Welcome to the first DB2 Security Magic Tricks Show. Today, I will demonstrate how I can read your mind.
Studio Audience: As I ask the questions, please think hard so that I can pick up the vibes that you are sending.
What operating system ports are you using for DB2? Please concentrate on the answer. No, I don’t mean the value for the DBM CFG svcename parameter. I mean the actual port; but that was a good question. Yes, I can see a number now, but your answer is a little bit cloudy. You’re thinking either 50000 or 60000. It is one of those. Sorry, that’s the best I can do since you seem to be sending mixed messages.
Let me try another. Think about the DB2 instance names. Thank you for thinking so hard. This is much clearer. Is one of them db2inst1?
Oh, I didn’t even need to ask this, you just started thinking it on your own. You have a DBA with an authorization ID of DB2ADMIN, don’t you?
Did I get any of these magic tricks right?
Ok, I admit it. No magic was actually involved. My tricks relied on the fact that many shops use defaults and don’t go back and change them. I was hoping that I would be wrong with every answer, but based on what I see in my consulting work, I suspected that would not be the case. My experience says I can guess correctly on these questions about 60% of the time. Those are good odds for a first attempt with most magic tricks.
If I guessed correctly, I know too much about your environment. If I know too much, then those who work on the dark side of security know too much about your architecture too and that part of this magic trick should bother you.
If I got it wrong….my congratulations to you and your team. Keep up the good work!
Comments? Suggestions? Concerns? My email is always open. db2locksmith@securedb2.com
