DISHA DHAMDHERE 20100BTCSDSI07268

S. No. Practical Name Page No.

1 Installation of Virtual Box
2 Hadoop installation and Configuration
3 Create a directory in Hadoop
4 20 Commands of Linux Operating System
5 Creating Database Table Using Hive Query Language
(HQL)
6 Drop database statement
7 Creating partitioned table
8 Load data in partitioned table
9 Pig Commands
10 Exploring the IBM Guardium interface
11 Setting up data classification

12 Configure and run a vulnerability assessment

13 Use the report to harden database and validate
assessment

14 Discover sensitive data

15 Refine discovery results

16 Define an audit process

17 Verify that the PCI Cardholder Sensitive Objects

group is updated

18 Configure auto-discovery of subnet

19 Configure auto-discovery of specific hosts
INDEX

Practical No. 1
DISHA DHAMDHERE 20100BTCSDSI07268

Aim: Installation of Virtual Box.

Theory:
VirtualBox is a cross-platform virtualization application. What does that mean? For one thing, it
installs on your existing Intel or AMD-based computers, whether they are running Windows,
Mac, Linux or Solaris operating systems. Secondly, it extends the capabilities of your existing
computer so that it can run multiple operating systems (inside multiple virtual machines) at the
same time. So, for example, you can run Windows and Linux on your Mac, run Windows Server
2008 on your Linux server, run Linux on your Windows PC, and so on, all alongside your
existing applications. You can install and run as many virtual machines as you like – the only
practical limits are disk space and memory.

STEPS TO INSTALL VIRTUAL BOX ON WINDOWS: -

Step 1: Open the VirtualBox website. Go to https://www.virtualbox.org/ in your computer's

Internet browser. This is the website from which you'll download the VirtualBox setup file.

Step 2: Click Download VirtualBox. It's a blue button in the middle of the page. Doing so will
open the downloads page.
DISHA DHAMDHERE 20100BTCSDSI07268

Step 3: Click Windows hosts. You'll see this link below the "VirtualBox 7.0.12 platform
packages" heading. The VirtualBox EXE file will begin downloading onto your computer.

Step 4: Open the VirtualBox EXE file. Go to the location to which the EXE file downloaded
and double-click the file. Doing so will open the VirtualBox installation window.
DISHA DHAMDHERE 20100BTCSDSI07268

Step 5: Navigate through the installation prompts. Do the following:

 Click Next on the first three pages.
 Click Yes when prompted.
 Click Install
 Click Yes when prompted.

Step 6: Click Finish when prompted. It's in the lower-right side of the window. Doing so will
close the installation window and open VirtualBox. Now that you've installed and opened
VirtualBox, you can create a virtual machine in order to run any operating system on your PC.
 Make sure that you don't uncheck the "Start" box before doing this.
DISHA DHAMDHERE 20100BTCSDSI07268

Practical No. 2
Aim: Hadoop Installation and Configuration.
Prerequisites
1. Hardware Requirement
* RAM — Min. 8GB, if you have SSD in your system then 4GB RAM would also work.
* CPU — Min. Quad core, with at least 1.80GHz
2. JRE 1.8 — Offline installer for JRE
3. Java Development Kit — 1.8
4. A Software for Un-Zipping like 7Zip or Win Rar
* I will be using a 64-bit windows for the process, please check and download the version
supported by your system x86 or x64 for all the software.
5. Download Hadoop zip
* I am using Hadoop-2.9.2, you can use any other STABLE version for hadoop.

Unzip and Install Hadoop

After Downloading the Hadoop, we need to Unzip the hadoop-2.9.2.tar.gz file.
DISHA DHAMDHERE 20100BTCSDSI07268

Once extracted, we would get a new file hadoop-2.9.2.tar. Now, once again we need to extract
this tar file.

Setting Up Environment Variables

1. Setting JAVA_HOME
Open environment Variable and click on “New” in “User Variable”.
DISHA DHAMDHERE 20100BTCSDSI07268

2. Setting HADOOP_HOME

3. Setting Path Variable

Last step in setting Environment variable is setting Path in System Variable.

