Securing DB2 and Implementing MLS on z/OS
An IBM Redbooks publication
Note: This is publication is now archived. For reference only.
Published on 04 April 2007
ISBN-10: 0738486116
ISBN-13: 9780738486116
IBM Form #: SG24-6480-01
Authors: Chris Rayns, Doug Behrends, Rick Butler, Kirsten Ann Larsen, Maggie Lin and Glenn Yuki
Today's computing environment is subject to increasing regulatory pressures and potentially malicious attacks.
Regulatory compliance, security, and audit are in the daily headlines and growing more prominent.The security of the information to which you have been entrusted has never been more critical. The reality of compliance is too complex.
Compliance demands that you work carefully to set up a strong, comprehensive set of policies and controls. That means controls that consider operational data, financial data, unstructured data, spreadsheets, e-mail, and business intelligence data.
We have a responsibility to secure all business data and especially sensitive customer data. Security can be difficult to manage. IBM DB2 for z/OS already resides on one of the most secure platforms in the industry. IBM System z servers are routinely used by enterprises around the world to support their mission-critical applications. The mainframe's strengths in security stem in part from its history of supporting sensitive data for large enterprises, resulting in security features being built into its design for many decades. It also benefits from a system-wide approach with security capabilities built into the hardware, operating systems, databases, key middleware and more. Its highly evolved layers and security management components give it a fundamental advantage over other systems.
Chapter 1. What is new in security
Chapter 2. Security labels
Chapter 3. MLS
Chapter 4. Vanguard solution
Chapter 5. MLS as applied to TCP/IP communications
Chapter 6. DB2 access control overview
Chapter 7. DB2 and multilevel security
Chapter 8. Network trusted contexts and roles
Chapter 9. A WebSphere implementation
Chapter 10. RACF access control module
Appendix A. Trusted context syntax
Appendix B. RACF options that control the use of security labels
Appendix C. Enterprise Identity Mapping