DBN-6300 IDPS Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-NET-000318-IDPS-00068
Group -
SRG-NET-000089-IDPS-00010
Group -
In the event of a logging failure, caused by loss of communications with the central logging server, the DBN-6300 must queue audit records locally until communication is restored or until the audit records are retrieved manually or using automated synchronization tools.
It is critical that when the IDPS is at risk of failing to process audit logs as required, it take action to mitigate the failure. Audit processing failures include software/hardware errors, fai...Rule Medium Severity -
SRG-NET-000089-IDPS-00069
Group -
SRG-NET-000113-IDPS-00013
Group -
SRG-NET-000246-IDPS-00205
Group -
SRG-NET-000318-IDPS-00183
Group -
To protect against unauthorized data mining, the DBN-6300 must monitor for and detect SQL injection attacks launched against data storage objects, including, at a minimum, databases, database records, and database fields.
Data mining is the analysis of large quantities of data to discover patterns and is used in intelligence gathering. Failure to detect attacks that use unauthorized data mining techniques to attack ...Rule Medium Severity -
SRG-NET-000319-IDPS-00184
Group -
To protect against unauthorized data mining, the DBN-6300 must detect SQL code injection attacks launched against data storage objects, including, at a minimum, databases, database records, queries, and fields.
Data mining is the analysis of large quantities of data to discover patterns and is used in intelligence gathering. Failure to detect attacks that use unauthorized data mining techniques to attack ...Rule Medium Severity -
SRG-NET-000319-IDPS-00185
Group -
SRG-NET-000319-IDPS-00186
Group -
SRG-NET-000333-IDPS-00190
Group -
The DBN-6300 must support centralized management and configuration of the content captured in audit records generated by all DBN-6300 components.
Without the ability to centrally manage the content captured in the log records, identification, troubleshooting, and correlation of suspicious behavior would be difficult and could lead to a delay...Rule Medium Severity -
SRG-NET-000334-IDPS-00191
Group -
The DBN-6300 must off-load log records to a centralized log server.
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading ensures audit information does not get overwritten if the limited audit storage capa...Rule Medium Severity -
SRG-NET-000383-IDPS-00208
Group -
SRG-NET-000390-IDPS-00212
Group -
The DBN-6300 must continuously monitor inbound communications traffic between the application tier and the database tier for unusual/unauthorized activities or conditions at the SQL level.
If inbound communications traffic is not continuously monitored for unusual/unauthorized activities or conditions, there will be times when hostile activity may not be noticed and defended against....Rule Medium Severity -
SRG-NET-000511-IDPS-00012
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.