Auditing Data Security

Lisa Outlaw, Department of Commerce, Division of Employment Security

Objectives

• The Basics of IT Auditing

• Analyzing an IT environment

• Auditing Data Security

• Class Exercises

Case Scenario – Singapore DMV

• Company XYZ contracted theOutlaw Firm to audit data security.

Case Scenario – Singapore DMV

• Objectives of the Audit:1. Analyze the DMV IT environment

for data

2. Identify known threats and vulnerabilities to the databases

3. Recommend controls to strengthen the DMV’s data security

The Basics of IT Auditing

Definition of IT Auditing

• What is Information Systems Auditing or IT Audit?

• An examination of the IT controls

• Obtaining evidence to assure the:• Safeguarding of assets

• Maintenance of data integrity, and

• IT is operating effectively

• IT controls should mitigate IT risks

6

• Planning & Gain an Understanding• Obtain an understanding of the organization’s

internal controls within its control environment

7The Basics of IT Auditing

Analyze the DMV IT environment for Data

Analyze the DMV IT environment for Data

Scope the Audit

Windows Server Hosts

Oracle Database Server 11g

Registration Data

Unix Server Hosts:

Oracle Database Server 11g

Driver’s License and Credit Card Data

The Basics of IT Auditing

• Risk Assessment• Identify risks that could prevent the business

from achieving its objectives

Risk Assessment

RISK is thePROBABILITY that aTHREAT will exploit aVULNERABILITY to cause harm to anASSET

The Risk formula is often displayed in the following two formats:

Threat Landscape x Vulnerability x Asset

R = f(T, V, A)

11

Threats & Vulnerabilities

The Threat Landscape Update 13

The Threat Landscape Update

• ONE: “Hacktivism”

• Political idealists or common criminals?

• Weaknesses exploited in 2012, according to Verizon Business Study

1. Default or guessable passwords

2. Backdoor malware

3. Stolen log-in credentials

4. Backdoor command control channels

5. Key loggers and spyware

6. SQL injection

14

0%

5%

10%

15%

20%

25%

30%

35%

Default ofguessablepasswords

Backdoormalware

Stolen log-incredentials

Backdoor orcommandcontrol

channels

Key Loggersand spyware

SQLinjection

Weakness Exploited by Hacktivists

Source: Leo Howell & NotebookReview.com: RSA’s Five Top Internet Security Threats in 2012

Internal Control Identification & Testing

DMV Management:• Considered the

“Hacktivism” risks

• Responded to the Risks by adopting Center for Internet Security (CIS) standards

15

Evaluate the organization’s response to those risks

Did the organization implement controls?

Auditing for Data Security16

Audit Areas

1. Data Dictionary

2. Privileges

3. Parameters

4. Accounts & Passwords

5. Profiles

6. Roles

7. Links

8. Audit Logs

9. Encryption

10. Server and Application Level Configuration Settings

Data Dictionary

Data Dictionary Risks

• Hackers can gain valuable information about the database, including all of the accounts and encrypted passwords, and could destroy the database by deleting key tables.

Data Dictionary Controls

• Access to the data dictionary should be limited to only those accounts that need access to fulfill their job duties.

• Normally, only the database administrators should have access.

Audit Procedure

Check Configuration:

O7_DICTIONARY_ACCESSIBILITY is set to the approved settings as defined within the approved standards.

CIS recommends O7_DICTIONARY_ACCESSIBILITY=FALSE;

Privileges

Privileges Risks

• Excessive access granted to system tables and critical application tables may lead to:

• Unauthorized changes to data

• Denial of services

Privileges Controls

• Privileges should be granted based on principle of least access

• Polices, procedures, and standards should support privilege granting decisions

• Privileges on system and database objects should be carefully assessed, documented, and granted to the proper accounts and roles

• Typically end-user accounts should not be granted system privileges except create session

• Insert, Update, Delete on critical tables should be limited to required users

System Privileges - Audit Procedures

Control Rationale: Check Conf. Item:

Restrict system

privileges

All system privileges except for CREATE SESSION must be restricted to DBAs, application object

owner accounts/schemas (locked accounts) and default Oracle accounts. Developers may be

granted limited system privileges as required on development databases.

REVOKE ALL <PRIVS> FROM

<USER>;

Prevent granting of

privileges that

contain the keyword

ANY

The ANY keyword grants the ability for the user to set privileges for the entire catalogue of

objects in the database.

