II - Mission Support Classified
Rules and Groups employed by this XCCDF Profile
-
SRG-NET-000318-IDPS-00068
<GroupDescription></GroupDescription>Group -
To help detect unauthorized data mining, the DBN-6300 must detect code injection attacks launched against data storage objects, including, at a minimum, databases, database records, queries, and fields.
<VulnDiscussion>Data mining is the analysis of large quantities of data to discover patterns and is used in intelligence gathering. Failure t...Rule Medium Severity -
SRG-NET-000089-IDPS-00010
<GroupDescription></GroupDescription>Group -
In the event of a logging failure, caused by loss of communications with the central logging server, the DBN-6300 must queue audit records locally until communication is restored or until the audit records are retrieved manually or using automated synchronization tools.
<VulnDiscussion>It is critical that when the IDPS is at risk of failing to process audit logs as required, it take action to mitigate the fai...Rule Medium Severity -
SRG-NET-000089-IDPS-00069
<GroupDescription></GroupDescription>Group -
In the event of a logging failure caused by the lack of log record storage capacity, the DBN-6300 must continue generating and storing audit records if possible, overwriting the oldest audit records in a first-in-first-out manner.
<VulnDiscussion>It is critical that when the IDPS is at risk of failing to process audit logs as required, it takes action to mitigate the fa...Rule Medium Severity -
SRG-NET-000113-IDPS-00013
<GroupDescription></GroupDescription>Group -
The DBN-6300 must generate log events for detection events based on anomaly analysis.
<VulnDiscussion>Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events r...Rule Medium Severity -
SRG-NET-000246-IDPS-00205
<GroupDescription></GroupDescription>Group -
The DBN-6300 must install system updates when new releases are available in accordance with organizational configuration management policy and procedures.
<VulnDiscussion>Failing to update malicious code protection mechanisms, including application software files, signature definitions, and vend...Rule Medium Severity -
SRG-NET-000318-IDPS-00183
<GroupDescription></GroupDescription>Group -
To protect against unauthorized data mining, the DBN-6300 must monitor for and detect SQL injection attacks launched against data storage objects, including, at a minimum, databases, database records, and database fields.
<VulnDiscussion>Data mining is the analysis of large quantities of data to discover patterns and is used in intelligence gathering. Failure t...Rule Medium Severity -
SRG-NET-000319-IDPS-00184
<GroupDescription></GroupDescription>Group -
To protect against unauthorized data mining, the DBN-6300 must detect SQL code injection attacks launched against data storage objects, including, at a minimum, databases, database records, queries, and fields.
<VulnDiscussion>Data mining is the analysis of large quantities of data to discover patterns and is used in intelligence gathering. Failure t...Rule Medium Severity -
SRG-NET-000319-IDPS-00185
<GroupDescription></GroupDescription>Group -
To protect against unauthorized data mining, the DBN-6300 must detect code injection attacks launched against application objects including, at a minimum, application URLs and application code/input fields.
<VulnDiscussion>Data mining is the analysis of large quantities of data to discover patterns and is used in intelligence gathering. Failure t...Rule Medium Severity -
SRG-NET-000319-IDPS-00186
<GroupDescription></GroupDescription>Group -
To protect against unauthorized data mining, the DBN-6300 must detect SQL injection attacks launched against data storage objects, including, at a minimum, databases, database records, and database fields.
<VulnDiscussion>Data mining is the analysis of large quantities of data to discover patterns and is used in intelligence gathering. Failure t...Rule Medium Severity -
SRG-NET-000333-IDPS-00190
<GroupDescription></GroupDescription>Group -
The DBN-6300 must support centralized management and configuration of the content captured in audit records generated by all DBN-6300 components.
<VulnDiscussion>Without the ability to centrally manage the content captured in the log records, identification, troubleshooting, and correla...Rule Medium Severity -
SRG-NET-000334-IDPS-00191
<GroupDescription></GroupDescription>Group -
The DBN-6300 must off-load log records to a centralized log server.
<VulnDiscussion>Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading ensures audi...Rule Medium Severity -
SRG-NET-000383-IDPS-00208
<GroupDescription></GroupDescription>Group -
The DBN-6300 must integrate with a network-wide monitoring capability.
<VulnDiscussion>An integrated, network-wide intrusion detection capability increases the ability to detect and prevent sophisticated distribu...Rule Medium Severity -
SRG-NET-000390-IDPS-00212
<GroupDescription></GroupDescription>Group -
The DBN-6300 must continuously monitor inbound communications traffic between the application tier and the database tier for unusual/unauthorized activities or conditions at the SQL level.
<VulnDiscussion>If inbound communications traffic is not continuously monitored for unusual/unauthorized activities or conditions, there will...Rule Medium Severity -
SRG-NET-000511-IDPS-00012
<GroupDescription></GroupDescription>Group -
The DBN-6300 must off-load log records to a centralized log server in real time.
<VulnDiscussion>Off-loading ensures audit information is not overwritten if the limited audit storage capacity is reached and also protects t...Rule Medium Severity -
SRG-NET-000512-IDPS-00194
<GroupDescription></GroupDescription>Group -
When implemented for protection of the database tier, the DBN-6300 must be logically connected for maximum database traffic visibility.
<VulnDiscussion>Configuring the IDPS to implement organization-wide security implementation guides and security checklists ensures compliance...Rule Medium Severity -
SRG-NET-000512-IDPS-00194
<GroupDescription></GroupDescription>Group -
When implemented for discovery protection against unidentified or rogue databases, the DBN-6300 must provide a catalog of all visible databases and database services.
<VulnDiscussion>If the DBN-6300 is installed incorrectly in the site's network architecture, vulnerable or unknown databases may not be detec...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.