New Vulnerability and Configuration Check Highlights
IBM DB2 LUW
• Access to external executables must be disabled or restricted
o Verify that the DB2 external routines have been disabled or restricted.
o Risk: Medium
• Must automatically terminate a user session after conditions or trigger events requiring session disconnect
o Verify that there are organization-defined conditions or trigger events requiring session disconnect.
o Risk: Medium
• Must prohibit user installation of logic modules without explicit privileged status
o Verify that only certain users are permitted the installation of logic modules.
o Risk: Medium
• Produce audit records of its enforcement of access restrictions associated with changes to the configuration
o Ensure that, at a minimum, there are audit policies defined for the CONTEXT, and SYSADMIN categories.
o Risk: Medium
• Supporting applications that require security labeling of data
o Verify that security labels are in place according to organization defined protocols.
o Risk: Medium
• The OS must limit privileges to change the DB2 software resident within software libraries
o Verify that the DB2 installation directory is only writable by the sysadmin and root users.
o Risk: Medium
• Unused database components, software, and database objects must be removed
o Verify that all installed DB2 components fall in line with organizational operations.
o Risk: Medium
Oracle
• I/O Rate Limits for pDBs
o Verify that MAX_IOpS and MAX_MBpS parameters for each pDB are configured to have a limit.
o Risk: Low
Updated Checks
IBM Db2 LUW
• Fix pack not installed on time
o Support 11.1 Mod 3 Fix pack 3 iFix001
o Risk: High
• Latest Fix pack not installed
o Support 11.1 Mod 3 Fix pack 3 iFix001
o Risk: High
Microsoft SQL Server
• Permissions granted to PUBLIC
o Removed incorrect mappings to CIS control 3.8.
o Risk: Medium
Sybase ASE
Updated Checks - Sybase ASE
• Latest patch not applied
o Check for Sybase ASE 15.7 SP140 and 16.0 SP03 PL04
o Risk: High
• Patch not applied on time
o Check for Sybase ASE 15.7 SP140 and 16.0 SP03 PL04
o Risk: High
New policies
• CIS v2.0 for IBM DB2 LUW - Audit (Built-In)
o This policy has been created with guidance of the security configuration benchmarks for IBM DB2 versions 9.7 & 9.8 by the Center for Internet Security.
Updated policies
• DISA-STIG IBM Db2 v10.5 V1R2 - Audit (Built-in)
o New Checks
• IBM DB2: Access to external executables must be disabled or restricted: Medium
• IBM DB2: Must automatically terminate a user session after conditions or trigger events requiring session disconnect: Medium
• IBM DB2: Must prohibit user installation of logic modules without explicit privileged status: Medium
• IBM DB2: produce audit records of its enforcement of access restrictions associated with changes to the configuration: Medium
• IBM DB2: Supporting applications that require security labeling of data: Medium
• IBM DB2: The OS must limit privileges to change the DB2 software resident within software libraries: Medium
• IBM DB2: Unused database components, software, and database objects must be removed: Medium
• Strict - Audit (Built-in)
o New Checks
• Oracle: I/O Rate Limits for PDBs: Low
User Creation Scripts
• Added MongoDB URR user creation script.
Availability
• Available to all AppDetectivepRO and Dbprotect customers with maintenance (subscription or perpetual) in good standing at no additional cost.
• AppDetectivepRO customers can use the Updater within the product as well