Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
65 views5 pages

Security Policies for IT Compliance

The document outlines various security policies for monitoring database activity including policies related to network protocol validation, unauthorized data access and modification, failed login attempts, HIPAA and PCI compliance, SOX compliance, database protocol validation, privileged user profiles, and other custom policies related to GDPR, Oracle objects, and firewalls.

Uploaded by

vijay konduru
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
65 views5 pages

Security Policies for IT Compliance

The document outlines various security policies for monitoring database activity including policies related to network protocol validation, unauthorized data access and modification, failed login attempts, HIPAA and PCI compliance, SOX compliance, database protocol validation, privileged user profiles, and other custom policies related to GDPR, Oracle objects, and firewalls.

Uploaded by

vijay konduru
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

DAM Default Security Policies

Security Policies Details:


Security policies enables us to monitor any security violation occurs against defined conditions like
predefined ADC database signatures, DB protocol policies. Based on Security policies we can define
block action for that activity. Example if someone tries to exploit DB vulnerabilities then we can set
the action as Block for the same.

Security Policies give us real time Alerts on Management Console as well as we can send these alerts
to Email, SIEM tool.

a. Network Protocol Validation


This policy enables us to trigger security violation based on if any Protocol validation fails.
Example: Bad IP option length, Bad source IP Address, Invalid IP flag, TCP Bad state, TCP -
Invalid Data Length in Header

b. DB Service Custom

1. FISMA - Unauthorized data access


FISMA: The Federal Information Security Management Act (FISMA) is United States
legislation that defines a comprehensive framework to protect government information,
operations and assets against natural or man-made threats. FISMA was signed into law part
of the Electronic Government Act of 2002

This Policy enable us to monitor and protect unauthorized data access based on classified
object i.e. sensitive information stored in specific table group.

2. FISMA - Unauthorized data modification


This Policy enable us to monitor and protect unauthorized data modification based on
classified object i.e. sensitive information stored in specific table group.

3. Failed Login Attempts


This policy enables us to monitor or block user login if more than 5 failed login attempts
occurs within specified time period. By Default, this policy is enabled.

c. HIPPA compliance based security policy:


The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for
sensitive patient data protection. Companies that deal with protected health information
(PHI) must have physical, network, and process security measures in place and follow them
to ensure HIPAA Compliance.

1. HIPAA - Unauthorized data access


This Policy enable us to monitor and protect unauthorized data access based on classified
object i.e. sensitive information stored in specific table group.

2. HIPAA - Attempt to backup database


This Policy enable us to monitor and protect if someone tries to perform backup database
activities.
3. HIPAA - Unauthorized data modification
This Policy enable us to monitor and protect unauthorized data modification based on
classified object i.e. sensitive information stored in specific table group

d. PCI compliance based Policies:


The Payment Card Industry Data Security Standard is an information security standard for
organizations that handle branded credit cards from the major card schemes. The PCI
Standard is mandated by the card brands and administered by the Payment Card Industry
Security Standards Council.

1. PCI - Violation to a cardholder information table


This policy monitors & block the activity if someone tries to retrieve the card holder
information based on unauthorized sensitive query.

2. PCI - Attempted users and privileges management privileged operations by non-


privileged user
Monitors & block the Users and Privileges Management Commands like creating user,
assigning permission to users, revoking permissions or modifying permissions, altering
roles, profiles, system privileges if performed by non DBA users.

3. PCI - Violations caused by admin

This policy trigger alerts or Block if there is any violation occurs by admin users like
access to back listed tables, Excessive attempts of Database logins, unauthorized
sensitive query and so on.

4. PCI - Existence alerts of Track data


This policy trigger alerts or Block activities like if there are activities to track payment
card track data detection.

5. PCI - Unauthorized access to cardholder information


This policy monitors & block the activity if someone tries to retrieve the card holder
information based on unauthorized sensitive query

6. PCI - Violations to a cardholder information table


This policy monitors & block the activity if someone tries to retrieve the card holder
information based on unauthorized table/operation access.

