[Type here]

1.

InfoSphere® Guardium®
IBM Security Guardium

Hands-On

Database Auto Discovery

Hands-IBMOn
IBM Security IBM Security Guardium

1. Exploring Database Auto-Discovery

Overview
Even in stable environments, where cataloging processes have historically existed, uncontrolled
instances can inadvertently be introduced through mechanisms, including developers that create
“temporary” test environments; business units seeking to rapidly implement local applications; and
purchases of new applications with embedded databases.

The Auto-discovery application can be configured to probe specified network segments on a scheduled
or on-demand basis, and can report on all databases discovered—solving the problem of identifying both
legacy and newly introduced databases. Similarly, the Auto-discovery application can be used to
demonstrate that a process exists to identify all new instances.

Objectives
In this lab you will learn how to:

__1. Configure a database scan

__2. Run the scan

__3. View the results

0–
–
1. Exploring Database Auto-Discovery Page 6
IBM Security IBM Security Guardium

__1. Using the IBM Security® Guardium® GUI, demonstrate the ease of use within the Guardium
solution. Start the Guardium appliance and log in.

__a. From your laptop, browse to https://10.10.9.239:8443

__b. Login as pot/ guardium.

0–
–
1. Exploring Database Auto-Discovery Page 7
IBM Security IBM Security Guardium

__2. Use the Guardium GUI to create a new Database Discovery application.

__a. In the Navigation menu, click on Discover, then expand Database Discovery and click
on Auto Discovery Configuration.

__b. Click on the plus sign to create a new Auto-discovery Configuration:

0–
–
1. Exploring Database Auto-Discovery Page 8
IBM Security IBM Security Guardium

__c. Enter ‘V10 PoT Discover Databases’ for Process name, and click Apply.

__d. Enter ’10.10.9.*’ in the Host(s) field. This will result in the scanning of IP addresses
10.10.9.0 –> 10.10.9.254. You can also enter just a single specific IP address.

__e. Enter ‘1521’ in the Port(s) field and click Add scan. Repeat for additional scans if
desired. You can also enter more than one port separated by comma(s) or a range of
ports as well. You can also have multiple scan entries.

0–
–
1. Exploring Database Auto-Discovery Page 9
IBM Security IBM Security Guardium

__f. Make sure the Run probe after scan box is checked. This will cause the probe to
automatically run after the scan completes.

__g. Click Run Once Now under ‘Scheduling – Scan for open ports’ to start the scan followed
by the probe.

0–
–
1. Exploring Database Auto-Discovery Page 10
IBM Security IBM Security Guardium

__h. Click OK to acknowledge.

0–
–
1. Exploring Database Auto-Discovery Page 11
IBM Security IBM Security Guardium

__i. Click Progress/Summary to view status of the scan/probe. It should complete in less
than a minute. Larger scans will take longer.

__j. Click the ‘+’ icon to expand the Hosts / Ports pull-down. You may need to click Refresh
until the discovery process completes. If the scan has completed, click Close.

0–
–
1. Exploring Database Auto-Discovery Page 12
IBM Security IBM Security Guardium

__k. Check the Databases Discovered report to view the results.

There are 2 ways you can find the Databases Discovered Report:

a) In the User Interface search feature, located at the bar on the top of the Guardium UI,
type the first characters of the report you are looking for. In this case: “Datab” will be
enough.

The search result will point you to the various locations where you can find this Report. If
you click on the name of the report, it will take you to the Report page.

0–
–
1. Exploring Database Auto-Discovery Page 13
IBM Security IBM Security Guardium

b) Alternatively, on the Navigation menu, click on Discover, expand the Reports section
and click on Databases Discovered.

__l. Verify that the Oracle database has been discovered.

__m. In the Navigation menu, click on Discover, expand Database Discovery and click on
Auto-discovery Configuration.

__n. Select the auto discovery process we just created and click on the Pencil icon to modify
this process.

0–
–
1. Exploring Database Auto-Discovery Page 14
IBM Security IBM Security Guardium

__o. Substitute 10.10.9.56 for the Host(s) field and let’s look for DB2. Add 50000 in the Ports
field. Click Apply, and then click Run Once Now.

0–
–
1. Exploring Database Auto-Discovery Page 15
IBM Security IBM Security Guardium

__p. Now we see the additional scan result for the database(s) with the specific IP 10.10.9.56.

0–
–
1. Exploring Database Auto-Discovery Page 16
IBM Security IBM Security Guardium

__q. If the report does not produce any discovered databases, click the Configure runtime
parameters (Tool) Icon at the tools bar.

__a. Make sure the Enter Period From and Enter Period To runtime parameters are in the
desired range as displayed below.

__b. If adjustments are necessary, simply adjust the desired date ranges and click OK. The
new results will be projected immediately. You may need to sync system clocks.

__c. If the report still displays no results, then make sure the database server at 10.10.9.56 is
running.

__d. If scanning a range of IP addresses such as 10.10.9.*, the above solution will not be
practical for this lab.

0–
–
1. Exploring Database Auto-Discovery Page 17
IBM Security IBM Security Guardium

Thank You

0–
–
1. Exploring Database Auto-Discovery Page 18
IBM Security IBM Security Guardium

review

__1. The Database Auto-discovery process runs on:

__a. The InfoSphere Guardium collector

__b. The database server

__c. The client PC

__d. A network switch

__2. Network IDS (Intrusion Detection Systems) will often view the Database Auto-discovery process
as a possible threat. (True or False)

__3. Database Auto-Discovery is a:

__a. One-step process, scanning the network for active database ports

__b. Two-step process, first scanning all active ports, then querying each port with the known
database protocols

__c. Three-step process, first verifying which IPs are active, then scanning all active ports,
then querying each port with the known database protocols

__4. The Database Auto-discovery process can be scheduled to run on a periodic basis (for example,
once a week). (True or False)

__5. Database Auto-discovery results can be:

__a. Sent automatically through email to the admin user

__b. Only viewed through the GUI from the Databases Discovered report

__c. Viewed through the GUI from the Databases Discovered report, or automatically
distributed using the Compliance Workflow capability

0–

–
review Page 19
IBM Security IBM Security Guardium

0–

–
review Page 20
IBM Security IBM Security Guardium

review (Answers)

__1. The Database Auto-discovery process runs on:

A – The InfoSphere Guardium Collector.