DISHA DHAMDHERE 20100BTCSDSI07268

Editing Hadoop files

Once we have configured the environment variables next step is to configure Hadoop. It has 3
parts:-

1. Creating Folders
We need to create a folder data in the hadoop directory, and 2 sub
folders namenode and datanode.
DISHA DHAMDHERE 20100BTCSDSI07268

2. Editing Configuration Files

Now we need to edit the following config files in hadoop for configuring it :-
(We can find these files in Hadoop -> etc -> hadoop)

* core-site.xml
* hdfs-site.xml
* mapred-site.xml
* yarn-site.xml
* hadoop-env.cmd

1. Editing core-site.xml
Right click on the file, select edit and paste the following content within <configuration>
</configuration> tags.
<property>
<name>fs.defaultFS</name>
<value>hdfs://localhost:9000</value>
</property>

2. Editing hdfs-site.xml
Right click on the file, select edit and paste the following content within
<configuration></configuration>tags.
<property>
<name>dfs.replication</name>
<value>1</value>
</property>
<property>
<name>dfs.namenode.name.dir</name>
<value>PATH~1\namenode</value>
<final>true</final>
</property>
<property>
<name>dfs.datanode.data.dir</name>
<value>PATH~2\datanode</value>
<final>true</final>
</property>

NOTE: - Also replace PATH~1 and PATH~2 with the path of namenode and datanode
folder that we created recently.

3. Editing mapred-site.xml
Right click on the file, select edit and paste the following content within
<configuration> </configuration> tags.
<property>
<name>mapreduce.framework.name</name>
<value>yarn</value>
</property>

4. Editing yarn-site.xml
Right click on the file, select edit and paste the following content within <configuration>
</configuration> tags.
DISHA DHAMDHERE 20100BTCSDSI07268

<property>
<name>yarn.nodemanager.aux-services</name>
<value>mapreduce_shuffle</value>
</property>
<property>
<name>yarn.nodemanager.auxservices.mapreduce.shuffle.class</name>
<value>org.apache.hadoop.mapred.ShuffleHandler</value>
</property>

Verifying hadoop-env.cmd
Right click on the file, select edit and check if the JAVA_HOME is set correctly or not.
We can replace the JAVA_HOME variable in the file with your actual JAVA_HOME that we
configured in the System Variable.

set JAVA_HOME=%JAVA_HOME%
OR
set JAVA_HOME="C:\Program Files\Java\jdk-21"

Replacing bin
Last step in configuring the hadoop is to download and replace the bin folder.
* Go to this GitHub Repo and download the bin folder as a zip.
* Extract the zip and copy all the files present under bin folder to %HADOOP_HOME%\bin.

Note:- If you are using different version of Hadoop then please search for its respective bin
folder and download it.

Launching Hadoop

 By typing start-all.cmd at command prompt

This will open 4 new cmd windows running 4 different Daemons of hadoop:-
* Namenode
* Datanode
* Resourcemanager
* Nodemanager
DISHA DHAMDHERE 20100BTCSDSI07268
DISHA DHAMDHERE 20100BTCSDSI07268

Practical No. 3
Aim: Create a directory in Hadoop.
Theory:
mkdir: To create a directory. In Hadoop dfs there is no home directory by default. So let’s first
create it.
Syntax:
hdfs dfs -mkdir /folder name

Output:

At browser  localhost:9870
DISHA DHAMDHERE 20100BTCSDSI07268

Practical No. 4
Aim: Commands of Linux Operating system.
Theory:

1. ls ⇒ directory listing

2. ls -al ⇒ formatted listing with hidden files

3. cd dir ⇒ change directory to dir

4. cd ⇒ change to home
5. pwd ⇒ shows current directory
6. mkdir dir ⇒ create a directory dir
7. rm file ⇒ delete the file
DISHA DHAMDHERE 20100BTCSDSI07268

8. rm -r dir ⇒ delete directory dir

9. rm -f file ⇒ force remove the file

10. rm -rf dir ⇒ force remove directory dir *

11.cp file1 file2 ⇒ Copy file1 to file

12. cp -r dir1 dir2 ⇒ copy dir1 to dir2; create dir2 if it is not present.
DISHA DHAMDHERE 20100BTCSDSI07268

13.mv file1 file2 ⇒ rename or move file1 to file2 if file2 is an existing

directory, moves file1 into directory file2

14. ln -s file
link ⇒
create a symbolic link to file

15. touch file ⇒ create or update file

16. cat > file ⇒ places standard input into the file

17. more file ⇒ output the contents of the file

18. head file ⇒ output the first 10 lines of the file

DISHA DHAMDHERE 20100BTCSDSI07268

19. tail file ⇒ output the last 10 lines of the file

20. tail -f file ⇒ output the contents of the file as it grows, starting with the
last 10 lines

Practical No. 5
DISHA DHAMDHERE 20100BTCSDSI07268

Aim: Creating Database Table Using Hive Query Language (HQL).

