TeamSHATTER

Threat Finder

Threat ID

2541

Threat Date

02/13/2012

Threat Name

Maximum connection limits

CVE Reference

CVE-NO-MATCH

CCE Reference

CCE-NO-MATCH

Risk

Low

Database Type

IBM DB2

Category

Misconfigurations

Versions

All versions of IBM DB2 LUW

Summary

It is recommended that the number of client connections be limited. This could be done setting database manager parameters MAX_COORDAGENTS and MAX_CONNECTIONS, and database parameter MAXAPPLS.

Overview

The process of connecting to a DB2 server involves the creation of a DB2 agent, establishing a network connection between this agent and the DB2 server and creation of DB2 process on the server. One coordinating agent is acquired for each local or remote application that connects to a database or attaches to an instance.
Connection limits can be set using following parameters

- MAX_COORDAGENTS: this parameter determines the maximum number of coordinating agents that can exist at one time on a server node. When Concentrator is OFF, this effectively limits the number of concurrent connections. Default: 200. Recommended: 100.

- MAX_CONNECTIONS: indicates the maximum number of client connections allowed per database partition. Default: -1 (translates to MAX_COORDAGENTS value). Recommended: MAX_COORDAGENTS value.

- MAXAPPLS: this parameter specifies the maximum number of concurrent applications that can be connected (both local and remote) to a database. Default: no limit (automatic), subject to a change by Configuration Advisor upon Database creation. Recommended: less than MAX_COORDAGENTS value.
Note: This parameter is not verified automatically in DB2 v8.x, as it needs some special conditions not present in a default installation. You have to check this parameter manually for v8.x.

References

http://publib.boulder.ibm.com/infocenter/db2luw/v9r7/index.jsp?topic=%2Fcom.ibm.db2.luw.admin.config.doc%2Fdoc%2Fr0000139.html
http://publib.boulder.ibm.com/infocenter/db2luw/v9r7/index.jsp?topic=%2Fcom.ibm.db2.luw.admin.config.doc%2Fdoc%2Fr0000279.html
http://publib.boulder.ibm.com/infocenter/db2luw/v9r7/index.jsp?topic=%2Fcom.ibm.db2.luw.admin.config.doc%2Fdoc%2Fr0003289.html
http://publib.boulder.ibm.com/infocenter/db2luw/v9r7/index.jsp?topic=%2Fcom.ibm.db2.luw.admin.config.doc%2Fdoc%2Fr0052306.html

VMSKey

STIGID

Additional information including fix script information is available in the licensed versions of Application Security's DbProtect and AppDetectivePro solutions.