4.1.15 Disable Database Discoverability (DISCOVER_DB)

Information

The DISCOVER_DB parameter specifies whether the database can be discovered in the network. It is recommended that databases not be discoverable.

Rationale:

Discovery capabilities may be used by a malicious entity to derive the names of and target Db2 databases.

Solution

Connect to the Db2 database.

db2 => connect to <dbname>

Run the following command:

db2 => update database configuration using discover_db disable

See Also

https://workbench.cisecurity.org/benchmarks/10752

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7

Plugin: Windows

Control ID: 6f52dff2af8d10c5b48af916e9d06d9a46d86c20fa279908b236c7db7364c0b6