Theory:
Hive is a data warehouse solution built on top of Hadoop. In Hive data is managed at Hadoop
Distributed file system (HDFS). In this schema, on reading no constraint check is required as it is
required in RDBMS. It is particularly meant to work with a very large dataset. Hive uses query
language known as Hive Query Language (HQL).
Start 1. All your Hadoop daemons
2. Launch Hive
Then follow below steps: -

Steps to Create Table using HQL on Unix:

Step 1: Write the command “hive” for creating a database.
Step 2: Create a new database.
Syntax: - hive(default)> create database name_of_database
>;

Step 3: To see all the databases present in the hive write command:
Syntax: -
hive(default)>show databases
Step 4: To use the database created in step 2 write the command:
Syntax: -
hive(default)>use name_of_database;
Step 5: For creating a table, use the following command:
Syntax: -
hive(name_of_database)> create table table_name
>(
DISHA DHAMDHERE 20100BTCSDSI07268

> id int,
> name string,
> city string
>);

Step 6: Table is created and to insert records in the table write command:
hive(name_of_database)> insert into table table_name
> values (101,'Ayush','Saxena');

Step 7: To display all records present in the table write the query:
>select * from table_name;

Practical No. 6
DISHA DHAMDHERE 20100BTCSDSI07268

Aim: Drop database statement.

Theory:
Hadoop Hive drop database is a statement used to drop the databases in Hive.

Syntax: -
DROP (DATABASE|SCHEMA) [IF EXISTS] database_name [RESTRICT|CASCADE];

The default behaviour is RESTRICT, where DROP DATABASE will fail if the database is not
empty. To drop the tables in the database as well, use DROP DATABASE … with CASCADE
option.

Start 1. All your Hadoop daemons

2. Launch Hive
Then…..

Practical No. 7
DISHA DHAMDHERE 20100BTCSDSI07268

Aim: Creating partitioned table.

Theory:
Partitioned tables are a way to organize large tables into smaller ones based on one or more
columns, such as date, state, etc. Partitioning can improve the performance and manageability of
Hive queries. To create a partitioned table in Hive, you need to use the PARTITIONED BY
clause in the CREATE TABLE statement, and specify the partition column(s) and their data
type(s).
Syntax:-
CREATE TABLE table_name (column1 data_type, column2 data_type) PARTITIONED BY
(partition1 data_type, partition2 data_type,….);

For example, to create a table called zipcodes with four columns (RecordNumber, Country,
City, and Zipcode) and partitioned by State, you can use the following HiveQL command1:

EXAMPLE 2

Practical No. 8
DISHA DHAMDHERE 20100BTCSDSI07268

Aim: Load data in a partitioned table.

Theory:
Using INSERT INTO HiveQL statement you can Insert the data into Hive Partitioned Table and
use LOAD DATA HiveQL statement to Load the CSV file into Hive Partitioned Table.

EXAMPLE -1:

1. Hive LOAD File from LOCAL to Partitioned Table

Below examples loads the local file into partitioned table.

2. INSERT Data into Partition Table

You can also use INSERT INTO to insert data into the Hive partitioned table. Insert into just
appends the data into the specified partition. If a partition doesn’t exist, it dynamically creates
the partition and inserts the data into the partition.
DISHA DHAMDHERE 20100BTCSDSI07268

EXAMPLE 2:

Practical No. 9
Aim: Pig Commands
DISHA DHAMDHERE 20100BTCSDSI07268

Theory:
Apache Pig is a tool/platform for analyzing large datasets and performing extended data
operations. Pig is used with Hadoop. All pig scripts internally get converted into map-reduce
tasks and then get executed. It can handle structured, semi-structured, and unstructured data. Pig
stores its result in HDFS.
Programmers not good with Java usually struggle to write programs in Hadoop, i.e., writing
map-reduce tasks. Pig Latin, which is quite alike SQL language, is a boon for them. Its multi-
query approach reduces the length of the code.
So overall, it is a concise and effective way of programming. Pig Commands can invoke code in
many languages like JRuby, Jython, and Java.

Create the following input file (text format)

Step 1: Move the created file from LFS to HDFS

Step 2: Run PIG command from console (cluster mode)
Step 3: Data Input using pig: Load data from HDFS to Pig

Commands: -
1. Dump Command: This command is used to display all data loaded.
DISHA DHAMDHERE 20100BTCSDSI07268

2. Foreach: This command is used to generate data transformation based on columns of

data.

