Security Resources

Software Updates

Database Security Knowledgebase Update 5.29

New Vulnerability and Configuration Check Highlights

IBM DB2 LUW

• Access to external executables must be disabled or restricted

o Verify that the DB2 external routines have been disabled or restricted.

o Risk: Medium

• Must automatically terminate a user session after conditions or trigger events requiring session disconnect

o Verify that there are organization-defined conditions or trigger events requiring session disconnect.

o Risk: Medium

• Must prohibit user installation of logic modules without explicit privileged status

o Verify that only certain users are permitted the installation of logic modules.

o Risk: Medium

• Produce audit records of its enforcement of access restrictions associated with changes to the configuration

o Ensure that, at a minimum, there are audit policies defined for the CONTEXT, and SYSADMIN categories.

o Risk: Medium

• Supporting applications that require security labeling of data

o Verify that security labels are in place according to organization defined protocols.

o Risk: Medium

• The OS must limit privileges to change the DB2 software resident within software libraries

o Verify that the DB2 installation directory is only writable by the sysadmin and root users.

o Risk: Medium

• Unused database components, software, and database objects must be removed

o Verify that all installed DB2 components fall in line with organizational operations.

o Risk: Medium

Oracle

• I/O Rate Limits for pDBs

o Verify that MAX_IOpS and MAX_MBpS parameters for each pDB are configured to have a limit.

o Risk: Low

Updated Checks

IBM Db2 LUW

• Fix pack not installed on time

o Support 11.1 Mod 3 Fix pack 3 iFix001

o Risk: High

• Latest Fix pack not installed

o Support 11.1 Mod 3 Fix pack 3 iFix001

o Risk: High

Microsoft SQL Server

• Permissions granted to PUBLIC

o Removed incorrect mappings to CIS control 3.8.

o Risk: Medium

Sybase ASE

Updated Checks - Sybase ASE

• Latest patch not applied

o Check for Sybase ASE 15.7 SP140 and 16.0 SP03 PL04

o Risk: High

• Patch not applied on time

o Check for Sybase ASE 15.7 SP140 and 16.0 SP03 PL04

o Risk: High

New policies

• CIS v2.0 for IBM DB2 LUW - Audit (Built-In)

o This policy has been created with guidance of the security configuration benchmarks for IBM DB2 versions 9.7 & 9.8 by the Center for Internet Security.

Updated policies

• DISA-STIG IBM Db2 v10.5 V1R2 - Audit (Built-in)

o New Checks

• IBM DB2: Access to external executables must be disabled or restricted: Medium

• IBM DB2: Must automatically terminate a user session after conditions or trigger events requiring session disconnect: Medium

• IBM DB2: Must prohibit user installation of logic modules without explicit privileged status: Medium

• IBM DB2: produce audit records of its enforcement of access restrictions associated with changes to the configuration: Medium

• IBM DB2: Supporting applications that require security labeling of data: Medium

• IBM DB2: The OS must limit privileges to change the DB2 software resident within software libraries: Medium

• IBM DB2: Unused database components, software, and database objects must be removed: Medium

• Strict - Audit (Built-in)

o New Checks

• Oracle: I/O Rate Limits for PDBs: Low

User Creation Scripts

• Added MongoDB URR user creation script.

Availability

• Available to all AppDetectivepRO and Dbprotect customers with maintenance (subscription or perpetual) in good standing at no additional cost.

• Download SHATTER Knowledgebase from the Trustwave Support portal. ( https://www.trustwave.com/Company/Support and select AppDetectivepRO or Dbprotect)

• AppDetectivepRO customers can use the Updater within the product as well