Check for any user or role that

has the ANY keyword and

revoke this role where possible.

Prevent granting of

all privileges

The GRANT ALL PRIVILEGES must not be used; it gives full access to all tables, views and objects

to the user or role it is granted to.

REVOKE ALL PRIVILEGES FROM

<USER/ROLE> GRANT <SPECIFIC

PRIVILEGES> TO <USER/ROLE>;

Prevent granting of

EXEMPT ACCESS

POLICY (EAP)

Revoke this privilege if not necessary. The EAP privilege provides access to all rows regardless of

Row Level Security assigned to specific rows.

REVOKE EXEMPT ACCESS POLICY

FROM <USER>;

Prevent granting of

privileges that have

WITH ADMIN

Check for any user or role that has been granted privileges WITH ADMIN and revoke where

possible. The WITH ADMIN privilege allows a user to grant the same privileges they possess.

REVOKE <ROLE> FROM <USER>;

GRANT <ROLE> TO <USER>;

Prevent granting of

privileges that have

WITH GRANT

Check for any user or role that has been granted privileges WITH GRANT and revoke where

possible. The WITH GRANT privilege allows a user to grant the same privilege to other users.

REVOKE GRANT OPTION FOR

<PRIV> ON <TABLE> FROM

<USER>;

System Privileges - Audit Procedures

Control Rationale: Check Conf. Item:

Prevent granting of

EXEMPT ACCESS

POLICY (EAP)

Revoke this privilege if not necessary. The EAP privilege provides access to all rows regardless of

Row Level Security assigned to specific rows.

REVOKE EXEMPT ACCESS

POLICY FROM <USER>;

Prevent granting of

privileges that have

WITH ADMIN

Check for any user or role that has been granted privileges WITH ADMIN and revoke where

possible. The WITH ADMIN privilege allows a user to grant the same privileges they possess.

REVOKE <ROLE> FROM

<USER>; GRANT <ROLE> TO

<USER>;

Prevent granting of

privileges that have

WITH GRANT

Check for any user or role that has been granted privileges WITH GRANT and revoke where

possible. The WITH GRANT privilege allows a user to grant the same privilege to other users.

REVOKE GRANT OPTION FOR

<PRIV> ON <TABLE> FROM

<USER>;

Prevent granting of

privileges that have

CREATE

Check for any user that has object creation privileges and revoke where possible. Excessive create

privileges can allow an attack to create arbitrary objects, tables, and views.

REVOKE CREATE <PRIV>

FROM <USER/ROLE>

Prevent granting of

CREATE LIBRARY

Check for any user or role that has this privilege and revoke where possible. The CREATE LIBRARY

privilege allows a user to create an object associated with a shared library. Allowing arbitrary library

creation can compromise the integrity and security of the Oracle database.

REVOKE CREATE LIBRARY

FROM <USER/ROLE>;

Prevent granting of

ALTER SYSTEM

Check for any user or role that has this privilege and revoke where possible. The alter system

privilege allows a user to dynamically alter the Oracle instance.

REVOKE ALTER SYSTEM FROM

<USER/ROLE>;

System Privileges - Audit Procedures

Control Rationale: Check Conf. Item:

Prevent granting of

CREATE

PROCEDURE

CREATE PROCEDURE allows a user to create a stored procedure in the

database and should be restricted to administrative or development users.

Check for any user or role that has this privilege and revoke where

possible.

REVOKE CREATE PROCEDURE

FROM <USER/ROLE>;

Prevent granting of

BECOME USER

BECOME USER allows a user to inherit the rights of another oracle system

user and should not be used if possible.

REVOKE BECOME USER FROM

<USER/ROLE>

Prevent granting of

SELECT ANY

TABLE

Check for any user that has access and revoke where possible. If application data is sensitive, and it

is possible, revoke this privilege from the DBA accounts as well.

REVOKE SELECT ANY

<OBJECT> FROM <USER>;

Prevent granting of

AUDIT SYSTEM

Review which users have audit system privileges and limit as much as possible to ensure audit

commands are not revoked.

REVOKE <PRITILEGE> FROM

<USER>;

Grant privileges only

to rolesGrant privileges only to roles. Do not grant privileges to individual users.

Revoke all individual privileges

from users. Create a role

defining the needed privileges.

Grant the role to the users.

Review privileges

granted to PUBLICReview all privileges granted to PUBLIC. Limit or revoke unnecessary PUBLIC privileges.

