3.3.3 Disable DAS discoverability

Information

The discover parameter specifies the discovery mode for the DB2 Administration Server. It is recommended that this parameter be set to DISABLE.

The DB2 Administration Server should not handle any type of discovery request. This will prevent a malicious user from discovering all DB2 servers on the network.

Solution

1. Attach to the DB2 instance.
db2 => attach to $DB2INSTANCE
2. Run the following command from the DB2 command window:
db2 => update admin configuration using discover disable
Default Value:
The default value for DISCOVER is SEARCH.

See Also

https://workbench.cisecurity.org/files/1654

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b., CSCv6|9.1

Plugin: Windows

Control ID: 5408cb8cfe7a5e149d458dca067a4007416e54520264ac1030270811ff5f6072