Deploying VA for DB2 for i
Enable a group of users to run vulnerability assessments, and configure and run the tests.
About this task
Deployment Steps
Vulnerability Assessment is deployed from the Guardium system.
User runs a Guardium-supplied script against the target database to create a role with the appropriate privileges. User then creates a datasource connection to the database.
Create a security assessment, then select your datasources and desired tests to execute.
Once the execution is done, a report is created, showing what tests have passed and/or failed along with detailed hardening recommendations.
IBM for i version support:
IBM for i 6.1, 7.1 and 7.2 partitions
VA test Coverage (115 tests in total):
Profiles with Special Authorities
Profiles with access to Database Function Usage
Password policies
Database Objects privilege granted to PUBLIC
Database Objects privilege granted to individual user
Database Objects privilege granted with grant option
Security APARs
Entitlement Reports:
Profiles with Special Authorities
Group granted to user
Database Objects privilege granted to PUBLIC
Database Executable Objects privileges granted to PUBLIC
Database Objects privilege granted to individual user
Database Objects privilege granted with grant option
Procedure
Results
What to do when a test fails?
- You can patch your database if it is relating to patches.
- You can re-configure database parameters to best practice recommendation
- You can revoke objects or system privileges that are not required by your applications.
- You can revoke objects granted directly to grantee and grant the object privileges to a role/group and assign the grantee to that role/group
- You can change password policy setting or change users default password.
- If your application required specific grant, you can create exception group and link that to your failed test and re-execute.