3. Filter: Select particular tuples from a relation based on a condition.

4. Order By: Sort a relation based on one or more fields.

5. Store: Save results to the local file system or HDFS.

DISHA DHAMDHERE 20100BTCSDSI07268

6. Cogroup: This operator is used to group two databases using a particular column.

7. Join: This operator is used to join two or more table.

Inner Join: Joining two table having a common column.

Left Outer: The left outer Join operation returns all rows from the left table, even if there
are no matches in the right relation.

Right Outer: The right outer join operation returns all rows from the right table, even if
there are no matches in the left table.
DISHA DHAMDHERE 20100BTCSDSI07268

Cross: The CROSS operator computes the cross-product of two or more relations.
DISHA DHAMDHERE 20100BTCSDSI07268

Practical No. 10
Aim: Exploring the IBM Guardium Interface.
Theory:
IBM Security Guardium is a comprehensive data security and protection platform. It’s designed
to safeguard sensitive data across a wide range of data environments, including databases, data
warehouses, cloud platforms, and big data environments.
IBM Security Guardium is part of a family of data security software in the IBM Security
portfolio. This includes Guardium Data Protection, which offers additional features such as near-
real-time threat response workflows, and automated compliance auditing and reporting. Another
product in the family is Guardium Data Encryption, which provides data encryption and key
management software.
Exploring IBM Guardium Interface
1. To access the Guardium GUI, log in with user labadmin and password guardium.
DISHA DHAMDHERE 20100BTCSDSI07268

The Guardium interface opens.

2. The banner is the blue bar at the top of the interface. Perform the following tasks:
a) To view notifications, click the Notification icon. Disregard warning notices about
certificate expiration and missing Guardium DB Partitions.
b) To view items awaiting approval, click the To-Do List icon. The to-do list is empty and
there are no audit processes with pending results.
c) To view help, click the Help icon.
1. To view the Guardium production documentation, click Guardium Help.
2. Close the Guardium Help window.
3. To view the functions enabled and system information, click Help > About Guardium.
4. Close the About Guardium window.
d) To view the options, you can use to customize the look and feel of your account and
update additional account information, click the account list. The following series of
tasks will be done through this menu.
DISHA DHAMDHERE 20100BTCSDSI07268

1. To customize the navigation menu, click Customize. The Customize Navigation Menu
panel is shown. The Available Tools and Reports area shows available menu items and
the Navigation Menu area shows menu items in use.
2. To expand and collapse the Tools, click Tools.
3. To expand and collapse the Reports, click Reports.
4. To view the Setup menu items in use, click Setup > Quick Start.
5. To view the Tools and Views menu items in use, click Tools and Views and scroll down
to see all the items.
6. To close the Customize Navigation Menu panel, click Cancel.
7. To customize the user or role, click Customize User/Role.
8. To see the available menu items for a user like accessmgr, click user accessmgr.
9. To see the list of available roles, click the Roles tab.
10. To edit account details like password and email, go back to the account menu and click
Edit Account Details.
11. To close the account details window, click Cancel.

e) To remove the Navigation pane, click the Properties icon.

f) To restore the Navigation pane, click the Properties icon.
3. In the left pane is the Navigation menu. The items displayed in this menu depend on
the roles associated with your user account. Perform these steps in the left navigation
menu:
a. To view a high-level overview of Product Name tasks, click Welcome.
b. Locate the following items in the left navigation menu:
i. Policy builder for data and applications (Protect > Security Policies > Policy Builder
ii. for Data)
iii. S-TAP Status Report (Reports > Guardium Operational Reports > S-TAP Status)
4. In the banner, click User Interface Search. To see how the User Interface Search
provides quick access to resources, enter several terms such as these examples:
– S-TAP
– Builder
– Report
DISHA DHAMDHERE 20100BTCSDSI07268

Practical No. 11
Aim: Setting up data classification.
To protect sensitive data, you must first identify and classify it.
Steps to classify data in your database environment.
You create a new classification policy that searches for credit card numbers and populates the
Sensitive Objects group with the table name and column name for each detected incident.
1. Use the Group Builder to view members of a group.
Before getting started, examine the current contents of the Sensitive Objects group in the
Group Builder.
a. In the left navigation menu, go to Setup > Tools and Views > Group Builder
(Legacy).
The Group Filter opens.
DISHA DHAMDHERE 20100BTCSDSI07268

b. Leave the fields blank and click Next. The Modify Existing Groups panel opens.

c. In the Modify Existing Groups list, scroll down, select Sensitive Objects, and
click the Edit icon ( ). The Manage Members for Selected Group panel opens.
d. Notice the default Sensitive Objects group members that are Guardium defaults.
List these members for comparison at the end of this lab.
e. When you are finished examining the contents of this group, scroll down and
click Back. You return to the Modify Existing Groups panel.

