2 security.
Those who have read the book have found it very beneficial. Buy the book... you won't be disappointed and you'll be able to quickly expand your knowledge of security issues. If you are one of the lucky DBAs who is attending the IBM IOD Conference, October 14 - 19, 2007 Mandalay Bay Resort, Las Vegas, you'll be able to buy this book at a 20% discount, and you'll be able to attend one or more of the following sessions related to DB2 Security:
BTC-2125 Secure Your Data before It Leaves Your Data CentersDr. Arvind Sathi, IBM, Associate Partner, IBM Global ServicesTUESDAY, 02:30–03:30PM— MBCC SOUTH: JASMINE AData security is a major concern in today’s virtual environment, where leakageof sensitive customer data could cause major economic and legal repercussions.At the same time, the need is growing to share this data withresellers, suppliers and outsourcers. This presentation discusses data maskingas a solution for protecting confidential data. Approaches to data maskingand related case studies are also discussed. ••
TLU-1033 A Sneak Peek at the Next Version of DB2 (in Two Parts)Matthew Huras, IBM, Distinguished EngineerWEDNESDAY, 09:30–10:30AM— MBCC NORTH: ISLANDER E;WEDNESDAY, 10:45–11:45AM— MBCC NORTH: ISLANDER EThis two-part presentation (consisting of two 60-minute sessions) providesan in-depth, behind-the-scenes, technical look at the features and capabilitiesof the next version of DB2® on Linux®, UNIX® and Windows® (the next versionafter DB2 9). Topics include new advancements in high availability, storagemanagement, concurrency, compression, backup and recovery, security, andperformance. Each topic includes key information about how to use the feature,its key internal design points, and expected best practices. ••
TDZ-1019 Best Practices in DB2 SecurityRoger Miller, IBM, DB2 for z/OS evangelistTUESDAY, 01:15–02:15PM— MBCC SOUTH: SOUTH SEAS G;FRIDAY, 09:30–10:30AM— MBCC SOUTH: SOUTH SEAS GSecurity is in the headlines and growing much more important. This sessiondiscusses various practices for security and how you can make improvements.We’ll include various security objectives. Most sites have a range ofneeds and objectives. For some situations, basic security is adequate. Forothers, better or standard security techniques are needed. In other cases,best security practices are demanded. Our tools range from very-tight systemsecurity to basic techniques. Application security techniques are moreflexible, but require much more work by more people, so they are generallyweaker. Choices and guidelines will be our primary points, discussing howto provide improved security for your situation. ••
TDZ-1346 A Deep Dive into the Mechanisms of DB2 9 for z/OS Security EnhancementsDave Romack, IBMTHURSDAY, 04:00–05:00PM— MBCC SOUTH: SOUTH SEAS IDB2® Version 9.1 for z/OS® added some significant security functionality toaddress key customer requests such as providing better access control fromapplication servers, removing object dependency from users, and audit ofSYSADM/DBADM users. This session contains detailed information aboutthese new functions and includes a discussion of where these functions canapply in your environment. ••
TOD-1159 Data Security for SOAErrol M. Back-Cunningham, IBM, IM ArchitectWEDNESDAY, 09:30–10:30AM— MBCC NORTH: TROPICS BData Security poses one of the biggest challenges to implementing a secure,auditable, end-to-end SOA environment. In this presentation, we will look atData Security standards, requirements, methods of implementing DataSecurity and the solutions and tools that IBM can provide in order to do so.We will cover Data and Service Classification Schemes, Audit Trails, IdentityManagement, Access Control and the ability to retrofit Data Security to SOAenvironments. ••
HOL-1959 Security and Label-Based Access Control (LBAC)Laura Hammond, IBM, Program Co-ordinator of "Ready for IBM DB2 data server software" validationTUESDAY, 01:15–04:15 PM— MBCC SOUTH: BREAKERS ALabel-based access control (LBAC) greatly increases the control you haveover who can access your data. LBAC lets you decide exactly who has writeaccess and who has read access to individual rows and individual columns.During this hands-on lab you will learn to: Grant the SECADM authority;Define components of various structures; Define a policy that includes multiplecomponents; Define labels; Grant labels to users; Grant exemptions tothe db2lbacrules to users; Protect a table with a policy; and, Protect columnsof a table. ••
HOL-2613 Database Security on LinuxSpencer Shimko, Tresys Technology, Senior Security EngineerTHURSDAY, 01:15–04:15 PM— MBCC SOUTH: BREAKERS E"Tresys Razor™ makes it economical to enhance the security of DB2 withSELinux. DB2 is a complex environment, but the components interact in apredictable manner. Tresys, partnered with IBM, analysed DB2 and created atightly confined SELinux policy that builds a “firewall” around each systemprocess. Tresys Razor protects the system from unexpected attacks on theapplication or other services running on the system.The management GUI is designed to be familiar to DB2 admins, allowing theSELinux configuration to be customized with no specialized knowledge ofSELinux. This lab session will discuss the benefits of SELinux in an enterpriseapplication environment, describe and provide a hands-on opportunityto use Tresys Razor for DB2. " ••