IBM Security Guardium

 View Only
  • 1.  Database Integration with SSL based Traffic

    Posted Thu May 05, 2022 02:20 AM
    Hi Everyone,

    Have a doubt for
    If DB has SSL based traffic between Database applications (Squirrel, Toadplus etc) and DB.
    Is this the normal procedure for GIM and STAP installation? Running with Redhat- 7.9 with DB2-11.5
    Do we need to change any installation procedure?
    If we do normal GIM & STAP installation, Will Guardium logs only normal traffic?
    What about encrypted traffic?

    Note: DBA users connect database with normal traffic port  and SSL traffic port

    Thanks,
    Panendar Rao.C

    ------------------------------
    PHANENDRA RAO CHAVANA
    ------------------------------


  • 2.  RE: Database Integration with SSL based Traffic

    Posted Fri May 06, 2022 07:47 PM
    If you use the DB2_EXIT approach, Guardium collects after the SSL encryption on Db2 LUW.

    This was a config we used in testing on Db2 11.1.

    [DB_0]

    connect_to_ip=127.0.0.1

    db2_fix_pack_adjustment=20

    db2_shmem_client_position=61440

    db2_shmem_size=131072

    db2bp_path=NULL

    db_exec_file=/home/db2inst1/sqllib/adm/db2sysc

    db_install_dir=/home/db2inst1

    db_type=DB2_EXIT

    encryption=0

    db_version=10

    intercept_types=NULL

    load_balanced=1

    port_range_end=50435

    port_range_start=50435

    real_db_port=50435

    tap_identifier=NULL

    tee_listen_port=NULL

    unix_domain_socket_marker=NULL

    networks=

    exclude_networks=   


    also see - Linux-UNIX: Configuring Db2 Exit
    Ibm remove preview
    Linux-UNIX: Configuring Db2 Exit
    The Db2 exit module enables S-TAP to monitor any Db2 database activities, whether encrypted or not and whether local or remote. It does not require A-TAP or K-TAP.
    View this on Ibm >


    ------------------------------
    Tony Winch
    Principal Consultant
    Datasync Consulting
    ------------------------------



  • 3.  RE: Database Integration with SSL based Traffic

    Posted Wed May 11, 2022 12:23 AM
    Thank you so much Tony

    ------------------------------
    PHANENDRA RAO CHAVANA
    ------------------------------