One of the best sources of security guidelines for different IT products is the product vendor. If you need a security baseline guide for an OS, DBSMS, and network device, first look for it in its vendor-provided documents. Microsoft products are a good example of above. For example, Microsoft has published SQL Vulnerability Assessment tool to aid DB admins in hardening the database as well as the DBMS. The tool is part of SQL Server Management Studio and requires it.
Which security policies, configurations and rules does the tool check? The below links provide a comprehensive checklist:
https://eitanblumin.com/sql-vulnerability-assessment-tool-rules-reference-list/
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-vulnerability-assessment-rules
Saturday, May 16, 2020
Thursday, May 7, 2020
Reviewing logs of perimeter firewalls
When considering perimeter firewall policies, it is important how we collect logs of the traffic matching with each rule. A good practice is to collect all the outbound traffic logs that are matched by the last ''Deny All'' policy where all other rules are strictly accepting only the legitimate traffic. If the ''Accept'' policies are configured precisely, we can detect deviations from normal or expected behavior by reviewing logs of dropped outbound traffic. In specific, one may find internal IP addresses and ports that have been dropped, which means that the user was trying to bypass the restriction of the perimeter firewall and connect to an external IP/service.
Subscribe to:
Comments (Atom)