DG0054-ORACLE11 - The audit logs should be periodically monitored to discover DBMS access using unauthorized applications.

Information

Regular and timely reviews of audit records increases the likelihood of early discovery of suspicious activity. Discovery of suspicious behavior can in turn trigger protection responses to minimize or eliminate a negative impact from malicious activity. Use of unauthorized application to access the DBMS may indicate an attempt to bypass security controls.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Document applications authorized to access the DBMS in the System Security Plan.

Develop, document and implement a process to review log and trace files or the results from any alternate methods used to support database access auditing to detect connections from unauthorized applications.

Include in this process a method to generate and provide evidence of monitoring.

This may include automated or manual processes acknowledged by the auditor or IAO.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11g_Y21M10_STIG.zip

Item Details

References: CAT|III, Rule-ID|SV-24630r1_rule, STIG-ID|DG0054-ORACLE11, Vuln-ID|V-15611

Plugin: Unix

Control ID: b71ee352998f647910fe910737b60585cb11185ee19ca060499e7d719ad0fbea