Reserve the desired port number or name for incoming SSL connections

Details

The ssl_svcename configuration parameter defines the name or number of the port the database server listens for incoming communications from remote client nodes using the SSL protocol. The ssl_svcename and svcename port numbers cannot be the same.

On Linux operating systems, the ssl_svcename file is located in: /etc/services

Consider using a non-default port to help protect the database from attacks directed to a default port.

Solution

Run the following command to set the ssl_svcename parameter value.
db2 => update dbm cfg using ssl_svcename immediate or deferred
Default Value:
Null

Supportive Information

The following resource is also helpful.

https://workbench.cisecurity.org/files/1654https://workbench.cisecurity.org/files/1654

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles