Security Resources

Software Updates

Database Security Knowledgebase Update 5.27

New Vulnerability and Configuration Check Highlights

IBM DB2 LUW

• Generate audit events for all privileged activities or other system-level access

o Ensure that, at a minimum, there are audit policies defined for the AUDIT, CONTEXT, SECMAINT, SYSADMIN, and OBJMAINT categories.

o Risk: Medium

• Generate audit records for all direct access to the databases

o Ensure that, at a minimum, there are audit policies defined for the CONTEXT, and VALIDATE categories.

o Risk: Medium

• Generate audit records showing starting and ending time for user access to the databases

o Ensure that, at a minimum, there are audit policies defined for the CONTEXT category.

o Risk: Medium

• Generate audit records when concurrent connections by the same user from different workstations occur

o Ensure that, at a minimum, there are audit policies defined for the CONTEXT, and VALIDATE categories.

o Risk: Medium

• Generate audit records when privileges/permissions are added

o Ensure that, at a minimum, there are audit policies defined for the CONTEXT, and SECMAINT categories.

o Risk: Medium

• Generate audit records when security objects are deleted

o Ensure that, at a minimum, there are audit policies defined for the CONTEXT, SECMAINT, and OBJMAINT categories.

o Risk: Medium

• Generate audit records when security objects are modified

o Ensure that, at a minimum, there are audit policies defined for the OBJMAINT, and SECMAINT categories.

o Risk: Medium

• Generate audit records when security objects are modified unsuccessful

o Ensure that, at a minimum, there are audit policies defined for the SECMAINT, and OBJMAINT categories.

o Risk: Medium

• Generate audit records when successful accesses to objects occur

o Ensure that, at a minimum, there are audit policies defined for the CONTEXT, and EXECUTE categories.

o Risk: Medium

• Generate audit records when successful logons or connections occur

o Ensure that, at a minimum, there are audit policies defined for the CONTEXT, and VALIDATE categories.

o Risk: Medium

• Generate audit records when unsuccessful attempts to access categorized information

o Ensure that, at a minimum, there are audit policies defined for the CONTEXT, and SECMAINT categories.

o Risk: Medium

• Generate audit records when unsuccessful attempts to delete categorized information occur

o Ensure that, at a minimum, there are audit policies defined for the CONTEXT, and EXECUTE categories.

o Risk: Medium

• Generate audit records when unsuccessful attempts to execute privileged activities or other system-level access occur

o Ensure that, at a minimum, there are audit policies defined for the AUDIT, CONTEXT, SECMAINT, SYSADMIN, and OBJMAINT categories.

o Risk: Medium

Oracle

• Critical Patch Update/Patch Set Update - April 2018

o Check version to determine if the database contains vulnerabilities described by Critical Patch Update/Patch Set Update - April 2018.

o Risk: High

• Pluggable Database Operating System Credentials

o Verify that the PDB_OS_CREDENTIAL parameter for each PDB is set to a unique value.

o Risk: Low

MySQL

• Critical Patch Update - April 2018

o Check version to determine if the database contains vulnerabilities described by Critical Patch Update - April 2018.

o Risk: Medium

Updated Checks

MySQL

• Latest release not installed

o Support MySQL 5.5.60, 5.6.40, 5.7.22

o Risk: High

• Release update not installed on time

o Support MySQL 5.5.60, 5.6.40, 5.7.22

o Risk: High

Updated Policies

• Base Line - Audit (Built-in)

o New Checks

• MySQL: Critical Patch Update - April 2018: Medium

• Oracle: Critical Patch Update/Patch Set Update - April 2018: High

• Basel II - Audit (Built-in)

o New Checks

• MySQL: Critical Patch Update - April 2018: Medium

• Oracle: Critical Patch Update/Patch Set Update - April 2018: High

• Basel II - Pen Test (Built-in)

o New Checks

• MySQL: Critical Patch Update - April 2018: Medium

• Oracle: Critical Patch Update/Patch Set Update - April 2018: High

• Best Practices for Federal Gov. - Audit (Built-in)

o New Checks

• MySQL: Critical Patch Update - April 2018: Medium

• Oracle: Critical Patch Update/Patch Set Update - April 2018: High

• CIS v1.0.0 for MySQL 5.7 - Audit (Built-in)

o New Checks

• MySQL: Critical Patch Update - April 2018: Medium

• CIS v1.0.0 for Oracle 11gR1&R2 - Audit (Built-in)

o New Checks

• Oracle: Critical Patch Update/Patch Set Update - April 2018: High

• CIS v1.0.2 for MySQL 5 - Audit (Built-in)

o New Checks

• MySQL: Critical Patch Update - April 2018: Medium

• CIS v2.0 for Oracle 12c - Audit (Built-In)

o New Checks

• Oracle: Critical Patch Update/Patch Set Update - April 2018: High

• CIS v2.2.0 for Oracle 11gR2 - Audit (Built-In)

o New Checks

• Oracle: Critical Patch Update/Patch Set Update - April 2018: High

• CNIL - Audit (Built-in)

o New Checks

• MySQL: Critical Patch Update - April 2018: Medium

• Oracle: Critical Patch Update/Patch Set Update - April 2018: High

• DISA-STIG Database Security - Audit (Built-in)

o New Checks

• MySQL: Critical Patch Update - April 2018: Medium

• Oracle: Critical Patch Update/Patch Set Update - April 2018: High

• DISA-STIG Oracle 11gR2 V1R12 - Audit (Built-in)

o New Checks

• Oracle: Critical Patch Update/Patch Set Update - April 2018: High

• DISA-STIG Oracle 12c V1R8 - Audit (Built-in)

