Information
Encryption can be performed with various algorithms, some of which are outdated and should no longer be used.
Rationale:
Using an outdated algorithm can leave the data vulnerable. As new methods of attack are created and hardware processing speeds increase, the encryption algorithms can become vulnerable. Thus, only current encryption algorithms should be used. 3DES is an outdated encryption algorithm and should not be used.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
To determine what encryption options used to encrypt the database you can run the following command:
db2 => get db cfg | grep -i encrypt
Encryption Library for Backup (ENCRLIB) = libdb2encr.so
Encryption Options for Backup (ENCROPTS) = CIPHER=AES:MODE=CBC:KEY LENGTH=256
Encrypted database = YES
ENCROPS should not contain CIPHER=3DES algorithm, because 3DES is not secure. CIPHER=AES is secure.
You can also check the current database encryption settings:
db2 => SELECT * FROM TABLE(SYSPROC.ADMIN_GET_ENCRYPTION_INFO())
You must be connected to the database to run this command. From the information retrieved, the ALGORITHM should not be 3DES.