HPE Community
Operating System - HP-UX
1753771 Members
4807 Online
108799 Solutions
New Discussion юеВ

Informix Database -- How to secure

 
nibble
Super Advisor

тАО03-03-2005 09:04 PM

тАО03-03-2005 09:04 PM

Informix Database -- How to secure

guys, can anyone point me on some docs on how to secure or apply security measures with Informix DAtabase Servers? ive tried searching, but to no avail.

tnx,
0 Kudos
Reply
5 REPLIES 5
Peter Godron
Honored Contributor

тАО03-03-2005 09:29 PM

тАО03-03-2005 09:29 PM

Re: Informix Database -- How to secure

Hi,
could you expand a bit on what you want to do? Do you want to secure the UNIX side or try and improve Informix security?
What sort of threat do you want to secure against?
Basics would be :
Seperate dba userid
Tight file/directory access protection
Mirroring of db file disks
Password strengthening
Regards
0 Kudos
Reply
Ranjith_5
Honored Contributor

тАО03-03-2005 09:32 PM

тАО03-03-2005 09:32 PM

Re: Informix Database -- How to secure

Hi ,

The following would be helpful to you.

http://www.governmentsecurity.org/articles/DatabaseSecurityPart1.php


Regards,
Syam
0 Kudos
Reply
JJ_4
Frequent Advisor

тАО03-05-2005 06:09 AM

тАО03-05-2005 06:09 AM

Re: Informix Database -- How to secure

What version of IBM Informix are you running?

There are several scripts within the 9.40.xC6 products that secure certain aspects ...

$INFORMIXDIR/etc/make-informixdir-secure

and

$INFORMIXDIR/bin/ibmifmx_security.sh

but (as previously said) you need to expand on what you want to make secure :D

Not enough Zappa makes you sad.
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО03-05-2005 12:39 PM

тАО03-05-2005 12:39 PM

Re: Informix Database -- How to secure

This is a really complex question. It all depends on what security you are trying to accomplish. Are you trying to meet HIPAA requirements or just trying to improve things? For a really secure solution, you have to move the database (the data) and the engine to another computer which is virtually inaccessible from any other network. Separation of user access from the database server is always a good idea. Make sure the DBAs haven't messed with devicefile permissions and ownerships. Raw data volumes must never be 666 or 777. And Informix (any database system) design/maintenance should never require root access. Ideally, all sysadmins must use sudo so root logins occur very seldom.

Check out Chris Wong's book on HP-UX Security. The real difficulty is locking down an existing system. Bad habits and poor code will cause problems as security is tightened.


Bill Hassell, sysadmin
0 Kudos
Reply
nibble
Super Advisor

тАО03-06-2005 01:07 PM

тАО03-06-2005 01:07 PM

Re: Informix Database -- How to secure

actually, its not on the OS side. its the informix database itself. i need only the standard security measures for Informix Database Server. same with standard C2/hardening compliance with OS.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.