CIS Sybase 15.0 L1 DB v1.1.0

Audit Details

Name: CIS Sybase 15.0 L1 DB v1.1.0

Updated: 6/17/2024

Authority: CIS

Plugin: SybaseDB

Revision: 1.1

Estimated Item Count: 35

File Details

Filename: CIS_Sybase_15_0_v1_1_0_L1_Database.audit

Size: 61.5 kB

MD5: 6ace38ec2511328d1cad099592da2429
SHA256: a9dfc0db382d132bceb1cb0a231ef30d7f062ea679ca6951ae49efb475ef3af0

Audit Items

DescriptionCategories
1.1 Select an appropriate authentication mechanism - LDAP User Auth
1.1 Select an appropriate authentication mechanism - PAM User Auth
1.1 Select an appropriate authentication mechanism - use security services
1.3 Store password hashes using SHA-256 only
1.4 Secure the sa account
1.5 Remove unused accounts and change default passwords
1.11 Conceal Sensitive Input to isql
2.2 Enable message integrity
2.3 Enable message confidentiality
2.4 Enable network password encryption

IDENTIFICATION AND AUTHENTICATION

2.5.1 Enable password encryption

IDENTIFICATION AND AUTHENTICATION

3.1.1 Set an appropriate default database for all users
3.1.2 Restrict use of set proxy
3.3.1 Avoid use of grant all
3.4 Revoke default permissions for the public role
3.5 Ensure updates to system tables are not permitted
3.5.1 Protect database object text in syscomments
3.6.1 Ensure a strong system encryption password is set
4.2 Enabling resource limits
4.3 Enable auditing - auditing of security-related events

AUDIT AND ACCOUNTABILITY

4.3 Enable auditing - sp_configure 'auditing'

AUDIT AND ACCOUNTABILITY

4.6 Review audit queue size
4.8 Log successful and failed login attempt - failure
4.8 Log successful and failed login attempt - success
5.1 Ensure Java is disabled

CONFIGURATION MANAGEMENT

5.2 Ensure External File System Access is disabled - enable cis
5.2 Ensure External File System Access is disabled - enable file access
6.1 Password protect database backups
6.3 Install on a dedicated server
6.4 Maintain an inventory of all ASE instances
6.5 Ensure ASE server names do not disclose sensitive information
6.6 Remove sample databases if installed
6.7 Create separate partitions for programs and data
6.9 Harden host operating system
6.11 Keep up-to-date with Sybase security patches