Elements of security in a TCP/IP network

 

DDM and DRDA^® over native TCP/IP does not use i5/OS^® communications security services and concepts such as communications devices, modes, secure location attributes, and conversation security levels which are associated with Advanced Program-to-Program Communication (APPC). Therefore, security setup for TCP/IP is quite different.

• Application requester security in a TCP/IP network
  Different connectivity scenarios call for using different levels of authentication. Therefore, an administrator can set the lowest security authentication method required by the application requester (AR) when connecting to an application server (AS) by setting the preferred authentication method field in each RDB directory entry.

• Application server security in a TCP/IP network
  The TCP/IP server has a default security of user ID with clear-text password. This means that, as the server is installed, inbound TCP/IP connection requests must have at least a clear-text password accompanying the user ID under which the server job is to run.

• Connection security protocols for DDM and DRDA
  Several connection security protocols are supported by the current DB2^® UDB for iSeries™ implementation of distributed data management (DDM) or Distributed Relational Database Architecture™ (DRDA) over TCP/IP.

• Secure Sockets Layer for DDM and DRDA
  DB2 Universal Database™ for iSeries Distributed Relational Database Architecture (DRDA) clients do not support Secure Sockets Layer (SSL).

• Internet Protocol Security Architecture for DDM and DRDA
  Internet Protocol Security Architecture (IPSec) is a security protocol in the network layer that provides cryptographic security services. These services support confidential delivery of data over the Internet or intranets.

• Considerations for certain passwords being sent as clear text
  Although the i5/OS operating system supports the encryption of connection passwords, one of the connection security options you can specify in setting up an RDB directory entry is *USRIDPWD.

• Ports and port restrictions for DDM and DRDA
  With the advent of new choices for the security of distributed data management (DDM) communications, the system administrator can restrict certain communications modes by blocking the ports they use. This topic discusses some of these considerations.

 

Parent topic:

Elements of distributed relational database security