SlideShare a Scribd company logo

Top 10 DB2 Support Nightmares #10

Laura Hood, profile picture
Laura Hood

This document discusses a security issue that occurred when improperly configuring DB2 federation. Specifically: 1. A client site configured DB2-LDAP federation but also enabled the FED_NOAUTH parameter, bypassing authentication. 2. This meant any user could connect to the database as any other user without providing the correct password. 3. If the database owner username was guessed, full access to all data could be obtained, potentially exposing the database to a major security breach. The issue was caused by incorrectly enabling the FED_NOAUTH parameter when federation was set up. Proper authentication should have occurred at the database rather than being bypassed. The moral is to not enable

Technology
1 of 8
Download to read offline
1
2
3
4
5
6
7
8
Top 10 DB2 SupportTop 10 DB2 SupportTop 10 DB2 SupportTop 10 DB2 Support Nightmares & How toNightmares & How toNightmares & How toNightmares & How to Avoid ThemAvoid ThemAvoid ThemAvoid Them #10#10#10#10
Part 10 – Beware of over-federating The situation Image of a junior DBA During a DB2-LDAP configuration at a client site we stumbled upon a bizarre security exposure……
Using any DB2 client tool, it was possible to connect to the database as any user without having to get the password right! Once connected to the database, you only had access to the tables that the user had access to. However, this meant if anyone got the right username for the DB2 instance owner then they could select/add/delete any data they liked!
Image of a junior DBA In short, they had SYSADM authority which could potentially lead to a major security exposure. SECURITY BREACH!
How did it happen? In a desperate attempt to get federated technology to work, in addition to enabling the FEDERATED database manager parameter, the FED_NOAUTH (bypass federated authentication) parameter had also been enabled (set to YES). This was the problem. When FED_NOAUTH is set to YES, FEDERATED is set to YES and authentication is set to SERVER or SERVER_ENCRYPT, then authentication at the instance is bypassed. It is assumed that authentication will happen at the data source. The Moral
The moral of the story You do NOT need FED_NOAUTH enabled to implement federation in DB2!
If in doubt, call the experts!
www.triton.co.uk

More Related Content

PDF
Top 10 DB2 Support Nightmares #7
Laura Hood
 
PDF
Top 10 DB2 Support Nightmares #8
Laura Hood
 
PDF
Top 10 DB2 Support Nightmares #1
Laura Hood
 
PPTX
Achieving maximum performance in microsoft vdi environments - Jeff Stokes
Jeff Stokes
 
PDF
10 cool features in defrag 10
aosborne
 
PPTX
Windows 7 client performance talk - Jeff Stokes
Jeff Stokes
 
PPTX
Database Maintenance Optimization Brad Mc Gehee
Pratik joshi
 
PDF
Start Counting: How We Unlocked Platform Efficiency and Reliability While Sav...
VMware Tanzu
 
Top 10 DB2 Support Nightmares #7
Laura Hood
 
Top 10 DB2 Support Nightmares #8
Laura Hood
 
Top 10 DB2 Support Nightmares #1
Laura Hood
 
Achieving maximum performance in microsoft vdi environments - Jeff Stokes
Jeff Stokes
 
10 cool features in defrag 10
aosborne
 
Windows 7 client performance talk - Jeff Stokes
Jeff Stokes
 
Database Maintenance Optimization Brad Mc Gehee
Pratik joshi
 
Start Counting: How We Unlocked Platform Efficiency and Reliability While Sav...
VMware Tanzu
 

Similar to Top 10 DB2 Support Nightmares #10 (20)

PDF
IOD 2012 IDZ-2418A Nationwide's Experince Deploying Trusted Context and Roles
Robert Tilkes
 
