Threat Finder

Threat ID
2541
Threat Date
02/13/2012
Threat Name
Maximum connection limits
CVE Reference
CVE-NO-MATCH
CCE Reference
CCE-NO-MATCH
Risk
Low
Database Type
IBM DB2
Category
Misconfigurations
Versions
All versions of IBM DB2 LUW
Summary
It is recommended that the number of client connections be limited. This could be done setting database manager parameters MAX_COORDAGENTS and MAX_CONNECTIONS, and database parameter MAXAPPLS.
Overview
The process of connecting to a DB2 server involves the creation of a DB2 agent, establishing a network connection between this agent and the DB2 server and creation of DB2 process on the server. One coordinating agent is acquired for each local or remote application that connects to a database or attaches to an instance.
Connection limits can be set using following parameters

- MAX_COORDAGENTS: this parameter determines the maximum number of coordinating agents that can exist at one time on a server node. When Concentrator is OFF, this effectively limits the number of concurrent connections. Default: 200. Recommended: 100.

- MAX_CONNECTIONS: indicates the maximum number of client connections allowed per database partition. Default: -1 (translates to MAX_COORDAGENTS value). Recommended: MAX_COORDAGENTS value.

- MAXAPPLS: this parameter specifies the maximum number of concurrent applications that can be connected (both local and remote) to a database. Default: no limit (automatic), subject to a change by Configuration Advisor upon Database creation. Recommended: less than MAX_COORDAGENTS value.
Note: This parameter is not verified automatically in DB2 v8.x, as it needs some special conditions not present in a default installation. You have to check this parameter manually for v8.x.
References
http://publib.boulder.ibm.com/infocenter/db2luw/v9r7/index.jsp?topic=%2Fcom.ibm.db2.luw.admin.config.doc%2Fdoc%2Fr0000139.html
http://publib.boulder.ibm.com/infocenter/db2luw/v9r7/index.jsp?topic=%2Fcom.ibm.db2.luw.admin.config.doc%2Fdoc%2Fr0000279.html
http://publib.boulder.ibm.com/infocenter/db2luw/v9r7/index.jsp?topic=%2Fcom.ibm.db2.luw.admin.config.doc%2Fdoc%2Fr0003289.html
http://publib.boulder.ibm.com/infocenter/db2luw/v9r7/index.jsp?topic=%2Fcom.ibm.db2.luw.admin.config.doc%2Fdoc%2Fr0052306.html
VMSKey
STIGID

Additional information including fix script information is available in the licensed versions of Application Security's DbProtect and AppDetectivePro solutions.

Powered by