Hands-Ibmon: Ibm Security Guardium

Download as pdf or txt
Download as pdf or txt
You are on page 1of 19

[Type here]

1.

InfoSphere® Guardium®
IBM Security Guardium

Hands-On

Database Auto Discovery


Hands-IBMOn
IBM Security IBM Security Guardium

1. Exploring Database Auto-Discovery

Overview
Even in stable environments, where cataloging processes have historically existed, uncontrolled
instances can inadvertently be introduced through mechanisms, including developers that create
“temporary” test environments; business units seeking to rapidly implement local applications; and
purchases of new applications with embedded databases.

The Auto-discovery application can be configured to probe specified network segments on a scheduled
or on-demand basis, and can report on all databases discovered—solving the problem of identifying both
legacy and newly introduced databases. Similarly, the Auto-discovery application can be used to
demonstrate that a process exists to identify all new instances.

Objectives
In this lab you will learn how to:

__1. Configure a database scan

__2. Run the scan

__3. View the results

0–

1. Exploring Database Auto-Discovery Page 6
IBM Security IBM Security Guardium

__1. Using the IBM Security® Guardium® GUI, demonstrate the ease of use within the Guardium
solution. Start the Guardium appliance and log in.

__a. From your laptop, browse to https://10.10.9.239:8443

__b. Login as pot/ guardium.

0–

1. Exploring Database Auto-Discovery Page 7
IBM Security IBM Security Guardium

__2. Use the Guardium GUI to create a new Database Discovery application.

__a. In the Navigation menu, click on Discover, then expand Database Discovery and click
on Auto Discovery Configuration.

__b. Click on the plus sign to create a new Auto-discovery Configuration:

0–

1. Exploring Database Auto-Discovery Page 8
IBM Security IBM Security Guardium

__c. Enter ‘V10 PoT Discover Databases’ for Process name, and click Apply.

__d. Enter ’10.10.9.*’ in the Host(s) field. This will result in the scanning of IP addresses
10.10.9.0 –> 10.10.9.254. You can also enter just a single specific IP address.

__e. Enter ‘1521’ in the Port(s) field and click Add scan. Repeat for additional scans if
desired. You can also enter more than one port separated by comma(s) or a range of
ports as well. You can also have multiple scan entries.

0–

1. Exploring Database Auto-Discovery Page 9
IBM Security IBM Security Guardium

__f. Make sure the Run probe after scan box is checked. This will cause the probe to
automatically run after the scan completes.

__g. Click Run Once Now under ‘Scheduling – Scan for open ports’ to start the scan followed
by the probe.

0–

1. Exploring Database Auto-Discovery Page 10
IBM Security IBM Security Guardium

__h. Click OK to acknowledge.

0–

1. Exploring Database Auto-Discovery Page 11
IBM Security IBM Security Guardium

__i. Click Progress/Summary to view status of the scan/probe. It should complete in less
than a minute. Larger scans will take longer.

__j. Click the ‘+’ icon to expand the Hosts / Ports pull-down. You may need to click Refresh
until the discovery process completes. If the scan has completed, click Close.

0–

1. Exploring Database Auto-Discovery Page 12
IBM Security IBM Security Guardium

__k. Check the Databases Discovered report to view the results.

There are 2 ways you can find the Databases Discovered Report:

a) In the User Interface search feature, located at the bar on the top of the Guardium UI,
type the first characters of the report you are looking for. In this case: “Datab” will be
enough.

The search result will point you to the various locations where you can find this Report. If
you click on the name of the report, it will take you to the Report page.

0–

1. Exploring Database Auto-Discovery Page 13
IBM Security IBM Security Guardium

b) Alternatively, on the Navigation menu, click on Discover, expand the Reports section
and click on Databases Discovered.

__l. Verify that the Oracle database has been discovered.

__m. In the Navigation menu, click on Discover, expand Database Discovery and click on
Auto-discovery Configuration.

__n. Select the auto discovery process we just created and click on the Pencil icon to modify
this process.

0–

1. Exploring Database Auto-Discovery Page 14
IBM Security IBM Security Guardium

__o. Substitute 10.10.9.56 for the Host(s) field and let’s look for DB2. Add 50000 in the Ports
field. Click Apply, and then click Run Once Now.

0–

1. Exploring Database Auto-Discovery Page 15
IBM Security IBM Security Guardium

__p. Now we see the additional scan result for the database(s) with the specific IP 10.10.9.56.

0–

1. Exploring Database Auto-Discovery Page 16
IBM Security IBM Security Guardium

__q. If the report does not produce any discovered databases, click the Configure runtime
parameters (Tool) Icon at the tools bar.

__a. Make sure the Enter Period From and Enter Period To runtime parameters are in the
desired range as displayed below.

__b. If adjustments are necessary, simply adjust the desired date ranges and click OK. The
new results will be projected immediately. You may need to sync system clocks.

