Trustwave DbProtect Installation Guide

1 Trustwave DbProtectInstallation GuideVersion DbProtect Installation Guide - January 6, 2017 Legal NoticeCopyright 2017 Trustwave Holdings, Inc. All rights NoticeCopyright 2017 Trustwave Holdings, rights reserved. This document is protected by copyright and any distribution, reproduction, copying, or decompilation is strictly prohibited without the prior written consent of Trustwave . No part of this document may be reproduced in any form or by any means without the prior written authorization of Trustwave . While every precaution has been taken in the preparation of this document, Trustwave assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without the authors have used their best efforts in preparing this document, they make no representation or warranties with respect to the accuracy or completeness of the contents of this document and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose.

2 No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the author nor Trustwave shall be liable for any loss of profit or any commercial damages, including but not limited to direct, indirect, special, incidental, consequential, or other damages. The most current version of this document may be obtained and the Trustwave logo are trademarks of Trustwave . Such trademarks shall not be used, copied, or disseminated in any manner without the prior written permission of DbProtect Installation Guide - January 6, 2017 Revision HistoryCopyright 2017 Trustwave Holdings, Inc. All rights HistoryFormatting ConventionsThis manual uses the following formatting conventions to denote specific information. 2015 Updated version of DbProtect Installation 2016 Updated for DbProtect (Scan Engine ) 2016 Updated for DbProtect (Maintenance Release) 2017 Updated for DbProtect (Scan Engine )Format and SymbolsMeaningBlue UnderlineA blue underline indicates a Web site or email text denotes UI control and names such as commands, menu items, tab and field names, button and check box names, window and dialog box names, and areas of windows or dialog in this format indicates computer code or information at a command are used to denote the name of a published work, the current document, or another document; for text emphasis; or to introduce a new term.

3 In code examples italics indicate a placeholder for values and expressions.[Square brackets]In code examples, square brackets indicate optional sections or entries. Note: This symbol indicates information that applies to the task at : This symbol denotes a suggestion for a better or more productive way to use the : This symbol highlights a warning against using the product in an unintended DbProtect Installation Guide - January 6, 2017 Copyright 2017 Trustwave Holdings, Inc. All rights of ContentsLegal Notice.. iiRevision History.. iiiFormatting Conventions .. iii1 Introduction Intended Audience .. DbProtect Components.. Console .. Scan Engines .. Sensors .. Host-Based Sensors .. 92 Planning Your DbProtect Installation DbProtect Installation Checklist .. Networking, Port, and Firewall Considerations .. Networking Considerations .. Port Considerations.. Firewall Considerations.. Data Repository .. Data Repository Options.

4 Scan Engine Compatibility .. Determining the Version of Components .. 133 Minimum System Requirements DbProtect Suite System Requirements.. Scan Engine System Requirements .. Typical Deployment: Recommended System Requirements .. Typical System Specifications.. Target Platforms .. Example Architecture 1 .. Requirements for the Console Server .. Recommended Requirements for the MSSQL Server .. Example Architecture 2 .. Recommended Requirements for the Console Server.. 194 Licensing Licenses are now Centrally Stored .. 21 Trustwave DbProtect Installation Guide - January 6, 2017 Copyright 2017 Trustwave Holdings, Inc. All rights Working Product after License Overage .. Recover Licenses when Asset is no Longer Needed .. Review License Usage .. Compliance Packs .. 225 Installing the DbProtect Components Installing DbProtect Suite .. Enterprise Services Host Setup .. Database Component Setup.. Installing the SHATTER Knowledgebase.

5 Data Warehouse Setup.. DbProtect Analytics Setup .. Installing Scan Engines.. DbProtect Scan Engine Setup .. Installing Sensors .. Creating Your Own Microsoft SQL Server AppDetective Database .. 416 Your Initial DbProtect Login Prerequisite .. Important Considerations for Using DbProtect With Google Desktop .. Important Considerations for Using DbProtect With Internet Explorer .. Logging in to the Console .. Logging Into the DbProtect Console Using SSO .. 447 Uninstalling the DbProtect Components Before You Uninstall the DbProtect Suite Components .. Uninstalling the DbProtect Suite Components from the Start Menu .. Uninstalling and Unregistering a Sensor.. Uninstalling a Sensor (on Windows) .. Uninstalling and Unregistering a Scan Engine .. a Scan Engine .. a Scan Engine .. 478 Installation Troubleshooting How do I contact Customer Support? .. I uninstalled DbProtect without unregistering my Sensors. How can I re-register my Sensors with-out reinstalling them?

