DbProtect 6.2User GuideLast Modified December 8, 2010
Application Security, [email protected]
Contents
Introduction 5About DbProtect: The Enterprise Solution for Database Security 5Subjects Discussed in This Guide 6Intended Audience 6Logging In to the DbProtect Console 11Troubleshooting Your DbProtect Console Login 17Logging In to DbProtect After Session Timeout 21Global Navigation in DbProtect 21DbProtect Administration: Content/Compliance Packs, Data Sources, and System Infor-mation 23DbProtect Organizations, Users, and User Roles 25Customer Support 57
Asset Management 59Understanding Asset Management 59Asset Search 60
Vulnerability Management 81Understanding the DbProtect Vulnerability Management Portal User Interface (UI) 81DbProtect Vulnerability Management UI Components 84Vulnerability Management User Roles 88Working with Jobs 89Discovery Jobs 93Penetration Test Jobs 98Audit Jobs 104Pen Test and Audit Reports 120Report Jobs 122Working with the Dashboard 154Working with Scan Engines 161
Working with Policies 180Working with Credential Profiles and User Credential Files 202Working with Fix Scripts 235
Rights Management 257Why Assess Database User Rights? 257Understanding The Rights Management User Interface 266
Audit and Threat Management 275Understanding the DbProtect Audit and Threat Management User Interface 275Audit and Threat Management User Roles 295Sensors 295Alerts 402Policies 414Dashboard 437Filters 441Reports 494System Settings: Email Forwarding Rules, Forwarding Settings, Email Server Settings 522
DbProtect Analytics 549Understanding DbProtect Analytics 549DbProtect Analytics Dashboards 552DbProtect Analytics Reports 563DbProtect Analytics Troubleshooting 578Key Issues 581
Compliance Packs 595Understanding Compliance Packs 595Interpreting Your Generated Compliance Pack Dashboards, and Displaying/Interpreting Your Generated Compliance Pack Reports 604
Data Sources 609Understanding Data Sources 609Working with Oracle Audit Vault as a DbProtect Data Source 610
Appendices 619Appendix B: Monitoring Oracle Databases in an Oracle Fail Safe Environment: Sensor and Cluster Configuration Steps 632Appendix C: Installing and Configuring a Host-Based Sensor for Oracle to Monitor Oracle Databases on an Oracle RAC 637Appendix D: Oracle Critical Patch Update Detection 639Appendix E: Importing Session Data with the DbProtect Import Utility 644Appendix F: Using the Configuration Manager Tool 665Appendix G: Moving or Changing Your DbProtect Back-End Database 668Appendix H: Required Audit Privileges 673Appendix I: Fix Scripts (Detail) 733Appendix J: Backing Up, Restoring, Archiving, and Purging Alerts 784Appendix K: Open Ports (on Computers Running Microsoft SQL Server) Required to Run Discoveries, Pen Tests, and Audits 791Appendix L: Troubleshooting Guide 792
Chapter 1 Introduction
About DbProtect: The Enterprise Solution for Database Security
DbProtectisadatabasesecurity,riskandcomplianceapplicationdesignedtomeettheneedsofcompanieswithlargeheterogeneousdatabaseenvironments.DbProtectssITriskmanagementframework,securitycontrols,continuouscontrolsmonitoring,andgovernancefordatabasesmakeittheleadingsolutiononthemarkettoday.
DbProtectisacentrallymanagedenterprisesolutionthatusesaprovenmethodologyforinformationassurance.ItisbuiltontheindustrysleadingandmostcomprehensivedatabasesecurityknowledgebasecalledSHATTERwhichaccuratelyidentifiesvulnerabilities,risks,andactualthreats.
DbProtectaccomplishesthefollowingtosecureenterprisedata:
DISCOVERYIdentifiesandlocatatesalldatabasesonagivensystem
CLASSIFICATIONIdentifiesriskstobusinessanddevelopmentpolicies
ASSESSMENTAnalyzesdatabasestructuresforsecurityrisks,anddetermineswhatprivilegeshavebeenassignedtousers
PRIORITIZATIONCreatesaplantomitigaterisks
FIXExecutestheplanandfixestheviolations
Introduction
6
MONITORINGAppliescompensatingcontrolswhereafixcannotbeapplied
TheDbProtectplatformprotectsenterpriseorganizationsaroundtheworldfrominternalandexternalthreats,whilealsoensuringthatthoseorganizationsmeetorexceedregulatorycompliancerequirements.Atitscore,DbProtectisbuiltontoolsdevleopedfromtheSHATTERKnowledgebase,including:AssetManagement;PolicyManagement;VulnerabilityManagement;RightsManagement;Configuration&PatchManagement;Audit&ThreatManagement;andAnalytics&Reporting.
Subjects Discussed in This Guide
Thisguideconsistsofthefollowinghighleveltopics:
AssetManagementVulnerabilityManagementRightsManagementAuditandThreatManagementDbProtectAnalyticsCompliancePacksDataSources
Intended Audience
ThisguideisintendedforpersonsresponsiblefordaytodayusageofDbProtect.Typically,thoseresponsibleforinstallingDbProtecthavethefollowing(sometimesoverlapping)jobroles:
SystemAdministratorsNetworkAdministratorsDatabaseAdministrators
System Administrators
SystemAdministratorsmaintainandoperateacomputersystemand/ornetwork.Theirdutiesvaryfromoneorganizationtoanother.Systemadministratorsare
Application Security, Inc.
usuallychargedwithinstalling,supporting,andmaintainingserversorothercomputersystems,andplanningforandrespondingtoserviceoutagesandotherproblems.Otherdutiesmayincludescriptingorlightprogramming,projectmanagementforsystemsrelatedprojects,supervisingortrainingcomputeroperators,andhandlingcomputerproblemsbeyondtheknowledgeoftechnicalsupportstaff.