REVOKE PUBLIC FROM

<USER/ROLE>;

Schema

• A schema is a collection of database objects.

• A schema is owned by a database user and has the same name as that user.

• Schema objects are logical structures created by users to contain, or reference, their data.

• Schema objects include structures like tables, views, and indexes.

Examples of Schema Database Objects

• tables

• views

• sequences

• synonyms

• indexes

• clusters

• database links

• snapshots

• procedures

• functions

• packages

Schema Object Privileges

• Privileges on tables, views, and stored procedures within a particular schema

• Typically used to control access to production application data

• Key Audit Step is to determine the schemas that own the critical application data

Schema Object Privileges Audit Procedures

Schema Object Privileges:

Revoke access to the following tables from all users and roles except for SYS and DBA accounts.

These tables are: • 'AUD$',

• 'USER_HISTORY$',

• 'LINK$', 'USER$',

• 'SOURCE$':

Schema Object Privileges Audit Procedures

Allowing users to alter the AUD$ table can compromise the audit trail or integrity of the Oracle database - This is only applicable if the audit trail parameter is set to db or db_extended;

Schema Object Privileges Audit Procedures

• Allowing users to alter the USER_HISTORY$ table can compromise the audit trail or integrity of the Oracle database.;

Schema Object Privileges Audit Procedures

• Sensitive user and password data is stored in the LINK$ table and USER$. Non administrative or system users should be prevented from accessing this table;

Schema Object Privileges Audit Procedures

Allowing users to alter codes in the SOURCE$ table can compromise the security and integrity of the Oracle database.

Schema Object Privileges Audit Procedures

• REVOKE ALL ON <table_name FROM <USER> ;

• SELECT GRANTEE, PRIVILEGE FROM DBA_TAB_PRIVS WERE TABLE_NAME in ('AUD$', 'USER_HISTORY$', 'LINK$', 'USER$', 'SOURCE$');

• SELECT * from DBA_TAB_PRIVS WHERE TABLE_NAME in ('AUD$', 'USER_HISTORY$', 'LINK$', 'USER$', 'SOURCE$');

Parameters

Parameter Risks

• Improperly configured parameters could allow:

• unauthorized access to sensitive data

• unauthorized control of the database

• Parameters files should be restricted

• Check the permissions of parameter files.

Parameter Controls

• All default configuration parameters should be modified

• Files or tables with configuration parameters should be restricted

Parameters to Audit

At a minimum, the following parameters should be reviewed :

• Set _trace_files_public= FALSE • (default: FALSE)

• SELECT * FROM V$PARAMETER WHERE UPPER(NAME) LIKE ‘%TRACE_FILES_PUBLIC%’;

Parameters to Audit

• Set global_names= TRUE • (Default is TRUE)

• SELECT * FROM V$PARAMETER WHERE UPPER(NAME) LIKE ‘%GLOBAL_NAMES%’;

Parameters to Audit

• Set REMOTE_OS_AUTHENT= FALSE

•

• SELECT * FROM V$PARAMETER WHERE UPPER(NAME) LIKE ‘%REMOTE_OS_AUTHENT %’;

Parameters to Audit

• Set REMOTE_OS_ROLES=FALSE • (Default is FALSE)

• SELECT * FROM V$PARAMETER WHERE UPPER(NAME) LIKE ‘%REMOTE_OS_ROLES %’;

Parameters to Audit

• Set REMOTE_LISTENER=’ ’

• SELECT * FROM V$PARAMETER WHERE UPPER(NAME) LIKE ‘%REMOTE_LISTENER%’;

Parameters to Audit

• Set AUDIT_TRAIL to OS

• SELECT * FROM V$PARAMETER WHERE UPPER(NAME) LIKE ‘%AUDIT_TRAIL%’;

Parameters to Audit

• Set OS_AUTHENT_PREFIX=’ ’.

• SELECT * FROM V$PARAMETER WHERE UPPER(NAME) LIKE ‘%OS_AUTHENT_PREFIX %’;

Parameters to Audit

• Set OS_ROLES=FALSE.