__c. If the report still displays no results, then make sure the database server at 10.10.9.56 is
running.

__d. If scanning a range of IP addresses such as 10.10.9.*, the above solution will not be
practical for this lab.

0–

1. Exploring Database Auto-Discovery Page 17
IBM Security IBM Security Guardium

Thank You

0–

1. Exploring Database Auto-Discovery Page 18
IBM Security IBM Security Guardium

review

__1. The Database Auto-discovery process runs on:

__a. The InfoSphere Guardium collector

__b. The database server

__c. The client PC

__d. A network switch

__2. Network IDS (Intrusion Detection Systems) will often view the Database Auto-discovery process
as a possible threat. (True or False)

__3. Database Auto-Discovery is a:

__a. One-step process, scanning the network for active database ports

__b. Two-step process, first scanning all active ports, then querying each port with the known
database protocols

__c. Three-step process, first verifying which IPs are active, then scanning all active ports,
then querying each port with the known database protocols

__4. The Database Auto-discovery process can be scheduled to run on a periodic basis (for example,
once a week). (True or False)

__5. Database Auto-discovery results can be:

__a. Sent automatically through email to the admin user

__b. Only viewed through the GUI from the Databases Discovered report

__c. Viewed through the GUI from the Databases Discovered report, or automatically
distributed using the Compliance Workflow capability

0–


review Page 19
IBM Security IBM Security Guardium

0–


review Page 20
IBM Security IBM Security Guardium

review (Answers)

__1. The Database Auto-discovery process runs on:

A – The InfoSphere Guardium Collector.

__2. Network IDS (Intrusion Detection Systems) will often view the Database Auto-discovery process
as a possible threat. (True or False)

True.

__3. Database Auto-discovery is a:

B – Two-step process, first scanning all active ports, then querying each port with the known
database protocols.

__4. The Database Auto-discovery process can be scheduled to run on a periodic basis (for example,
once a week). (True or False)

True.

__5. Database Auto-discovery results can be:

C – Viewed through the GUI from the Databases Discovered report, or automatically distributed
using the Compliance Workflow capability.

0–


review Page 21
IBM Security IBM Security Guardium

Month Year of publication edition


product and use of those websites is at your own risk. IBM
NOTICES may use or distribute any of the information you supply in
any way it believes appropriate without incurring any
This information was developed for products and services offered
obligation to you. Information concerning non-IBM products
in the USA.
was obtained from the suppliers of those products, their
published announcements or other publicly available
sources. IBM has not tested those products and cannot
IBM may not offer the products, services, or features discussed
confirm the accuracy of performance, compatibility or any
in this document in other countries. Consult your local IBM
other claims related to non-IBM products. Questions on the
representative for information on the products and services
capabilities of non-IBM products should be addressed to
currently available in your area. Any reference to an IBM
the suppliers of those products.
product, program, or service is not intended to state or imply
that only that IBM product, program, or service may be used.
Any functionally equivalent product, program, or service that This information contains examples of data and reports used in
does not infringe any IBM intellectual property right may be daily business operations. To illustrate them as completely as
used instead. However, it is the user's responsibility to evaluate possible, the examples include the names of individuals,
and verify the operation of any non-IBM product, program, or companies, brands, and products. All of these names are
service. fictitious and any similarity to the names and addresses used by
an actual business enterprise is entirely coincidental.
IBM may have patents or pending patent applications
covering subject matter described in this document. The TRADEMARKS
furnishing of this document does not grant you any IBM, the IBM logo, and ibm.com are trademarks or registered
license to these patents. You can send license inquiries, trademarks of International Business Machines Corp., registered
in writing, to: in many jurisdictions worldwide. Other product and service
names might be trademarks of IBM or other companies. A
IBM Director of Licensing current list of IBM trademarks is available on the web at
IBM Corporation “Copyright and trademark information” at
North Castle Drive, MD-NC119 www.ibm.com/legal/copytrade.shtml.
Armonk, NY 10504-1785
United States of America
Adobe, the Adobe logo, PostScript, and the PostScript logo are
The following paragraph does not apply to the United Kingdom or either registered trademarks or trademarks of Adobe Systems
any other country where such provisions are inconsistent with Incorporated in the United States, and/or other countries. Cell
local law: INTERNATIONAL BUSINESS MACHINES Broadband Engine is a trademark of Sony Computer
CORPORATION PROVIDES THIS PUBLICATION "AS IS" Entertainment, Inc. in the United States, other countries, or both
WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR and is used under license therefrom. Intel, Intel logo, Intel Inside,
IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel
WARRANTIES OF Xeon, Intel Speed Step, Itanium, and Pentium are trademarks or
registered trademarks of Intel Corporation or its subsidiaries in the
United States and other countries. IT Infrastructure Library is a
NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS
Registered Trade Mark of AXELOS Limited. ITIL Is a Registered
FOR A PARTICULAR PURPOSE. Some states do not allow
disclaimer of express or implied warranties in certain Trade Mark of AXELOS Limited. Java and all Java-based
transactions, therefore, this statement may not apply to you. trademarks and logos are trademarks or registered trademarks of
Oracle and/or its affiliates. Linear Tape-Open, LTO, the LTO
Logo, Ultrium, and the Ultrium logo are trademarks of HP, IBM
This information could include technical inaccuracies or Corp. and Quantum in the U.S. and other countries. Linux is a
typographical errors. Changes are periodically made to the registered trademark of Linus Torvalds in the United States, other
information herein; these changes will be incorporated in new countries, or both. Microsoft, Windows, Windows NT, and the
editions of the publication. IBM may make improvements Windows logo are trademarks of Microsoft Corporation in the
and/or changes in the product(s) and/or the program(s) United States, other countries, or both. UNIX is a registered
described in this publication at any time without notice. trademark of The Open Group in the United States and other
countries.
Any references in this information to non-IBM websites are
provided for convenience only and do not in any manner
© Copyright International Business Machines
serve as an endorsement of those websites. The materials
Corporation 2015. This document may not be reproduced in
at those websites are not part of the materials for this IBM
whole or in part without the prior written permission of IBM.

0–


review Page 22
IBM Security IBM Security Guardium

US Government Users Restricted Rights - Use, duplication or Corp.


disclosure restricted by GSA ADP Schedule Contract with IBM

0–


review Page 23

You might also like