DbProtect User's Guide - AppSecInc is now Trustwave

1 DbProtect user Guide Last Modified December 8, 2010. Application Security, Inc. 1-866-9 APPSEC. Contents Introduction 5. About DbProtect : The Enterprise Solution for Database Security 5. Subjects Discussed in This Guide 6. Intended Audience 6. Logging In to the DbProtect Console 11. Troubleshooting Your DbProtect Console Login 17. Logging In to DbProtect After Session Timeout 21. Global Navigation in DbProtect 21. DbProtect Administration: Content/Compliance Packs, Data Sources, and System Infor- mation 23. DbProtect Organizations, Users, and user Roles 25. Customer Support 57. Asset Management 59. Understanding Asset Management 59. Asset Search 60. Vulnerability Management 81. Understanding the DbProtect Vulnerability Management Portal user Interface (UI) 81.

2 DbProtect Vulnerability Management UI Components 84. Vulnerability Management user Roles 88. Working with Jobs 89. Discovery Jobs 93. Penetration Test Jobs 98. Audit Jobs 104. Pen Test and Audit Reports 120. Report Jobs 122. Working with the Dashboard 154. Working with Scan Engines 161. Working with Policies 180. Working with Credential Profiles and user Credential Files 202. Working with Fix Scripts 235. Rights Management 257. Why Assess Database user Rights? 257. Understanding The Rights Management user Interface 266. Audit and Threat Management 275. Understanding the DbProtect Audit and Threat Management user Interface 275. Audit and Threat Management user Roles 295. Sensors 295.

3 Alerts 402. Policies 414. Dashboard 437. Filters 441. Reports 494. System Settings: Email Forwarding Rules, Forwarding Settings, Email Server Settings 522. DbProtect Analytics 549. Understanding DbProtect Analytics 549. DbProtect Analytics Dashboards 552. DbProtect Analytics Reports 563. DbProtect Analytics Troubleshooting 578. Key Issues 581. Compliance Packs 595. Understanding Compliance Packs 595. Interpreting Your Generated Compliance Pack Dashboards, and Displaying/Interpreting Your Generated Compliance Pack Reports 604. Data Sources 609. Understanding Data Sources 609. Working with Oracle Audit Vault as a DbProtect Data Source 610. Appendices 619. Appendix B: Monitoring Oracle Databases in an Oracle Fail Safe Environment: Sensor and Cluster Configuration Steps 632.

4 Appendix C: Installing and Configuring a Host-Based Sensor for Oracle to Monitor Oracle Databases on an Oracle RAC 637. Appendix D: Oracle Critical Patch Update Detection 639. Appendix E: Importing Session Data with the DbProtect Import Utility 644. Appendix F: Using the Configuration Manager Tool 665. Appendix G: Moving or Changing Your DbProtect Back-End Database 668. Appendix H: Required Audit Privileges 673. Appendix I: Fix Scripts (Detail) 733. Appendix J: Backing Up, Restoring, Archiving, and Purging Alerts 784. Appendix K: Open Ports (on Computers Running Microsoft SQL Server) Required to Run Discoveries, Pen Tests, and Audits 791. Appendix L: Troubleshooting Guide 792. Chapter 1 Introduction About DbProtect : The Enterprise Solution for Database Security DbProtect is a database security, risk and compliance application designed to meet the needs of companies with large heterogeneous database environments.

5 DbPro . tects's IT risk management framework, security controls, continuous controls moni . toring, and governance for databases make it the leading solution on the market today. DbProtect is a centrally managed enterprise solution that uses a proven methodology for information assurance. It is built on the industry's leading and most comprehen . sive database security knowledgebase called SHATTER which accurately identi . fies vulnerabilities, risks, and actual threats. DbProtect accomplishes the following to secure enterprise data: DISCOVERY Identifies and locatates all data . bases on a given system CLASSIFICATION Identifies risks to business and development policies ASSESSMENT Analyzes database structures for security risks, and determines what privi.

6 Leges have been assigned to users PRIORITIZATION Creates a plan to mitigate risks FIX Executes the plan and fixes the violations Introduction MONITORING Applies compensating controls where a fix cannot be applied The DbProtect platform protects enterprise organizations around the world from internal and external threats, while also ensuring that those organizations meet or exceed regulatory compliance requirements. At its core, DbProtect is built on tools devleoped from the SHATTER Knowledgebase, including: Asset Manage . ment; Policy Management; Vulnerability Management; Rights Management; Con . figuration & Patch Management; Audit & Threat Management; and Analytics & Reporting.

7 Subjects Discussed in This Guide This Guide consists of the following high level topics: Asset Management Vulnerability Management Rights Management Audit and Threat Management DbProtect Analytics Compliance Packs Data Sources Intended Audience This Guide is intended for persons responsible for day to day usage of DbProtect . Typically, those responsible for installing DbProtect have the following (some . times overlapping) job roles: System Administrators Network Administrators Database Administrators System Administrators System Administrators maintain and operate a computer system and/or network. Their duties vary from one organization to another. System administrators are 6 Application Security, Inc.

8 Usually charged with installing, supporting, and maintaining servers or other com . puter systems, and planning for and responding to service outages and other prob . lems. Other duties may include scripting or light programming, project management for systems related projects, supervising or training computer operators, and han . dling computer problems beyond the knowledge of technical support staff. Network Administrators Network Administrators are responsible for the maintenance of the computer hard . ware and software that comprises a network. This normally includes the deployment, configuration, maintenance and monitoring of active network equipment. Network administration commonly includes activities and tasks such as network address assignment, assignment of routing protocols and routing table configuration, as well as configuration of authentication and authorization directory services.

9 A network administrator's duties often also include maintenance of network facilities in individ . ual machines, such as drivers and settings of personal computers, as well as printers and so on. Network administrators are also responsible for the security of the net . work and for assigning IP addresses to the devices connected to the networks. Database Administrators Database Administrators (DBAs) are responsible for the environmental aspects of a database. In general, these include: Recoverability creating and testing backups Integrity verifying or helping to verify data integrity Security defining and/or implementing access controls to the data Availability ensuring maximum uptime Performance ensuring maximum performance Development and testing support helping programmers and engineers to efficiently utilize the database The role of a DBA has changed according to the technology of database management systems (DBMSs), as well as the needs of the database owners.

10 Application Security, Inc. 7. Introduction DbProtect Components The following diagram illustrates how DbProtect components interact and shows which standard listening ports must be open in order for DbProtect to work. Console The Console is the web browser based, graphical component of DbProtect that allows you to navigate to the various features of DbProtect . For information on minimum system requirements and installation instructions for the Console, see the DbProtect Installation Guide . 8 Application Security, Inc. Scan Engines DbProtect 's network based, vulnerability management scan engines discover data . base applications within your infrastructure and assesses their security strength.