• SELECT * FROM V$PARAMETER WHERE UPPER(NAME) LIKE ‘%OS_ROLES %’;

Parameters to Audit

• SQL92_SECURITY= TRUE

• SELECT * FROM V$PARAMETER WHERE UPPER(NAME) LIKE ‘%SQL92_SECURITY %’;

Parameters to Audit

• REMOTE_LOGIN_PASSWORDFILE=NONE

• SELECT * FROM V$PARAMETER WHERE UPPER(NAME)=‘REMOTE_LOGIN_PASSWORDFILE’;

Parameters to Audit

• DB_SECUREFILE=ALWAYS

• SELECT * FROM V$PARAMETER WHERE UPPER(NAME)=‘DB_SECUREFILE’;

Accounts & Passwords

Default Account & Passwords Risks

• Initial passwords should be changed after database installation

• Default accounts and passwords are well known and could be used to allow unauthorized access to the database.

Default Account & Passwords Controls

• All initial passwords should be changed

• Some default user accounts should be removed or locked as appropriate.

Default Accounts & PasswordsAudit Procedures

Determine if the following actions were taken with default accounts. The order of preference is as follows:

• Drop the user account

• Lock the user account, or

• Change the default password

Change Default Accounts & Password

• SELECT * FROM DBA_USERS_WITH_DEFPWD; (DBA_USERS_WITH_DEFPWD)

• SELECT USERNAME, ACCOUNT_STATUS FROM DBA_USERS;

• SELECT USERNAME, ACCOUNT_STATUS FROM DBA_USERS WHERE USERNAME in (list of default accounts);

Profiles

Profile Risk

• Profiles may not properly restrict users from performing operations that exceed reasonable resource utilization.

• Examples of resources that need to be managed:

• Disk storage space.

• Connect time.

• how user passwords are reused

Profile Controls

All profile values should be analyzed and modified to meet approved standards.

Profile Audit Procedures

SELECT * FROM DBA_PROFILES;

Determine if values have been set to meet standards:

• failed_login_attempts must be set to 3 (default 10 counts);

• password_life_time must be set to 90 (default 180 days);

• password_lock_time must be set to 1 (default ? days)

Profile Audit Procedures

SELECT * FROM DBA_PROFILES;

Reset values as follows:

• password_reuse_max must be set to 20• (default unlimited counts)

• password_reuse_time must be set to 365• (default unlimited days)

Profile Audit Procedures

SELECT * FROM DBA_PROFILES;

Reset values as follows:

• password_grace_time must be set to 3 • (default ? days)

• idle_time must set to a number • (default unlimited minutes);

• connect_time must set to a number • (default unlimited minutes);

Profile Audit Procedures

• password_verify_function must contains a password verification function name.

• The password verification function can be obtained from DBA_SOURCE table:

• SELECT * FROM DBA_SOURCE WHERE TYPE='FUNCTION';

Roles

Roles Risks

• Default roles can give privileges not needed

• The ability to assume a role with elevated privileges exists

• Employee changes require continuing maintenance

Roles Controls

• Passwords should be assigned to roles with important privileges

• Maintenance procedures should exist

• Evidence should exist that maintenance procedures are followed

• Default roles should not be used

Links

Links Risks

• Unknown user in the remote database

• Clear text password in the data dictionary

• Multiple databases could be exposed

• Public links are not uncommon

Links Controls

• Public links are not used

• No links to the data dictionary table

• The use of links should be restricted

• No Links between test, development, or production databases

Audit Logs

Auditing Risks

• If auditing is disabled:• no accountability for actions will be tracked

• Data could be stolen without the knowledge of the database owners

• The database can be damaged or misconfigured without knowledge of the database owners until something goes wrong

Auditing Controls

• Policies and procedures should exist defining what auditing is to be done within the agency

• Auditing should be enabled

• Audit logs should be monitored

• Audit logs should be secured within the database or the operating system

Encryption

Encryption Risks

• Without encryption, hackers and unauthorized personnel can read confidential and sensitive data.

Encryption Controls

• REVOKE EXECUTE ON DBMS_OBFUSCATION_TOOLKIT TO PUBLIC;

• SELECT * FROM DBA_TAB_PRIVS WHERE GRANTEE='PUBLIC' AND PRIVILEGE='EXECUTE' AND UPPER(TABLE_NAME)='DBMS_OBFUSCATION_TOOLKIT';

Encryption - Audit Procedures

Control Rationale:

Where possible, use a procedure

that employs a content data element

as the encryption key that is unique

for each record.

By employing a procedure that uses data elements that change for each record the resulting ciphertext will be

unique. As an example if the same value, key, and encryption are used for a value in a record the resulting

ciphertext will be identical. Someone knowing the value of one of the records independent of the ciphertext can by

inference know the value of other records that display the same ciphertext.

Use RAW or BLOB for the storage of

encrypted data.

