DbProtect 6.2User GuideLast Modified December 8, 2010

Application Security, Inc.www.AppSecInc.cominfo@appsecinc.com1-866-9APPSEC

Contents

Introduction 5About DbProtect: The Enterprise Solution for Database Security 5Subjects Discussed in This Guide 6Intended Audience 6Logging In to the DbProtect Console 11Troubleshooting Your DbProtect Console Login 17Logging In to DbProtect After Session Timeout 21Global Navigation in DbProtect 21DbProtect Administration: Content/Compliance Packs, Data Sources, and System Infor-mation 23DbProtect Organizations, Users, and User Roles 25Customer Support 57

Asset Management 59Understanding Asset Management 59Asset Search 60

Vulnerability Management 81Understanding the DbProtect Vulnerability Management Portal User Interface (UI) 81DbProtect Vulnerability Management UI Components 84Vulnerability Management User Roles 88Working with Jobs 89Discovery Jobs 93Penetration Test Jobs 98Audit Jobs 104Pen Test and Audit Reports 120Report Jobs 122Working with the Dashboard 154Working with Scan Engines 161

Working with Policies 180Working with Credential Profiles and User Credential Files 202Working with Fix Scripts 235

Rights Management 257Why Assess Database User Rights? 257Understanding The Rights Management User Interface 266

Audit and Threat Management 275Understanding the DbProtect Audit and Threat Management User Interface 275Audit and Threat Management User Roles 295Sensors 295Alerts 402Policies 414Dashboard 437Filters 441Reports 494System Settings: Email Forwarding Rules, Forwarding Settings, Email Server Settings 522

DbProtect Analytics 549Understanding DbProtect Analytics 549DbProtect Analytics Dashboards 552DbProtect Analytics Reports 563DbProtect Analytics Troubleshooting 578Key Issues 581

Compliance Packs 595Understanding Compliance Packs 595Interpreting Your Generated Compliance Pack Dashboards, and Displaying/Interpreting Your Generated Compliance Pack Reports 604

Data Sources 609Understanding Data Sources 609Working with Oracle Audit Vault as a DbProtect Data Source 610

Appendices 619Appendix B: Monitoring Oracle Databases in an Oracle Fail Safe Environment: Sensor and Cluster Configuration Steps 632Appendix C: Installing and Configuring a Host-Based Sensor for Oracle to Monitor Oracle Databases on an Oracle RAC 637Appendix D: Oracle Critical Patch Update Detection 639Appendix E: Importing Session Data with the DbProtect Import Utility 644Appendix F: Using the Configuration Manager Tool 665Appendix G: Moving or Changing Your DbProtect Back-End Database 668Appendix H: Required Audit Privileges 673Appendix I: Fix Scripts (Detail) 733Appendix J: Backing Up, Restoring, Archiving, and Purging Alerts 784Appendix K: Open Ports (on Computers Running Microsoft SQL Server) Required to Run Discoveries, Pen Tests, and Audits 791Appendix L: Troubleshooting Guide 792

Chapter 1 Introduction

About DbProtect: The Enterprise Solution for Database Security

DbProtectisadatabasesecurity,riskandcomplianceapplicationdesignedtomeettheneedsofcompanieswithlargeheterogeneousdatabaseenvironments.DbProtectssITriskmanagementframework,securitycontrols,continuouscontrolsmonitoring,andgovernancefordatabasesmakeittheleadingsolutiononthemarkettoday.

DbProtectisacentrallymanagedenterprisesolutionthatusesaprovenmethodologyforinformationassurance.ItisbuiltontheindustrysleadingandmostcomprehensivedatabasesecurityknowledgebasecalledSHATTERwhichaccuratelyidentifiesvulnerabilities,risks,andactualthreats.

DbProtectaccomplishesthefollowingtosecureenterprisedata:

DISCOVERYIdentifiesandlocatatesalldatabasesonagivensystem

CLASSIFICATIONIdentifiesriskstobusinessanddevelopmentpolicies

ASSESSMENTAnalyzesdatabasestructuresforsecurityrisks,anddetermineswhatprivilegeshavebeenassignedtousers

PRIORITIZATIONCreatesaplantomitigaterisks

FIXExecutestheplanandfixestheviolations

Introduction

6

MONITORINGAppliescompensatingcontrolswhereafixcannotbeapplied

TheDbProtectplatformprotectsenterpriseorganizationsaroundtheworldfrominternalandexternalthreats,whilealsoensuringthatthoseorganizationsmeetorexceedregulatorycompliancerequirements.Atitscore,DbProtectisbuiltontoolsdevleopedfromtheSHATTERKnowledgebase,including:AssetManagement;PolicyManagement;VulnerabilityManagement;RightsManagement;Configuration&PatchManagement;Audit&ThreatManagement;andAnalytics&Reporting.

Subjects Discussed in This Guide

Thisguideconsistsofthefollowinghighleveltopics:

AssetManagementVulnerabilityManagementRightsManagementAuditandThreatManagementDbProtectAnalyticsCompliancePacksDataSources

Intended Audience

ThisguideisintendedforpersonsresponsiblefordaytodayusageofDbProtect.Typically,thoseresponsibleforinstallingDbProtecthavethefollowing(sometimesoverlapping)jobroles:

SystemAdministratorsNetworkAdministratorsDatabaseAdministrators

System Administrators

SystemAdministratorsmaintainandoperateacomputersystemand/ornetwork.Theirdutiesvaryfromoneorganizationtoanother.Systemadministratorsare

Application Security, Inc.

usuallychargedwithinstalling,supporting,andmaintainingserversorothercomputersystems,andplanningforandrespondingtoserviceoutagesandotherproblems.Otherdutiesmayincludescriptingorlightprogramming,projectmanagementforsystemsrelatedprojects,supervisingortrainingcomputeroperators,andhandlingcomputerproblemsbeyondtheknowledgeoftechnicalsupportstaff.

