STIGQter STIGQter: STIG Summary: DBN-6300 IDPS Security Technical Implementation Guide

Version: 1

Release: 1 Benchmark Date: 12 Sep 2017

CheckedNameTitle
SV-79467r1_ruleTo help detect unauthorized data mining, the DBN-6300 must detect code injection attacks launched against data storage objects, including, at a minimum, databases, database records, queries, and fields.
SV-79489r1_ruleIn the event of a logging failure, caused by loss of communications with the central logging server, the DBN-6300 must queue audit records locally until communication is restored or until the audit records are retrieved manually or using automated synchronization tools.
SV-79491r1_ruleIn the event of a logging failure caused by the lack of log record storage capacity, the DBN-6300 must continue generating and storing audit records if possible, overwriting the oldest audit records in a first-in-first-out manner.
SV-79493r1_ruleThe DBN-6300 must generate log events for detection events based on anomaly analysis.
SV-79495r1_ruleThe DBN-6300 must install system updates when new releases are available in accordance with organizational configuration management policy and procedures.
SV-79497r1_ruleTo protect against unauthorized data mining, the DBN-6300 must monitor for and detect SQL injection attacks launched against data storage objects, including, at a minimum, databases, database records, and database fields.
SV-79499r1_ruleTo protect against unauthorized data mining, the DBN-6300 must detect SQL code injection attacks launched against data storage objects, including, at a minimum, databases, database records, queries, and fields.
SV-79501r1_ruleTo protect against unauthorized data mining, the DBN-6300 must detect code injection attacks launched against application objects including, at a minimum, application URLs and application code/input fields.
SV-79503r1_ruleTo protect against unauthorized data mining, the DBN-6300 must detect SQL injection attacks launched against data storage objects, including, at a minimum, databases, database records, and database fields.
SV-79505r1_ruleThe DBN-6300 must support centralized management and configuration of the content captured in audit records generated by all DBN-6300 components.
SV-79507r1_ruleThe DBN-6300 must off-load log records to a centralized log server.
SV-79509r1_ruleThe DBN-6300 must integrate with a network-wide monitoring capability.
SV-79511r1_ruleThe DBN-6300 must continuously monitor inbound communications traffic between the application tier and the database tier for unusual/unauthorized activities or conditions at the SQL level.
SV-79513r1_ruleThe DBN-6300 must off-load log records to a centralized log server in real time.
SV-79515r1_ruleWhen implemented for protection of the database tier, the DBN-6300 must be logically connected for maximum database traffic visibility.
SV-79549r1_ruleWhen implemented for discovery protection against unidentified or rogue databases, the DBN-6300 must provide a catalog of all visible databases and database services.