Common Criteria Certification: Administration and User Documentation -Volume 1
正在加载中...
资料简介:
和大家一起分享
About this book
This book, consisting of volumes 1 and 2, is intended for use by assessors
validating that specific DB2 database products conform to the Common Criteria
EAL4 specification augmented with Flaw remediation ALC_FLR.1. It is also
intended for those who want to set up a DB2 environment that conforms to the
characteristics of the evaluated environment.
Volume 1 describes:
v The DB2 process model
v The DB2 security model, and the facilities available to set up and maintain
security
v How to set up the DB2 environment so that it conforms to the requirements of
the Common Criteria EAL4 specification
v How to audit activity in the environment
v Background information that you should be familiar with before setting up the
DB2 database environment
v Security-related considerations that are applicable to users of the DB2 database
environment, including the type of authorization that the administrator must
give to a user before that user can work with DB2 utilities.
v DB2 commands.
Regarding security considerations on SQL statements and SQL routines (found in
chapters 5 and 6):
v Passwords appear in SQL statements in plain text. As such, any program or
script containing such statements needs appropriate protection with OS- and
DBMS-provided mechanisms.
v A major database vulnerability (generic) is SQL injection. As such, use caution
and validate any direct user input looking for SQL injection attacks—looking for
SQL statements, special characters such as {},; and quotes.
Note: This book does not provide information on how to install DB2 database
servers. For installation information, See the Version 9.7 Installing IBM DB2
Enterprise Server Edition.
Some topics in book link to related topics, which are either included in Appendix
A in order to resolve the links, or that are referenced outside of the Common
Criteria certification documentation. These are for informational purposes only, and
are not required for either installing or configuring a Common Criteria compliant
environment.
About this book
This book, consisting of volumes 1 and 2, is intended for use by assessors
validating that specific DB2 database products conform to the Common Criteria
EAL4 specification augmented with Flaw remediation ALC_FLR.1. It is also
intended for those who want to set up a DB2 environment that conforms to the
characteristics of the evaluated environment.
Volume 1 describes:
v The DB2 process model
v The DB2 security model, and the facilities available to set up and maintain
security
v How to set up the DB2 environment so that it conforms to the requirements of
the Common Criteria EAL4 specification
v How to audit activity in the environment
v Background information that you should be familiar with before setting up the
DB2 database environment
v Security-related considerations that are applicable to users of the DB2 database
environment, including the type of authorization that the administrator must
give to a user before that user can work with DB2 utilities.
v DB2 commands.
Regarding security considerations on SQL statements and SQL routines (found in
chapters 5 and 6):
v Passwords appear in SQL statements in plain text. As such, any program or
script containing such statements needs appropriate protection with OS- and
DBMS-provided mechanisms.
v A major database vulnerability (generic) is SQL injection. As such, use caution
and validate any direct user input looking for SQL injection attacks—looking for
SQL statements, special characters such as {},; and quotes.
Note: This book does not provide information on how to install DB2 database
servers. For installation information, See the Version 9.7 Installing IBM DB2
Enterprise Server Edition.
Some topics in book link to related topics, which are either included in Appendix
A in order to resolve the links, or that are referenced outside of the Common
Criteria certification documentation. These are for informational purposes only, and
are not required for either installing or configuring a Common Criteria compliant
environment.
2011-05-23
页数1133
浏览1751
下载8