|
|
|
 |
ASAP Update: 26 May 2009
ENHANCEMENTS IN THIS ASAP UPDATE INCLUDE:
Product: DbProtect Vulnerability Assessment Scan Engine (AppDetective)
ORACLE
- NEW! Critical Patch Update - April 2009
Examines if the database contains vulnerabilities fixed by Critical Patch Update - April 2009.
Risk Level - High
MICROSOFT SQL SERVER
- NEW! Agent XPs enabled
Verified that the "Agent XPs" configuration option is disabled.
Risk - Medium
- NEW! Remote admin connections allowed
Examines if the dedicated administrator connection is allowed from a remote client.
Risk - Medium
- NEW! SQL Server file permissions
Examines that the files permissions in SQL Server installation are correctly granted to the appropriate authorities.
Risk - Medium
- NEW! DBMS audit log backups
Examines that the database audit logs are included into regular DBMS or host backup processes.
Risk - Informational
- NEW! DBMS software file backups
Examines that the database software files are included into regular backup processes.
Risk - Informational
- NEW! DBMS dedicated software directory and partition
Examines that the DBMS data files are separated and stored within locations dedicated to specific database application.
Risk - Informational
- NEW! DBMS network port, protocol, and services (PPS) configuration
Examines that no non-standard network ports, protocol, or services are configured or used by SQL Server.
Risk - Informational
- NEW! DBMS account password expiration
Examines for user accounts that do not have set expiration times.
Risk - Informational
- NEW! Encryption of DBMS sensitive data in transit
Examines that encryption of communication is being enforced by SQL Server.
Risk - Informational
- NEW! Event forwarding not disabled
Verifies that the "Event forwarding to another server" agent option is disabled.
Risk - Informational
- NEW! Dedicated data file directories
Examines that the DBMS data and log files are separated and stored within locations dedicated to specific database.
Risk - Informational
|
|
 |
|
|
|
