STIGQter STIGQter: STIG Summary: DBN-6300 IDPS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 12 Sep 2017: The DBN-6300 must continuously monitor inbound communications traffic between the application tier and the database tier for unusual/unauthorized activities or conditions at the SQL level.

DISA Rule

SV-79511r1_rule

Vulnerability Number

V-65021

Group Title

SRG-NET-000390-IDPS-00212

Rule Version

DBNW-IP-000050

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the DBN-6300 with syslog output to the SIEM.

Navigate to the "Admin" tab.

Click on "External Service Settings" button.

Enter the centralized event management system IP address and port number.

Click on the "Commit" button to start the process.

Configure a database for SQL injection protection for continuous protection.

Enable the SQL injection detection capabilities on the applicable interface for the database to be protected.

Navigate to Admin >> Capture >> Capture Sources.

Select the interface connected the network that contains the database traffic.

Click on the "Enable" button and ensure the Link up indicator turns green.

Check Contents

View the organization's documentation to determine which databases are required to be protected.

Ask the site representative if the device is used continuously or if periodic monitoring is performed.

Navigate to Learning >> Time Regions and view the table of detected databases.

For each database requiring protection, view the "State". Unprotected databases show a red shield. Protected databases show a green shield.

If continuous monitoring is not performed by the organization, this is a finding.

Vulnerability Number

V-65021

Documentable

False

Rule Version

DBNW-IP-000050

Severity Override Guidance

View the organization's documentation to determine which databases are required to be protected.

Ask the site representative if the device is used continuously or if periodic monitoring is performed.

Navigate to Learning >> Time Regions and view the table of detected databases.

For each database requiring protection, view the "State". Unprotected databases show a red shield. Protected databases show a green shield.

If continuous monitoring is not performed by the organization, this is a finding.

Check Content Reference

M

Target Key

2949

Comments