7. PCI - Failed privileged operations on users and privileges management


This Policy triggers alerts there is SQL exception occurs on privileged operation
performed by privilege users.

8. PCI - Usage of default user accounts


This Policy trigger alerts and block access when non DBA users tries to access the
database

9. PCI - Violations of privileged commands


This policy trigger alerts or block if there is attempt to execute privilege operation
e. SOX Compliance based Policies
In 2002, the United States Congress passed the Sarbanes-Oxley Act (SOX) to protect
shareholders and the general public from accounting errors and fraudulent practices in
enterprises, and to improve the accuracy of corporate disclosures.

1. SOX - Direct changes to data dictionary


This policy trigger alert when there is insert, update, delete query performed on sensitive
tables.

2. SOX - Manual data changes


This policy trigger alerts & block, when there is insert, update, delete query performed on
financial data stored on specific table group.

3. SOX - Data changes by administrator


This policy trigger alert when there is insert, update, delete query performed on sensitive
tables by DBA users.

4. SOX - Unauthorized data changes


This policy trigger alerts & block, when there is insert, update, delete query performed on
financial data stored on specific table group by unauthorized users, source application,
unauthorized sensitive tables.

f. DB Protocol Validation
1. SQL protocol Policy:
This policy helps to generate alert or block activity regarding protocol validation like
Extremely Long SQL Request, SQL protocol - invalid authentication, SQL protocol -
unauthorized operation

2. Oracle SQL Protocol Policy


This policy trigger alert when a bad query was detected as part of a login attempt, only alter
session queries are allowed to be part of a login attempt.

3. SQL Correlation Policy


This policy invokes a violation about excessive login attempt to the database if: from the
same host (IP address) one or more users fail to login, exceeding a user configured
threshold of failed login attempts, at a timeframe of two minutes. This alert may indicate
a brute force attack on the database login mechanism.

OR
invoke a violation about excessive login attempt to the database if: a specific database
user fails to login in the middle of an open session with the database, exceeding a user
configured threshold of failed login attempts, at a timeframe of two minutes, from the
same IP. This alert may indicate a brute force attack on the database login mechanism.

OR
SecureSphere detected a database operation that contains raw track data from
magnetic cards. The PCI standard requires that raw track data is not stored in the
database. This alert denotes a violation of PCI requirements.
4. SQL Protocol Signatures
 Recommended Policy for Database Applications – Legacy & Recommended
Signatures Policy for Database Applications
This trigger alert or block activities when there is any exploit happens against predefined
database signature based on patterns and regular expression.

g. Profile Policy
SQL Profile Policy: Trigger alert when there is access to black listed tables,
Attempt to Execute Privileged Operation, Unauthorized Database and Schema, Unauthorized
Host, Unauthorized Query, Unauthorized Source IP Address, Unauthorized Source Application
and so on.

h. DB Service Custom:
1. GDPR - Access to sensitive data
The General Data Protection Regulation 2016/679 is a regulation in EU law on data
protection and privacy for all individuals within the European Union and the European
Economic Area. It also addresses the export of personal data outside the EU and EEA
areas.

Trigger alert and block all activities when there is access to sensitive data like account
number, phone number, address, email id etc.

2. Oracle - Attempt to Create Wrapped Object


Trigger alert and block activity when there is any attempt to create Wrapped objects
query.

3. Oracle - PL/SQL Code Tampering


This policy will trigger alert and block on performing operation insert, delete and update
on PL/SQL code table.

4. Oracle - Attempt to Execute Database Export


This policy will trigger alert or block on using unauthorized source application to export
database.

5. Unauthorized Privileged Operation – Deprecated


This policy trigger alert or block activity when DBA users tries to perform privilege
operation on black listed tables

6. Firewall Policy
This policy trigger alert or block when there is access to DB through non applicative ports
at network layer.

You might also like