Network Administrators

NetworkAdministratorsareresponsibleforthemaintenanceofthecomputerhardwareandsoftwarethatcomprisesanetwork.Thisnormallyincludesthedeployment,configuration,maintenanceandmonitoringofactivenetworkequipment.Networkadministrationcommonlyincludesactivitiesandtaskssuchasnetworkaddressassignment,assignmentofroutingprotocolsandroutingtableconfiguration,aswellasconfigurationofauthenticationandauthorizationdirectoryservices.Anetworkadministratorsdutiesoftenalsoincludemaintenanceofnetworkfacilitiesinindividualmachines,suchasdriversandsettingsofpersonalcomputers,aswellasprintersandsoon.NetworkadministratorsarealsoresponsibleforthesecurityofthenetworkandforassigningIPaddressestothedevicesconnectedtothenetworks.

Database Administrators

DatabaseAdministrators(DBAs)areresponsiblefortheenvironmentalaspectsofadatabase.Ingeneral,theseinclude:

Recoverabilitycreatingandtestingbackups Integrityverifyingorhelpingtoverifydataintegrity Securitydefiningand/orimplementingaccesscontrolstothedata Availabilityensuringmaximumuptime Performanceensuringmaximumperformance Developmentandtestingsupporthelpingprogrammersandengineerstoefficientlyutilizethedatabase

TheroleofaDBAhaschangedaccordingtothetechnologyofdatabasemanagementsystems(DBMSs),aswellastheneedsofthedatabaseowners.

Application Security, Inc. 7

Introduction

8

DbProtect Components

ThefollowingdiagramillustrateshowDbProtectcomponentsinteractandshowswhichstandardlisteningportsmustbeopeninorderforDbProtecttowork.

Console

TheConsoleisthewebbrowserbased,graphicalcomponentofDbProtectthatallowsyoutonavigatetothevariousfeaturesofDbProtect.

ForinformationonminimumsystemrequirementsandinstallationinstructionsfortheConsole,seetheDbProtectInstallationGuide.

Application Security, Inc.

Scan Engines

DbProtectsnetworkbased,vulnerabilitymanagementscanenginesdiscoverdatabaseapplicationswithinyourinfrastructureandassessestheirsecuritystrength.Backedbyaprovensecuritymethodologyandextensiveknowledgeofapplicationlevelvulnerabilities,DbProtectlocates,examines,reports,andfixessecurityholesandmisconfigurations.Scanenginesscanyourdatabasesforvulnerabilities,andallowyoutoperformpenetration(pen)testsandauditsagainstthem.

Targetdatabases(onWindows)include:

Oracle OracleApplicationServer SQLServer LotusNotes/Domino Sybase DB2 DB2ontheMainframe MySQL

Sensors

Sensorsdeliverdatabasespecificprotectionandalertingforbestinclassprotectionofenterpriseorganizations.YoucanfinetuneyoureventdetectionparametersandcustomizewhichauditandsecurityeventsaremonitoredbyDbProtect.Thishelpsyoufocussecurityeffortsonrelevantinformation,whilebypassingfalsepositivesandirrelevantevents.DbProtectsASAPUpdatesensurethatprotectionremainsuptodateasnewvulnerabilitiesareidentifiedandpatchesarereleased.Comprehensivepoliciesandrulesdefinitions,informedbyindustrybestpractices,enablesecurityauditinganddocumentationspecificforenterpriseenvironments.

ForinformationonminimumsystemrequirementsandinstallationinstructionsforSensors,seetheDbProtectInstallationGuide.

Application Security, Inc. 9

Introduction

10

Sensorssendalertswhentheydetectaviolationofrulesandamonitoredeventoccurs.TwotypesofSensorsareavailable:HostBasedSensorsandNetworkBasedSensors.

Host-Based Sensors

Thetablebelowlistsallsupportedhostbaseddatabase/OScombinations.

DB OS

SQLSERVER WINDOWSDB2 LINUX

SOLARISAIXWINDOWS

ORACLE LINUXSOLARISAIXHPUXWINDOWS

SYBASE SOLARISAIX

Application Security, Inc.

Network-Based Sensors

NetworkbasedSensorsallowyoutomonitorWindowsbasedSybase,Oracle,andDB2onthenetwork.Thetablebelowlistssupporteddatabase/OScombinations,andlinksyoutotheinstallationsteps.

Logging In to the DbProtect Console

SomeolderversionsofGoogleDesktop(5.1andearlier)maycauseproblemswhenloadingtheDbProtectConsoleappletinInternetExplorer.YoushouldturnoffGoogleDesktop,orreinstallanewerversion(5.2orhigher).

Logging In to the Console

TouseabrowsertoconnecttotheDbProtectConsole:

1. Enterhttps://ConsoleServer:Port intheAddressline,where:

ConsoleServeristhehostnameorIPAddressoftheConsoleserver

DB OS

DB2 WINDOWSSYBASEORACLE

Note: YoumusthavetheJavaRuntimeEnvironment(JRE)SE6Update11installed