2. To add new members to the Sensitive Objects group, create a Classification Policy.
DISHA DHAMDHERE 20100BTCSDSI07268

a. In the left navigation menu, click Discover > Classifications > Classification
Policy Builder. The Classification Policy Finder panel opens.

b. To create a new classification policy, click the New icon ( ). The Classification
Policy Definition panel opens.

c. Complete the fields in the Classification Policy Definition window:

 Name: Lab PCI Classification
Policy
 Category: PCI
 Classification: CreditCard
 Description: leave blank

d. Click Apply.
3. Add a Search for Data rule to the policy.
a. Click Edit Rules.
The Classification Policy Rules panel opens.

b. Click Add Rule.

DISHA DHAMDHERE 20100BTCSDSI07268

The Classification Rule #1 For Classification Policy “Lab PCI Classification Policy” opens.

c. In the Rule Name field, enter Lab PCI Classification Rule.

d. Expand the Rule Type list and select Search For Data.
DISHA DHAMDHERE 20100BTCSDSI07268

A set of fields opens.

e. In the Column Name Like field, enter %CARD%.

f. Scroll down to locate the Search Expression field and click the RE (regular
expression) icon.

The Build Regular Expression window opens.

DISHA DHAMDHERE 20100BTCSDSI07268

g. In the Category of regular expressions list, select Bank Card.

h. In the Regular expression pattern list, select Credit Card Number.
i. Verify that a regular expression suitable to find common formats of credit card
numbers
is created in the Regular Expression field.

j. To return to the classification rule window, click Accept.

k. To save the changes, scroll down and click Apply.
4. Specify an action that populates a group when the rule triggers.
a. Click New Action.
b. In Action Name field, enter add_to_sensitive_objects.
c. In the Action Type list, select Add to Group of Objects.
d. Expand the Object Group list and select (public) Sensitive Objects.
e. In the Actual Member Content list, select Fully Qualified Name

(Schema.Object).

f. Click Save. The panel named Classification Rule #1 For Classification Policy
“Lab PCI Classification Policy” opens again.
g. Scroll down to find an action is listed under Classification Rule Actions.

h. To return to the Classification Policy Rules panel, click Apply and click Back.
The new rule,

with an associated action, is added to the rule list.

DISHA DHAMDHERE 20100BTCSDSI07268

i. To return to the Classification Policy Finder panel, scroll down and click Back
again.

The new policy is listed in the selection box.

5. Create a Classification Process to run the Classification application.

a. In the left navigation menu, go to Discover > Classifications >
Classification Process Builder.
The Classification Process Finder panel opens.
DISHA DHAMDHERE 20100BTCSDSI07268

b. To create a Classification Process to run the Classifier Policy that was just
created, click the
New icon .
The Define Classification Process panel opens.
c. In the Process Description field, enter Lab PCI Classification Process.
d. In the Classification Policy list, select Lab PCI Classification Policy.

e. To specify which databases to search, click Add Datasource.

The Datasource Finder panel opens.

f. Select osprey_db2inst1_DB2(Classifier) and click the Edit icon ( ).

The Datasource Definition window opens.

g. Now you must update the datasource access credentials.

DISHA DHAMDHERE 20100BTCSDSI07268

The datasource requires the operating system access credentials for the user

db2inst1
(on the database server). In the Password field, enter P@ssw0rd.

h. Scroll down in the datasource definition window and click Apply. You see a
notice that the datasource information has been saved.
DISHA DHAMDHERE 20100BTCSDSI07268

i. Now you test the datasource to ensure that Guardium can connect to the database
using the information in the datasource. Click Test Connection. A window

opens.

j. To dismiss the window, click OK.

k. The Datasource Definition window, scroll down and click Back.
l. In the Datasource Finder window, click Back to close.
m. In the Define Classification Process window, click Apply to save the process.

The Run Once Now and View Results buttons are enabled.

6. Run the Classification Process and review the results.

a. Click Run Once Now.
b. A window opens, indicating that the process was added to the Guardium job
queue.
Click OK to close the window.
c. To check the Classification Process job status, look at the Guardium Job Queue
report.
You can find this report two ways:
i. Type part of the report name in the User Interface search bar,
at the top of the Guardium interface. For example, type job and click the
name of the Guardium Job Queue report.
DISHA DHAMDHERE 20100BTCSDSI07268

ii. In the left navigation menu, click Discover > Classifications >
Guardium Job Queue.
d. Verify that the job is either waiting in the queue, running, or completed.

e. In the left navigation menu, go to Discover > Classifications >

Classification Process Builder.

f. Select Lab PCI Classification Process and click View Results.