__2. Network IDS (Intrusion Detection Systems) will often view the Database Auto-discovery process
as a possible threat. (True or False)

True.

__3. Database Auto-discovery is a:

B – Two-step process, first scanning all active ports, then querying each port with the known
database protocols.

__4. The Database Auto-discovery process can be scheduled to run on a periodic basis (for example,
once a week). (True or False)

True.

__5. Database Auto-discovery results can be:

C – Viewed through the GUI from the Databases Discovered report, or automatically distributed
using the Compliance Workflow capability.

0–

–
review Page 21
IBM Security
Month Year of publication edition
NOTICES
This information was developed for products and services offered
in the USA.
IBM may not offer the products, services, or features discussed
in this document in other countries. Consult your local IBM
representative for information on the products and services
currently available in your area. Any reference to an IBM
product, program, or service is not intended to state or imply
that only that IBM product, program, or service may be used.
Any functionally equivalent product, program, or service that
does not infringe any IBM intellectual property right may be
used instead. However, it is the user's responsibility to evaluate
and verify the operation of any non-IBM product, program, or
service.
IBM may have patents or pending patent applications
covering subject matter described in this document. The
furnishing of this document does not grant you any
license to these patents. You can send license inquiries,
in writing, to:
IBM Director of Licensing
IBM Corporation
North Castle Drive, MD-NC119
Armonk, NY 10504-1785
United States of America
The following paragraph does not apply to the United Kingdom or
any other country where such provisions are inconsistent with
local law: INTERNATIONAL BUSINESS MACHINES
CORPORATION PROVIDES THIS PUBLICATION "AS IS"
WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR
IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF
NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS
FOR A PARTICULAR PURPOSE. Some states do not allow
disclaimer of express or implied warranties in certain
transactions, therefore, this statement may not apply to you.
This information could include technical inaccuracies or
typographical errors. Changes are periodically made to the
information herein; these changes will be incorporated in new
editions of the publication. IBM may make improvements
and/or changes in the product(s) and/or the program(s)
described in this publication at any time without notice.
Any references in this information to non-IBM websites are
provided for convenience only and do not in any manner
serve as an endorsement of those websites. The materials
at those websites are not part of the materials for this IBM
0–
–
review
IBM Security Guardium
product and use of those websites is at your own risk. IBM
may use or distribute any of the information you supply in
any way it believes appropriate without incurring any
obligation to you. Information concerning non-IBM products
was obtained from the suppliers of those products, their
published announcements or other publicly available
sources. IBM has not tested those products and cannot
confirm the accuracy of performance, compatibility or any
other claims related to non-IBM products. Questions on the
capabilities of non-IBM products should be addressed to
the suppliers of those products.
This information contains examples of data and reports used in
daily business operations. To illustrate them as completely as
possible, the examples include the names of individuals,
companies, brands, and products. All of these names are
fictitious and any similarity to the names and addresses used by
an actual business enterprise is entirely coincidental.
TRADEMARKS
IBM, the IBM logo, and ibm.com are trademarks or registered
trademarks of International Business Machines Corp., registered
in many jurisdictions worldwide. Other product and service
names might be trademarks of IBM or other companies. A
current list of IBM trademarks is available on the web at
“Copyright and trademark information” at
www.ibm.com/legal/copytrade.shtml.
Adobe, the Adobe logo, PostScript, and the PostScript logo are
either registered trademarks or trademarks of Adobe Systems
Incorporated in the United States, and/or other countries. Cell
Broadband Engine is a trademark of Sony Computer
Entertainment, Inc. in the United States, other countries, or both
and is used under license therefrom. Intel, Intel logo, Intel Inside,
Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel
Xeon, Intel Speed Step, Itanium, and Pentium are trademarks or
registered trademarks of Intel Corporation or its subsidiaries in the
United States and other countries. IT Infrastructure Library is a
Registered Trade Mark of AXELOS Limited. ITIL Is a Registered
Trade Mark of AXELOS Limited. Java and all Java-based
trademarks and logos are trademarks or registered trademarks of
Oracle and/or its affiliates. Linear Tape-Open, LTO, the LTO
Logo, Ultrium, and the Ultrium logo are trademarks of HP, IBM
Corp. and Quantum in the U.S. and other countries. Linux is a
registered trademark of Linus Torvalds in the United States, other
countries, or both. Microsoft, Windows, Windows NT, and the
Windows logo are trademarks of Microsoft Corporation in the
United States, other countries, or both. UNIX is a registered
trademark of The Open Group in the United States and other
countries.
© Copyright International Business Machines
Corporation 2015. This document may not be reproduced in
whole or in part without the prior written permission of IBM.
Page 22
IBM Security IBM Security Guardium

US Government Users Restricted Rights - Use, duplication or Corp.

disclosure restricted by GSA ADP Schedule Contract with IBM

0–

–
review Page 23