[ISN] Don't Wait To Lock Down DB2

From: InfoSec News <alerts_at_private>
Date: Mon, 11 Jan 2010 00:49:34 -0600 (CST)
http://www.darkreading.com/database_security/security/app-security/showArticle.jhtml?articleID=222300099

By Ericka Chickowski
DarkReading
Special to Dark Reading
Jan 08, 2010

As pundits ponder how IBM will leverage its acquisition of database 
security vendor Guardium to add more security features and 
functionalities to its in-house DB2 databases, now is the time for 
organizations to re-examine their DB2 security strategies. But many 
haven't even tapped the security features they already have available in 
DB2.

Many organizations don't take advantage of the existing capabilities 
that DB2 provides for locking down access to information, IBM executives 
say. Among DB2's extant security controls, some of the most powerful 
features that organizations often leave untouched -- to their detriment 
-- revolve around access control. These include two biggies: utilities 
label-based access control (LBAC) and trusted context.

LBAC, which is designed to offer fine-grained access control, lets DB2 
administrators extend controls over data that reach far beyond the 
simple masking of rows or columns. Administrators can use LBAC to 
control table objects by attaching security labels to them. Users who 
try to access these objects must have the corresponding security label 
granted to them in order to view that data.

"I think that's one of the newer areas where, in my experience with 
clients, they haven't leveraged a lot of it yet," says Jim Lee, director 
of product management and strategy for IBM's Information Management 
division. "I think LBAC is not commonly used today."

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org
Received on Sun Jan 10 2010 - 22:49:34 PST

This archive was generated by hypermail 2.2.0 : Sun Jan 10 2010 - 22:59:48 PST