PDF
Db2.security.slides
asderww
 
PDF
Top 10 DB2 Support Nightmares #1
Carol Davis-Mann
 
PDF
Db2exc guide 952_mac_x86_64
The Vision and Insight Corner
 
KEY
Administration for Oracle ADF Applications
Andreas Koop
 
KEY
Administration von ADF Anwendungen
enpit GmbH & Co. KG
 
PPTX
Db2 v10.5 An Overview
Srinimf-Slides
 
PPT
2) security
guptavikki99
 
PPTX
Real World Experience: Integrating DB2 with XPages
Steve_Zavocki
 
DOCX
how to protect your sensitive data using oracle database vault
Anar Godjaev
 
DOCX
Db2 v9 dba for linux taining in bangalore
Suvash Chowdary
 
PDF
vRealize Operations (vROps) Management Pack for IBM DB2 Overview
Blue Medora
 
PPT
Deploying MediaWiki On IBM DB2 in The Cloud Presentation
Leons Petražickis
 
PPTX
Fall of a domain | From local admin to Domain user hashes
n|u - The Open Security Community
 
PPTX
Enterprise resource planning system & web enabled databases
Sumya Abdelrazek
 
PPTX
Unit 1_intro_dbms.pptx
ATIFAZEEZ1
 
PDF
Case Project 12-2 Devising an AD DS Design with RODC, AD RMS, and A.pdf
Amansupan
 
PPTX
S3 l3 db2 environment - instances
Mohammad Khan
 
PDF
Ibm db2 10.5 for linux, unix, and windows db2 connect installing and config...
bupbechanhgmail
 
PDF
NA14G05 - A DB2 DBAs Guide to pureScale.pdf
sunildupakuntla
 
IOD 2012 IDZ-2418A Nationwide's Experince Deploying Trusted Context and Roles
Robert Tilkes
 
Db2.security.slides
asderww
 
Top 10 DB2 Support Nightmares #1
Carol Davis-Mann
 
Db2exc guide 952_mac_x86_64
The Vision and Insight Corner
 
Administration for Oracle ADF Applications
Andreas Koop
 
Administration von ADF Anwendungen
enpit GmbH & Co. KG
 
Db2 v10.5 An Overview
Srinimf-Slides
 
2) security
guptavikki99
 
Real World Experience: Integrating DB2 with XPages
Steve_Zavocki
 
how to protect your sensitive data using oracle database vault
Anar Godjaev
 
Db2 v9 dba for linux taining in bangalore
Suvash Chowdary
 
vRealize Operations (vROps) Management Pack for IBM DB2 Overview
Blue Medora
 
Deploying MediaWiki On IBM DB2 in The Cloud Presentation
Leons Petražickis
 
Fall of a domain | From local admin to Domain user hashes
n|u - The Open Security Community
 
Enterprise resource planning system & web enabled databases
Sumya Abdelrazek
 
Unit 1_intro_dbms.pptx
ATIFAZEEZ1
 
Case Project 12-2 Devising an AD DS Design with RODC, AD RMS, and A.pdf
Amansupan
 
S3 l3 db2 environment - instances
Mohammad Khan
 
Ibm db2 10.5 for linux, unix, and windows db2 connect installing and config...
bupbechanhgmail
 
NA14G05 - A DB2 DBAs Guide to pureScale.pdf
sunildupakuntla
 
Ad

More from Laura Hood (20)

PDF
Top 10 DB2 Support Nightmares #9
Laura Hood
 
PDF
Top 10 db2 support nightmares #6
Laura Hood
 
PDF
Consultancy on Demand - Infographic
Laura Hood
 
PDF
A Time Traveller's Guide to DB2: Technology Themes for 2014 and Beyond
Laura Hood
 
