3152 - Db2 13 for z_OS 安全更新.pdf

1、Sponsored byData Technical Summit IBM TechXchange 2025Db2 13 for z/OS Security Updates3152 Db2 13 for z/OS Security UpdatesGaya ChandranIBM,STSM Db2 for z/OS Security Challenges and Best PracticesSecurity Best PracticesEncrypt data on the networkAdopt secure authentication mechanismsIncorporate sepa

2、ration of dutiesLimit the use of privileged usersRestrict the use of implicit privilegesLimit the view of data Encrypt sensitive data Enable auditing of privileged usersEnable auditing of tables with sensitive dataPeriodic audits to verify security processIBM TechXchange|2025 IBM Corporation2Securit

3、y Challenges$4.44M$4.44MGlobal average cost of a data breach in 2025 11 Source:Cost of a Data Breach Report 2025-https:/ cost of malicious insider attack 197%97%Share of organizations that reported an AI-related breach and lacked proper AI access controls1Secure Communications Secure Communications

4、010203RACF Identity TokenGranular Connection ControlsDb2 REST Cross Origin Resource Sharing(CORS)IBM TechXchange|2025 IBM CorporationRACF Identity Token(IDT)JSON Web Token(JWT)identifies an authenticated user IDTs are JWTs(JSON Web Tokens)issued by SAF Db2 for z/OS IDT support provides the capabilit

5、y to Obtain an IDT to be used as an authentication token in an outbound connection from Db2 Validate a provided IDT that represents a user ID including protected user IDs Accept an IDT as an authentication token,which is passed to RACF for verificationIBM TechXchange|2025 IBM CorporationRequires Db2

6、 function level,V13R1M505 and Db2 APARs PH55599/PH61188Requires RACF IDT2 support for obtaining IDT for protected user IDs RACF APAR OA63462/SAF APAR OA63463RACF Identity Token(IDT)IBM TechXchange|2025 IBM Corporation RACF IDTDATA class profile must exist on the Db2 for z/OS requester and server sys