Vulnerability Assessment tests

Guardium provides several types of tests to enable you to assess your vulnerability.

Vulnerability Assessment Tests

Guardium® provides over two hundred predefined tests to check database configuration parameters, privileges, and other vulnerabilities. You can also define your own tests.

A Vulnerability Assessment may contain one or more of the following types of tests.

Predefined Tests

Predefined tests are designed to illustrate common vulnerability issues that may be encountered in database environments. Because of the highly variable nature of database applications and the differences in what is deemed acceptable in various companies or situations, some of these tests may be suitable for certain databases but totally inappropriate for others (even within the same company). Most of the predefined tests are customizable to meet requirement of your organization. Additionally, to keep your assessments current with industry best practices and protect against newly discovered vulnerabilities, Guardium distributes new assessment tests and updates on a quarterly basis as part of its Database Protection Subscription Service. Please refer to Guardium Administration Guide for more details.

Predefined Tests include:
  • Behavioral Tests
  • Configuration Tests

Behavioral Tests

This set of tests assesses the security health of the database environment by observing database traffic in real-time and discovering vulnerabilities in the way information is being access and manipulated.

As an example, some of the behavioral vulnerability tests included are:
  • Default users access
  • Access rule violations
  • Execution of Admin, DDL, and DBCC commands directly from the database clients
  • Excessive login failures
  • Excessive SQL errors
  • After hours logins
  • Excessive administrator logins
  • Checks for calls to extended stored procedures
  • Checks that user ids are not accessed from multiple IP addresses

Configuration Tests

This set of assessments checks security-related configuration settings of target databases, looking for common mistakes or flaws in configuration create vulnerabilities.

As an example, the current categories, with some high-level tests, for configuration vulnerabilities include:
  • Privilege
    • Object creation / usage rights
    • Privilege grants to DBA and individual users
    • System level rights
  • Authentication
    • User account usage
    • Remote login usage
    • Password regulations
  • Configuration
    • Database specific parameter settings
    • System level parameter settings
  • Version
    • Database versions
    • Database patch levels
  • Object
    • Installed sample databases
    • Recommended database layouts
    • Database ownership

Query-based Tests

A query based tests is either a pre-defined or user-defined test that can be quickly and easy created by defining or modifying a SQL query, which will be run against database datasource and results compared to a predefined test value. See Define a Query-based Test for additional information on building a user defined query-based test.

CAS-based Tests

A CAS-based test is either a pre-defined or user-defined test that is based on a CAS template item of type OS Script command and uses CAS collected data.

Users can specify which template item and test against the content of the CAS results. See Create a New Template Set Item for assistance on creating an OS Script type CAS template.

Guardium also comes pre-configured with some CAS template items of type OS Script that can be used for creating a CAS-based test. These tests can be see through the CAS Template Set Definition panel and have a name which contains the word Assessment. For instance, the Unix/Oracle set for assessments is named Guardium Unix/Oracle Assessment. Additionally, any template that is added that involves file permissions will also be used for permission and ownership checking. See Modify a Template Set Item for viewing these template sets and seeing those items with type OS Script.

Whether using a Guardium pre-configured or defining your own, once defined, these tests will appear for selection during the creation or modification of CAS-based tests. See Define a CAS-based Test for additional information.

CVE Tests

Guardium constantly monitors the common vulnerabilities and exposures (CVE) from the MITRE Corporation and add these tests for the relevant database related vulnerabilities.