The process results page opens. The top portion of the report details the process
steps.

The rest of the report lists all the search results.

g. Scroll down the report to see all the records found.

h. To view a PDF of the classification results, click Download PDF and open the
PDF.
i. Scroll down to view all the records found, then close the PDF.
j. When finished examining the results, click Close this window at the bottom left
of the report.
DISHA DHAMDHERE 20100BTCSDSI07268

Practical No. 12
Aim: Configure and run a vulnerability assessment
Steps to configure and run a database vulnerability assessment.
1. Ensure that the labadmin user has access to the vulnerability assessment tools.
a. To launch the Guardium GUI, double-click the Firefox icon on the desktop.
b. To access the Guardium GUI, log on as user accessmgr with password
guardium. The User Browser window opens.

c. To view the roles for user labadmin, click Roles. The Roles for Lab Admin form
opens.
DISHA DHAMDHERE 20100BTCSDSI07268

d. To enable vulnerability assessment for user labadmin, scroll down, select the

vulnerability-assess role, and click Save.

e. To log out as user labaccessmgr, go to the top blue banner, locate the account
menu on the right, and click Sign Out.

2. Log on to the Guardium console as user labadmin with password guardium.

3. To begin the assessment, in the left navigation menu, go to Harden > Vulnerability
Assessment > Assessment Builder.
DISHA DHAMDHERE 20100BTCSDSI07268

The Security Assessment Finder window opens.

4. To add a new test, click the Add icon ( ).

The Security Assessment Builder window opens.
DISHA DHAMDHERE 20100BTCSDSI07268

5. For Description, enter Lab_VA and click Apply.

The security assessment is saved & several other functions are enabled.

6. To add a classification datasource, click Add Datasource. The Datasource Finder

window opens.

7. There is a classifier datasource you can use with this assessment. Select the
DISHA DHAMDHERE 20100BTCSDSI07268

osprey_db2inst1_DB2(Classifier). Click Add.

8. You return to the Security Assessment Builder window.
Note that the datasource is listed Configure Tests is not enabled. To enable Configure
Tests, click Apply.

9. You set up a Security Assessment and defined the database for it to use. However,
you did not specify which tests it should perform.
To configure the tests to perform, click Configure Tests. The Assessment Test
Selections window opens.
10. Scroll down to the Tests available for addition section.

11. To locate DB2 specific assessments, click the DB2 tab.

DISHA DHAMDHERE 20100BTCSDSI07268

A list of DB2 specific tests is displayed.

12. Add all tests with a critical severity.

a. For Severity, select the Critical option.
b. Clear the Include CAS check box. The list of DB2 tests is filtered.
c. To select all critical tests, click the first test in the list, scroll down, press the
Shift key, click the last test on the list, and click Add Selections.
The tests are added to the Security Assessment.

13. To return to the Security Assessment Finder window, scroll down and click Return.

14. To run the tests, click Run Once Now.

DISHA DHAMDHERE 20100BTCSDSI07268

15. On the confirmation window that indicates the test is in the Guardium job queue,
click OK.

16. In the left navigation menu, go to Harden > Vulnerability

Assessment > Guardium Job Queue.
The Guardium Job Queue opens.

17. If the job does not have a status of Completed, click the Refresh icon ( ).
18. View a comprehensive report available through the Security Assessment Builder.
a. In the left navigation menu, go to Harden > Vulnerability
Assessment > Assessment Builder.
Lab_VA is auto-selected. Click View Results.

A new window opens with the assessment results.

DISHA DHAMDHERE 20100BTCSDSI07268

19. Explore the various features of the report.

a. Click Filter / Sort Control.

b. In the Show only window, select Fail from the Score column, and click Apply.

Note that the results are filtered to only show assessment failures.

c. To clear the filter, click Reset Filtering.

DISHA DHAMDHERE 20100BTCSDSI07268

d. To download a PDF of the security assessment, click Download

PDF and click OK to dismiss the pop-up window.

20. To return to the browser version of the report, close the PDF.

Practical No. 13
Aim: Use the report to harden database and validate assessment.
Using Report to Harden the Database: -
1. In the security assessment report, scroll through the assessment test results.