Storing data in CLOB may result in a failure in decryption if the same number letter symbol set is not used. The use

of RAW or BLOBs prevents this error and preserves the data.

Revoke the PUBLIC execute

privileges from the

DBMS_OBFUSCATION_TOOLKIT

.

The DBMS_OBFUSCATION_TOOLKIT has been replaced with the DBMS_CRYPTO package, but the

DBMS_OBFUSCATION_TOOLKIT is still needed for some tasks that are not available in the DBMS_CRYPTO

package. As an example; the generation of a pseudorandom string requires the DBMS_OBFUSCATION_TOOLKIT.

By removing public access to the DBMS_OBFUSCATION_TOOLKIT the means to decrypt the data is not available

for malicious use.

Remediation:

REVOKE EXECUTE ON DBMS_OBFUSCATION_TOOLKIT TO PUBLIC;

Audit:

SELECT TABLE_NAME FROM DBA_TAB_PRIVS WHERE GRANTEE='PUBLIC' AND PRIVILEGE='EXECUTE'

AND TABLE_NAME='DBMS_OBFUSCATION_TOOLKIT';

Use HSM for storage of master key. Where possible use an HSM to store the master keys for Transparent Data Encryption. All encryption and

decryption operations that use the master encryption key are performed inside the HSM. This means that the

master encryption key is never exposed in insecure memory.

Tablespace Encryption When a table contains a large number of columns of PII it can be beneficial to encrypt an entire tablespace rather

than columns.

Where possible, use a procedure

that employs a content data element

as the encryption key that is unique

for each record.

By employing a procedure that uses data elements that change for each record the resulting ciphertext will be

unique. As an example if the same value, key, and encryption are used for a value in a record the resulting

ciphertext will be identical. Someone knowing the value of one of the records independent of the ciphertext can by

inference know the value of other records that display the same ciphertext.

Server & Application Configuration Settings

Password & Account Management

Control Rationale for Recommendation Default

Setting

CIS Standard

Setting

Ensure appropriately strong passwords that are adequately managed to reduce the risk of

compromise

Enforce password

history

Protects against past compromised password 24

remembered

>= 24

Max password age Shorten attack time window 42 days <= 90 days

Min password age Prevent quick cycle through to favorite old

password

0 days >= 1 day

Min password length Protect against dictionary and brute force

attacks

0 characters 8 to 12 chars

Passwords must meet

Complexity

Lower likelihood of compromise Disabled Enabled

Password reversible

encryption

Much easier to compromise system, and

applications

Disabled Disabled

Account lockout

duration

Prevents intentional DoS; frustrates

attackers to move to next target

Not Defined 15+ mins

Account lockout

threshold

Protects against brute force password

attacks

0 invalid

attempts

SSLF – 10

ENT - 15

Reset account lockout

counter after

Reduces helpdesk calls and prevent extended

self-inflicted DoS

0 15+ mins

Enforce user logon

restrictions

Prevents bypass attacks for Kerberos-related

attributes, e.g. max lifetime for user ticket

Enabled Enabled

Patch Management

Control Rationale Default Setting CIS

Recommended

Setting

Configure automatic updates

Help to ensure the system has the

most recent critical operating

system updates and service packs

installed

Not configured Enabled:

3 - Auto

download and

notify for

install

Reschedule automatic

updates scheduled

installations

Help to ensure that the system

updates do not fail to install or

impact system startup by avoiding

system conflict with startup

procedures

Not configured Enabled

Security Hardening

Control Rationale for

Recommendation

Default

Setting

CIS Recommended Setting

Reduce the surface of vulnerability as much as possible to reduce the risk of successful attacks

Accounts: Rename

administrator account

Reduce unauthorized access

via password-guessing

Administrator Not contain “admin”

Disable anonymous SID/name

translation too

Accounts: Rename guest

account

Reduce unauthorized access

via the guest

Guest Not contain “guest”

Accounts: Guest account

status

Reduce remote

unauthenticated attack

surface

Disabled Disable

Network access: Do not allow

storage of credentials or .NET

Passports for network

authentication

Reduce confidentiality risks

for credentials and

unauthorized access to

systems and data

Disabled Enabled

Network access: Let Everyone

permissions apply to

anonymous users

Protect against anonymous

enumeration of usernames

and shared resources – limit

attack surface for DoS,

password guessing, etc.

