3.1.6 Disable Client Discovery Requests (DISCOVER)

Information

The DISCOVER parameter determines what kind of discovery requests, if any, the Db2 client can make. It is recommended that this is disabled.

Rationale:

Discovery capabilities may be used by a malicious entity to derive the names of and target Db2 instances. In this configuration, the client can not issue discovery requests.

Solution

Run the following command:

db2 => update database manager configuration using discover disable

See Also

https://workbench.cisecurity.org/benchmarks/10752

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b.

Plugin: Windows

Control ID: fe7c837bf006a6ed34dba0331f42d21fe85ec89c8c4be74394b34ca5966e3c16