Network Administrators
NetworkAdministratorsareresponsibleforthemaintenanceofthecomputerhardwareandsoftwarethatcomprisesanetwork.Thisnormallyincludesthedeployment,configuration,maintenanceandmonitoringofactivenetworkequipment.Networkadministrationcommonlyincludesactivitiesandtaskssuchasnetworkaddressassignment,assignmentofroutingprotocolsandroutingtableconfiguration,aswellasconfigurationofauthenticationandauthorizationdirectoryservices.Anetworkadministratorsdutiesoftenalsoincludemaintenanceofnetworkfacilitiesinindividualmachines,suchasdriversandsettingsofpersonalcomputers,aswellasprintersandsoon.NetworkadministratorsarealsoresponsibleforthesecurityofthenetworkandforassigningIPaddressestothedevicesconnectedtothenetworks.
Database Administrators
DatabaseAdministrators(DBAs)areresponsiblefortheenvironmentalaspectsofadatabase.Ingeneral,theseinclude:
Recoverabilitycreatingandtestingbackups Integrityverifyingorhelpingtoverifydataintegrity Securitydefiningand/orimplementingaccesscontrolstothedata Availabilityensuringmaximumuptime Performanceensuringmaximumperformance Developmentandtestingsupporthelpingprogrammersandengineerstoefficientlyutilizethedatabase
TheroleofaDBAhaschangedaccordingtothetechnologyofdatabasemanagementsystems(DBMSs),aswellastheneedsofthedatabaseowners.
Application Security, Inc. 7
Introduction
8
DbProtect Components
ThefollowingdiagramillustrateshowDbProtectcomponentsinteractandshowswhichstandardlisteningportsmustbeopeninorderforDbProtecttowork.
Console
TheConsoleisthewebbrowserbased,graphicalcomponentofDbProtectthatallowsyoutonavigatetothevariousfeaturesofDbProtect.
ForinformationonminimumsystemrequirementsandinstallationinstructionsfortheConsole,seetheDbProtectInstallationGuide.
Application Security, Inc.
Scan Engines
DbProtectsnetworkbased,vulnerabilitymanagementscanenginesdiscoverdatabaseapplicationswithinyourinfrastructureandassessestheirsecuritystrength.Backedbyaprovensecuritymethodologyandextensiveknowledgeofapplicationlevelvulnerabilities,DbProtectlocates,examines,reports,andfixessecurityholesandmisconfigurations.Scanenginesscanyourdatabasesforvulnerabilities,andallowyoutoperformpenetration(pen)testsandauditsagainstthem.
Targetdatabases(onWindows)include:
Oracle OracleApplicationServer SQLServer LotusNotes/Domino Sybase DB2 DB2ontheMainframe MySQL
Sensors
Sensorsdeliverdatabasespecificprotectionandalertingforbestinclassprotectionofenterpriseorganizations.YoucanfinetuneyoureventdetectionparametersandcustomizewhichauditandsecurityeventsaremonitoredbyDbProtect.Thishelpsyoufocussecurityeffortsonrelevantinformation,whilebypassingfalsepositivesandirrelevantevents.DbProtectsASAPUpdatesensurethatprotectionremainsuptodateasnewvulnerabilitiesareidentifiedandpatchesarereleased.Comprehensivepoliciesandrulesdefinitions,informedbyindustrybestpractices,enablesecurityauditinganddocumentationspecificforenterpriseenvironments.
ForinformationonminimumsystemrequirementsandinstallationinstructionsforSensors,seetheDbProtectInstallationGuide.
Application Security, Inc. 9
Introduction
10
Sensorssendalertswhentheydetectaviolationofrulesandamonitoredeventoccurs.TwotypesofSensorsareavailable:HostBasedSensorsandNetworkBasedSensors.
Host-Based Sensors
Thetablebelowlistsallsupportedhostbaseddatabase/OScombinations.
DB OS
SQLSERVER WINDOWSDB2 LINUX
SOLARISAIXWINDOWS
ORACLE LINUXSOLARISAIXHPUXWINDOWS
SYBASE SOLARISAIX
Application Security, Inc.
Network-Based Sensors
NetworkbasedSensorsallowyoutomonitorWindowsbasedSybase,Oracle,andDB2onthenetwork.Thetablebelowlistssupporteddatabase/OScombinations,andlinksyoutotheinstallationsteps.
Logging In to the DbProtect Console
SomeolderversionsofGoogleDesktop(5.1andearlier)maycauseproblemswhenloadingtheDbProtectConsoleappletinInternetExplorer.YoushouldturnoffGoogleDesktop,orreinstallanewerversion(5.2orhigher).
Logging In to the Console
TouseabrowsertoconnecttotheDbProtectConsole:
1. Enterhttps://ConsoleServer:Port intheAddressline,where:
ConsoleServeristhehostnameorIPAddressoftheConsoleserver
DB OS
DB2 WINDOWSSYBASEORACLE
Note: YoumusthavetheJavaRuntimeEnvironment(JRE)SE6Update11installed