Disabled Disabled

Network access: Named Pipes

that can be accessed

anonymously

Reduce system remote

attack surface

Browser SSLF MS – browser

SSLF DC – netlogon, lsarpc, samr,

browser

ENT MS & DC – Not Defined

Security Hardening

Control Rationale for

Recommendation

Default Setting CIS

Recommended

Setting

Network access:

Remotely accessible

registry paths

Reduce system remote attack

surface

System\CurrentControlS

et\Control\ProductOptio

ns

System\CurrentControlS

et\Control\Server

Applications

Software\Microsoft\Win

dows NT\CurrentVersion

ENT MS & DC –

not defined

SSLF MS & DC –

[default]

Network access: Restrict

anonymous access to

Named Pipes and Shares

Ensures only explicitly defined

individuals have access to these

resources

The registry key does

not exist

Enabled

Network access: Shares

that can be accessed

anonymously

Ensures only explicitly defined

individuals have access to these

resources

None None

Network access: Sharing

and security model for

local accounts

Ensures individual identification

and facilitate individualized

access control

Classic – local users

authenticate as

themselves

[default]

Security Hardening

Control Rationale for Recommendation Default Setting CIS

Recommended

Setting

Network security: Do not

store LAN Manager hash

value on next password

change

Protects against attackers

deriving credentials via attacks

on the Security Accounts Manager

(SAM) file

Enabled Enabled

Disable Remote Desktop

Sharing

Reduce remote attack surface

(can’t do NetMeeting!)

Not Configured Enabled

User Management (User Account Control & User Rights)

Control Rationale for

Recommendation

Default Setting CIS Recommended Setting

Limit application privilege to standard user until authorized, and to reinforce the principle of least

privilege

UAC: Behavior of

the elevation

prompt for standard

user

Standard users will not

have credentials

required

Prompt for

credentials

Automatically deny elevation

requests

Access this

computer from the

network

Protects against

unauthorized user

network access

Everyone,

Admins, Users,

Backup Operators

SSLF - Admins & AuthN Users

ENT & SSLF DCs – Admins, AuthN

users, Enterprise Domain Admins

Act as part of the

operating system

Prevents circumventing

of local system access

controls

No one All Profiles – No one

Back up files and

directories

Prevent unauthorized

disclosure or cover-up

of sensitive data

Admins

Backup Ops

SSLF MS & SSLF DC – Admins

ENT MS & DCs – Not Defined

Bypass traverse

checking

Protects against

unauthorized access to

sensitive data

Everyone, Admin,

AuthNted Users,

Backup Ops, Local

& Network

Service

ENT MS – Admins, AuthN users,

Backup ops, Local & Net. service

ENT DCs – Not Defined

SSLF MS – Admins, AuthN users,

Local & Net. service

Control Rationale for

Recommendation

Default

Setting

CIS Recommended Setting

Deny access to this

computer from the

network

Protects against

unauthorized account

access

Guests All Profiles - Guests

Force shutdown from

a remote system

Limit the potential for DoS

attacks

Admins SSLF MS & DC – Administrators

ENT MS & DCs – Not Defined

Shut down the

system

Limit potential for DoS and

unauthorized shutdown

Admins,

Backup Ops

All Profiles – Administrators

Generate security

audits

Log flooding or overwrite to

hide malicious activities

Local service

Network

Service

ENT MS, SSLF MS, SSLD DC – Local

service, Network service

ENT DC – Not Defined

Log on as a batch job Low risk, but seldom used

IIS, ASP.NET, etc. needs it…

Admins,

Backup Ops,

Perf Log User

SSLF MS & DC – Administrators

ENT MS & DCs – Administrators,

Backup Ops

Take ownership of

files or other objects

Bypass system ACLs, putting

data CIA at risk

Administrator All Profiles - Administrators

User Management (User Account Control & User Rights)

Re-Assess Risk

• Based on your testing, are controls mitigating the risks?

• What is the potential impact of unmitigated risks (if any) identified?

84

Evaluation & Reporting

• Assess your results, issue findings and draftyour audit report

• Include practical and meaningful recommendations that you propose to the DMV to strengthen data security

• Any Questions????

85

References

The Center for Internet Security: Security Configuration Benchmark forOracle Database Server 11g, Version 1.1.1, January 2009-http://www.cisecurity.org/

NotebookReview.com: RSA’s Five Top Internet Security Threats in 2012 –www.notebookreview.com

Wikipedia, the free encyclopedia - http://www.wikipedia.org/

Money Minute & Kron4.com:

86