IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Safeguard Catalogue - Hardware & Software Remarks<br />

____________________________________________________________________ .........................................<br />

S 4.69 Regular checks of database security<br />

Initiation responsibility: Head of <strong>IT</strong> Section, <strong>IT</strong> Security Management<br />

Implementation responsibility: Administrators<br />

<strong>The</strong> database administrator should check the security of the database system at<br />

regular intervals, but at least once a month. All of the checks listed below<br />

should be performed; checks marked with (*) can usually be automated with<br />

appropriate scripts:<br />

- Are the required backup and security mechanisms active and effective?<br />

- Are there any database users who have not been assigned a password? (*)<br />

- Are there any users who have not used the database system for an extended<br />

period of time?<br />

- Apart from the database administrator, who has access to the files of the<br />

database software and the data files at the level of the operating system?<br />

(*)<br />

- Apart from the database administrator, who has access to the system<br />

tables?<br />

- Who is allowed to access the database with an interactive SQL editor?<br />

- Which user IDs are authorised to modify the database objects of the<br />

applications? (*)<br />

- Which user IDs have read and / or write access to the data of the<br />

applications? (*)<br />

- Which users have the same rights as the database administrator? (*)<br />

- Does the database system have a sufficient quantity of free resources? (*)<br />

Note:<br />

System tables are used to manage the database itself. <strong>The</strong> items managed in<br />

these tables include the individual database objects, database IDs, access<br />

rights and allocations of files to storage media. <strong>The</strong> system tables are<br />

generated by the database management system during the creation of the<br />

database. In principle, the contents of these tables can be modified with the<br />

access rights granted to the database IDs of the administrators. If the data of<br />

the system tables is modified with UPDATE-, INSERT- or DELETE<br />

instructions, there is a high risk that the database will be destroyed. For this<br />

reason, rights to modify the system tables should not be granted. Even readaccess<br />

should be restricted, as all the information in the database can be<br />

viewed via the system tables.<br />

Additional controls:<br />

- When was the last security check performed?<br />

- Are the implementation and results of security checks documented?<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!