2. Notice that for tests that failed, there are recommendations, including
suggested commands, to fix the vulnerability.

3. Scroll back up to find the third and fourth assessment tests with the following
names:
– No PUBLIC access to SYSCAT.AUDITPOLICIES and
SYSIBM.SYSAUDITPOLICIES
– No PUBLIC access to SYSCAT.AUDITUSE and SYSIBM.SYSAUDITUSE

Note the cause of failure and the recommendations, which include the
database commands to remediate the failures.
DISHA DHAMDHERE 20100BTCSDSI07268

4. To access the database server, close the report window, minimize the
Firefox browser, and double-click the PuTTY icon on the desktop.

5. To open the database server session, select Linux DB Server from the Saved
Sessions list, and click Open.

To login to the database server, type db2inst1 for the login name and type guardium for the
password.

6. To enter the DB2 command environment, run the db2 command.

DISHA DHAMDHERE 20100BTCSDSI07268

7. Connect to the database using the following command:

connect to sample

8. Apply the recommendations from the two tests in step 3. There are often two
commands to run, separated by a period. In this case, run them as two
separate commands. This example shows one long command:
REVOKE ALL ON SYSCAT.AUDITPOLICIES FROM PUBLIC.
REVOKE ALL ON SYSIBM.SYSAUDITPOLICIES FROM PUBLIC
Instead, run each command separately and remove the periods at the end:
DISHA DHAMDHERE 20100BTCSDSI07268

9. Run the security assessment again. To return to the Guardium GUI,

maximize the Firefox icon on the desktop task bar.

10. To begin the second assessment, click Run Once Now.

11. On the confirmation window that indicates the test is in the Guardium job queue,
click OK.

12. In the left navigation menu, go to Harden > Vulnerability Assessment >
Guardium Job Queue.
13. If the job does not have a status of Completed, click the Refresh icon ( ).
14. To view the results, in the left navigation menu, go to Harden > Vulnerability
Assessment > Assessment Builder.
15. To view the results of the assessment, click View Results.

The result summary shows an improvement in the pass rate. The assessment result history graphs
the progress.
16. To filter the results to only show tests that have a status of Pass, click Filter / Sort
Controls.
DISHA DHAMDHERE 20100BTCSDSI07268

17. To configure the filter, select Pass from the Score column, and click Apply.

18. Scroll down and view the details of the vulnerabilities you addressed.
Practical No. 14

Aim: Discover sensitive data.

We are discovering sensitive data on a data server. Starting from the Welcome page of Guardium
11.2.
DISHA DHAMDHERE 20100BTCSDSI07268

1. In the Navigation menu, click Discover > Classification > Discover Sensitive Data. The
Discover Sensitive Data pane opens.

2. To add a scenario, click the New icon.

The Create New Discovery Scenario pane opens.

3. Enter -Lab Discovery as the name.

4. Click the Classification policy drop-down menu and choose PCI [template]. A
classification policy based on the PCI template is automatically created.
DISHA DHAMDHERE 20100BTCSDSI07268

5. Set Category to PCI.

A warning message is displayed. Close the warning.
6. In the Classification field, type Credit Card and press Enter. The discovery scenario
appears similar to the following image.

7. To define the classification rules for discovery, click Next. The classification rules
section is displayed.

The classification rules for different types of credit cards are already populated, as part of
the PCI template.
When a rule name begins with guardium://CREDIT_CARD, and there is a valid credit
card number pattern in the Search Expression box, the classification policy uses the Luhn
algorithm, which is a widely used algorithm for validating identification numbers such as
credit card numbers. It also uses standard pattern matching.
Templates for universal patterns like credit card numbers and email addresses are
displayed for all Language menu selections.
8. Select the first classification rule, guardium://CREDIT_CARD credit card.
9. Click the Edit icon. The Edit Rule pane opens.
10. Click Next.
DISHA DHAMDHERE 20100BTCSDSI07268

Rule criteria are displayed.

You see the details of the rule criteria, such as the regular expression that is used to
search for credit card numbers and the types of objects (tables, views) where the search
occurs.

11. To see the actions associated with this rule, click Next. The Actions section is displayed.

The PCI template provides an action, which is to add the objects that the search finds to
the group PCI Cardholder Sensitive objects.

12. Click Save.

DISHA DHAMDHERE 20100BTCSDSI07268

You return to the Create New Discovery Scenario pane.

13. To configure the data sources where the discovery will run, click Next. The “Where to
Search” section is displayed.

In this section, we are choosing where the search for sensitive data runs. We can choose
one or more data sources or groups of data sources, as targets. In this, there is a single
data source in the Available data sources table. Before, we select the data source, we
test it to ensure it connects properly to the target database.
14. Select the osprey_db2inst1_DB2 data source and click the Edit icon. The “Update
datasource” window opens.
DISHA DHAMDHERE 20100BTCSDSI07268

15. Scroll down & click Test connection.

The window updates & displays a message that the connection was successful.