6 Are there firewall issues I should consider? .. Do I require domain administrator rights after I install a Sensor on a cluster? .. The following message appears: Error Occurred. The DbProtect database is not available at the moment. Please retry your request later. What should I do?.. 48 Trustwave DbProtect Installation Guide - January 6, 2017 Copyright 2017 Trustwave Holdings, Inc. All rights Why am I displaying a blank page on the DbProtect Console UI? .. I am having trouble establishing a connection between the Console and my Sensor on Microsoft Windows 2008.. 49 Appendix A: Network Ports Used by DbProtect .. 50 Appendix B: Modifying the LogOn As User for DbProtect Services .. What is the Log On As User?.. Modifying the Windows Authentication LocalSystem Account .. 51 Appendix C: DbProtect Log Files .. DbProtect Log Files .. DbProtect Installation and Upgrade Log Files .. Replay Log Files.. Sensor Installation and Upgrade Log File.

7 Scan Engine Log Files .. Scan Engine Installation and Update Log Files .. Scan Engine Application Log Files .. 53 Appendix D: Required Client Drivers for Audits (Scan Engine Host Only) .. 55 Appendix E: Required Audit Privileges.. 57 Appendix F: Auditing SQL Server (Using Windows Authentication) Against a Machine on a Different or Un-trusted Domain .. 59 Trustwave DbProtect Installation Guide - January 6, 2017 IntroductionCopyright 2017 Trustwave Holdings, Inc. All rights IntroductionDbProtect is a data security platform that uncovers database configuration mistakes, identification and access control issues, missing patches, or any toxic combination of settings that could lead to escalation of privileges attacks, data leakage, denial-of-service (DoS), or unauthorized modification of data held within data stores (relational databases and Big Data). Through its multi-user/role-based access, distributed architecture, and enterprise-level analytics, DbProtect enables organizations to secure all of their relational databases and Big Data stores throughout their environment, on premise or in the Intended AudienceThis Guide is intended for persons using DbProtect on a day-to-day basis.

8 Typically, users responsible for installing DbProtect have the following (sometimes overlapping) job roles. System Administrators Network Administrators Database DbProtect ComponentsThe following diagram illustrates how DbProtect components interact and shows which standard listening ports must be open for DbProtect to DbProtect Installation Guide - January 6, 2017 IntroductionCopyright 2017 Trustwave Holdings, Inc. All rights ConsoleThe Console is the web browser-based, graphical component of DbProtect that allows you to navigate to the various features of DbProtect Suite installer consists of the following components. DbProtect Setup: support files that enable DbProtect upgrades and removal. DbProtect Enterprise Services Host: an application server that manages remote connections to the system and various services that perform DbProtect functions. DbProtect Console Management Server: the browser-based graphical interface. DbProtect Enterprise Services: services that implement support for various features visible in the GUI.

9 DbProtect Naming and Directory Service: a service locator directory. DbProtect Message Collector: a service that collects and stores alerts from sensors. DbProtect Analytics: a service that performs reporting functions. DbProtect Analytics Content: a collection of reports and dashboards. DbProtect VA Policy Editor: vulnerability assessment policy editing module. DbProtect Documentation and Content: includes this Guide and other reference documentation. DbProtect Scan Engine Proxy: a load-balancing service for Scan Scan EnginesScan Engines are network-based services that discover database applications within your infrastructure and assess their security strength by running penetration tests, audits and user rights Scan Engine consists of the following components. DbProtect Scan Engine Host: an application server that manages various services that connect to target databases. DbProtect Scan Engine: a service that performs database discovery and vulnerability assessment functions.

10 DbProtect Rights Management Service: a service that performs user rights reviews. SensorsSensors monitor your database for various events, such as intrusion attempts or auditing of normal usage. Sensors send alerts when they detect a violation of rules, and a monitored event occurs. Two types of Sensors are available: host-based Sensors and network-based Sensors. Trustwave DbProtect Installation Guide - January 6, 2017 IntroductionCopyright 2017 Trustwave Holdings, Inc. All rights Host-Based SensorsThe table below lists all supported host-based database/OS combinations. The Sensor Readme file contains details on the supported versions of each of the the Sensor Readme file for information on network-based Sensors and supported database/OS combinations. Table 1: Host Based SensorsDBOSM icrosoft SQL ServerWindowsIBM DB2 LUW (Linux, Unix, Windows)LinuxSolarisAIX WindowsIBM DB2 z/OSLinuxOracleLinuxSolarisAIXHP-UXWindo wsSAP (Sybase) ASES olarisAIXT rustwave DbProtect Installation Guide - January 6, 2017 Planning Your DbProtect InstallationCopyright 2017 Trustwave Holdings, Inc.