PDF
Db2 10 memory management uk db2 user group june 2013 [read-only]
Laura Hood
 
PDF
DB2 10 Security Enhancements
Laura Hood
 
PDF
DbB 10 Webcast #3 The Secrets Of Scalability
Laura Hood
 
PDF
DB2 10 Webcast #2 - Justifying The Upgrade
Laura Hood
 
PDF
DB2 10 Webcast #1 - Overview And Migration Planning
Laura Hood
 
PDF
Time Travelling With DB2 10 For zOS
Laura Hood
 
PDF
DB2DART - DB2Night Show October 2011
Laura Hood
 
PDF
DB2 z/OS & Java - What\'s New?
Laura Hood
 
PDF
Temporal And Other DB2 10 For Z Os Highlights
Laura Hood
 
PDF
DB210 Smarter Database IBM Tech Forum 2011
Laura Hood
 
PDF
UKGSE DB2 pureScale
Laura Hood
 
PPTX
UKCMG DB2 pureScale
Laura Hood
 
PDF
Episode 4 DB2 pureScale Performance Webinar Oct 2010
Laura Hood
 
PDF
Episode 3 DB2 pureScale Availability And Recovery [Read Only] [Compatibility...
Laura Hood
 
PDF
Episode 2 Installation Triton Slides
Laura Hood
 
PDF
Episode 2 DB2 pureScale Installation, Instance Management & Monitoring
Laura Hood
 
Top 10 DB2 Support Nightmares #9
Laura Hood
 
Top 10 db2 support nightmares #6
Laura Hood
 
Consultancy on Demand - Infographic
Laura Hood
 
A Time Traveller's Guide to DB2: Technology Themes for 2014 and Beyond
Laura Hood
 
Db2 10 memory management uk db2 user group june 2013 [read-only]
Laura Hood
 
DB2 10 Security Enhancements
Laura Hood
 
DbB 10 Webcast #3 The Secrets Of Scalability
Laura Hood
 
DB2 10 Webcast #2 - Justifying The Upgrade
Laura Hood
 
DB2 10 Webcast #1 - Overview And Migration Planning
Laura Hood
 
Time Travelling With DB2 10 For zOS
Laura Hood
 
DB2DART - DB2Night Show October 2011
Laura Hood
 
DB2 z/OS & Java - What\'s New?
Laura Hood
 
Temporal And Other DB2 10 For Z Os Highlights
Laura Hood
 
DB210 Smarter Database IBM Tech Forum 2011
Laura Hood
 
UKGSE DB2 pureScale
Laura Hood
 
UKCMG DB2 pureScale
Laura Hood
 
Episode 4 DB2 pureScale Performance Webinar Oct 2010
Laura Hood
 
Episode 3 DB2 pureScale Availability And Recovery [Read Only] [Compatibility...
Laura Hood
 
Episode 2 Installation Triton Slides
Laura Hood
 
Episode 2 DB2 pureScale Installation, Instance Management & Monitoring
Laura Hood
 
Ad

Recently uploaded (20)

PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
Cloud computing and distributed systems.
kkkkkhan
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 

Top 10 DB2 Support Nightmares #10

  • 1. Top 10 DB2 SupportTop 10 DB2 SupportTop 10 DB2 SupportTop 10 DB2 Support Nightmares & How toNightmares & How toNightmares & How toNightmares & How to Avoid ThemAvoid ThemAvoid ThemAvoid Them #10#10#10#10
  • 2. Part 10 – Beware of over-federating The situation Image of a junior DBA During a DB2-LDAP configuration at a client site we stumbled upon a bizarre security exposure……
  • 3. Using any DB2 client tool, it was possible to connect to the database as any user without having to get the password right! Once connected to the database, you only had access to the tables that the user had access to. However, this meant if anyone got the right username for the DB2 instance owner then they could select/add/delete any data they liked!
  • 4. Image of a junior DBA In short, they had SYSADM authority which could potentially lead to a major security exposure. SECURITY BREACH!
  • 5. How did it happen? In a desperate attempt to get federated technology to work, in addition to enabling the FEDERATED database manager parameter, the FED_NOAUTH (bypass federated authentication) parameter had also been enabled (set to YES). This was the problem. When FED_NOAUTH is set to YES, FEDERATED is set to YES and authentication is set to SERVER or SERVER_ENCRYPT, then authentication at the instance is bypassed. It is assumed that authentication will happen at the data source. The Moral
  • 6. The moral of the story You do NOT need FED_NOAUTH enabled to implement federation in DB2!
  • 7. If in doubt, call the experts!