Software Updates

Database Security Knowledgebase Update 5.33

Written by | Sep 18, 2018 6:50:00 AM

Database Security Knowledgebase Update 5.33 includes a new check for MSSQL, a new policy, new Activity Monitoring rules and several updated policies.

New Vulnerability and Configuration Check Highlights

IBM DB2 LUW

• Check that permissions have not been granted to the public server role

o Risk: Medium

New Policies

• Database Best Practices

o This policy is designed for those who do not have a specific compliance or security requirement but want to utilize best practices when it comes to securing databases.

Updated Policies

• Base Line - Audit (Built-in)

o New Checks

♦ Microsoft SQL Server: Permissions granted to the public server role: Medium

• Best Practices for Federal Gov. - Audit (Built-in)

o New Checks

♦ Microsoft SQL Server: Permissions granted to the public server role: Medium

• CIS Benchmark - Audit (Built-in)

o New Checks

♦ Microsoft SQL Server: Permissions granted to the public server role: Medium

• CIS v1.0.0 for SQL Server 2016 - Audit (Built-in)

o New Checks

♦ Microsoft SQL Server: Permissions granted to the public server role: Medium

• CNIL - Audit (Built-in)

o New Checks

♦ Microsoft SQL Server: Permissions granted to the public server role: Medium

• FedRAMP - Audit (Built-in)

o New Checks

♦ Microsoft SQL Server: Permissions granted to the public server role: Medium

• Strict - Audit (Built-in)

o New Checks

♦ Microsoft SQL Server: Permissions granted to the public server role: Medium

User Creation Scripts

• None in this release

Database Activity Monitoring - New Rules

• Persistent Cross Site Scripting attack within MS SQL Server

o Monitor for HTML script tags embedded within SQL INSERT or UPDATE statements. Script tags may be indicative of SQL injection attempts.

o Risk: High

Availability

• Available to all Trustwave AppDetectivePRO and DbProtect customers with maintenance (subscription or perpetual) in good standing at no additional cost.

• Trustwave AppDetectivePRO customers can use the Updater within the product as well