o New Checks

• Oracle: Critical Patch Update/Patch Set Update - April 2018: High

• Download - Pen Test (Built-in)

o New Checks

• MySQL: Critical Patch Update - April 2018: Medium

• Oracle: Critical Patch Update/Patch Set Update - April 2018: High

• EU Data Protection Directive - Audit (Built-in)

o New Checks

• MySQL: Critical Patch Update - April 2018: Medium

• Oracle: Critical Patch Update/Patch Set Update - April 2018: High

• EU Data Protection Directive - Pen Test (Built-in)

o New Checks

• MySQL: Critical Patch Update - April 2018: Medium

• Oracle: Critical Patch Update/Patch Set Update - April 2018: High

• FISMA - Audit (Built-in)

o New Checks

• Microsoft SQL Server: Database not encrypted: High

• MySQL: Critical Patch Update - April 2018: Medium

• Oracle: Critical Patch Update/Patch Set Update - April 2018: High

• FISMA - Pen Test (Built-in)

o New Checks

• MySQL: Critical Patch Update - April 2018: Medium

• Oracle: Critical Patch Update/Patch Set Update - April 2018: High

• FedRAMP - Audit (Built-in)

o New Checks

• MySQL: Critical Patch Update - April 2018: Medium

• Oracle: Critical Patch Update/Patch Set Update - April 2018: High

• Full - Pen Test (Built-in)

o New Checks

• MySQL: Critical Patch Update - April 2018: Medium

• Oracle: Critical Patch Update/Patch Set Update - April 2018: High

• Gramm-Leach-Bliley Act - Audit (Built-in)

o New Checks

• MySQL: Critical Patch Update - April 2018: Medium

• Oracle: Critical Patch Update/Patch Set Update - April 2018: High

• Gramm-Leach-Bliley Act - Pen Test (Built-in)

o New Checks

• MySQL: Critical Patch Update - April 2018: Medium

• Oracle: Critical Patch Update/Patch Set Update - April 2018: High

• HIPAA - Audit (Built-in)

o New Checks

• MySQL: Critical Patch Update - April 2018: Medium

• Oracle: Critical Patch Update/Patch Set Update - April 2018: High

• HIPAA - Pen Test (Built-in)

o New Checks

• MySQL: Critical Patch Update - April 2018: Medium

• Oracle: Critical Patch Update/Patch Set Update - April 2018: High

• Heavy - Pen Test (Built-in)

o New Checks

• MySQL: Critical Patch Update - April 2018: Medium

• Oracle: Critical Patch Update/Patch Set Update - April 2018: High

• Integrity - Audit (Built-in)

o New Checks

• MySQL: Critical Patch Update - April 2018: Medium

• Oracle: Critical Patch Update/Patch Set Update - April 2018: High

• Oracle: Pluggable Database Operating System Credentials: Low

• MITS - Audit (Built-in)

o New Checks

• MySQL: Critical Patch Update - April 2018: Medium

• Oracle: Critical Patch Update/Patch Set Update - April 2018: High

• Massachusetts 201 CMR 17.00

o New Checks

• MySQL: Critical Patch Update - April 2018: Medium

• Oracle: Critical Patch Update/Patch Set Update - April 2018: High

• Medium - Pen Test (Built-in)

o New Checks

• MySQL: Critical Patch Update - April 2018: Medium

• Oracle: Critical Patch Update/Patch Set Update - April 2018: High

• MiFID - Audit (Built-in)

o New Checks

• MySQL: Critical Patch Update - April 2018: Medium

• Oracle: Critical Patch Update/Patch Set Update - April 2018: High

• MiFID - Pen Test (Built-in)

o New Checks

• MySQL: Critical Patch Update - April 2018: Medium

• Oracle: Critical Patch Update/Patch Set Update - April 2018: High

• Operating System - Audit (Built-in)

o New Checks

• Oracle: Pluggable Database Operating System Credentials: Low

• PCI Data Security Standard - Audit (Built-in)

o New Checks

• MySQL: Critical Patch Update - April 2018: Medium

• Oracle: Critical Patch Update/Patch Set Update - April 2018: High

• PCI Data Security Standard - Pen Test (Built-in)

o New Checks

• MySQL: Critical Patch Update - April 2018: Medium

• Oracle: Critical Patch Update/Patch Set Update - April 2018: High

• Safe - Pen Test (Built-in)

o New Checks

• MySQL: Critical Patch Update - April 2018: Medium

• Oracle: Critical Patch Update/Patch Set Update - April 2018: High

• Sarbanes-Oxley - Audit (Built-in)

o New Checks

• MySQL: Critical Patch Update - April 2018: Medium

• Oracle: Critical Patch Update/Patch Set Update - April 2018: High

• Sarbanes-Oxley - Pen Test (Built-in)

o New Checks

• MySQL: Critical Patch Update - April 2018: Medium

• Oracle: Critical Patch Update/Patch Set Update - April 2018: High

• Strict - Audit (Built-in)

o New Checks

• MySQL: Critical Patch Update - April 2018: Medium

• Oracle: Critical Patch Update/Patch Set Update - April 2018: High

• Oracle: Pluggable Database Operating System Credentials: Low

User Creation Scripts

• Added MongoDB user creation script (CreateSuperUserMongoDB.txt) to give ADMIN access to aduser which is required for some checks

• Updated MongoDB user creation script (CreateUserMongoDB.txt) to create a ReadOnly role for the aduser to give least privileges for most checks.

Availability

• Available to all AppDetectivePRO and DbProtect customers with maintenance (subscription or perpetual) in good standing at no additional cost.

• Download SHATTER Knowledgebase from the Trustwave Support Portal and select AppDetectivePRO or DbProtect.

• AppDetectivePRO customers can use the Updater within the product as well