16. To return to the Where to search section, close the “Update datasource” window.
17. Click the Move Right arrow to move osprey_db2inst1_DB2 to the list of selected
datasources.
Because you tested the datasource and the test was successful, it displays a green
checkmark icon in the Status column.

18. To open the Run discovery section, click Next.

DISHA DHAMDHERE 20100BTCSDSI07268

19. To run the discovery, click Run Now.

20. To expand the Review report section, click Next.

The report shows schema, table, and
column information for discovered
sensitive data, and the rule that the entry
triggered.
DISHA DHAMDHERE 20100BTCSDSI07268

Practical No. 15
Aim: Refine discovery results.
Now we refine the results to exclude false positives that do not hold sensitive data. We assume
that the table named CC1 is a test table that does not hold sensitive data.
1. In the Review report section, click the Filter field, then type CC1and press Enter.
The report entries are filtered to show only four entries, which correspond to table name
CC1.

2. Select all of the results by selecting the checkbox next to Catalog.

3. From the Add to Group drop-down menu, select Add to Group of Tables to Exclude.
The Select Excluded Group dialog box opens.
DISHA DHAMDHERE 20100BTCSDSI07268

4. Click the new group icon . The “Create new group” dialog box opens.
5. Enter the description Lab skip objects and click Save.

6. Close the informational message. The Select Exclude Group dialog box opens again.

7. To complete group selection and close the Select Exclude Group dialog box, click OK.
DISHA DHAMDHERE 20100BTCSDSI07268

8. Close the Success dialog. The Discover Sensitive Data pane is displayed again.

9. In the What to discover section, click Expand. The section is displayed.

10. In the Selected Classification Rules section, select the guardium://CREDIT_CARD credit
card rule.
11. To edit the rule, click the Edit icon. The Edit Rule pane opens.

12. To view the Rule Criteria section, click Expand.

13. To edit the advanced options, click Show advanced options, and then scroll down.
14. In the Exclude Table field, enter Lab, and select Lab skip objects.

15. To save the rule, click Save. The Create New Discovery Scenario pane is displayed again.

16. Scroll down, then expand the Run discovery section.

DISHA DHAMDHERE 20100BTCSDSI07268

17. Click Run Now.

After the discovery scenario runs, the pane shows 12 matches found rather than 13.

Practical No. 16
DISHA DHAMDHERE 20100BTCSDSI07268

Aim: Define an audit process.

Now, we define an ad hoc audit process for auditors to review and sign off on the results of the
discovery.
1. Expand the Audit section of the Discover Sensitive Data pane.

2. Click the Add icon. The New Receiver dialog box opens.

3. In the Role field, to filter roles, enter audit and select audit from the drop-down menu.
This choice allows any Guardium user with the audit user role to view the report.
4. Click Sign off. This selection means that the receiver must sign off on the report instead
of just viewing it.
DISHA DHAMDHERE 20100BTCSDSI07268

5. Click OK. The Audit table updates with the new receiver.
DISHA DHAMDHERE 20100BTCSDSI07268

Practical No. 17
Aim: Verify that the PCI Cardholder Sensitive Objects group is updated.
We verify that the sensitive tables that your discovery process finds are added to the appropriate
group.
1. Go to Protect > Security Policies > Group Builder.

2. To filter the entries, in the Filter field, type pci and press Enter.
3. Select the PCI Cardholder Sensitive objects group.
DISHA DHAMDHERE 20100BTCSDSI07268

Note that there are now five members in the group.

4. To view how this group is used, scroll to the right.

Green checkmarks in the Hierarchical, “Used in discovery scenario”, and “Used in

query” columns indicate that this group is used in at least one discovery scenario and one
query. The gray checkmarks in the “Used in policy” column indicate that the group is
used in a policy that is not active.
5. From the Actions drop-down menu, select View details.

The dialog box shows that the group is associated with your discovery. You can also
view which queries this group is associated with.
6. Close the group details dialog box.
DISHA DHAMDHERE 20100BTCSDSI07268

7. To view group members, select the group and click the Edit icon. Then, click the
Members tab.

Close the “Edit group” dialog box.

DISHA DHAMDHERE 20100BTCSDSI07268

Practical No. 18
Aim: Configure auto-discovery of subnet.
We configure Guardium to scan for new databases across your subnet, targeting specific ports
for probes.
1. Log in to the Guardium GUI with user admin and password guardium.

The Welcome page opens.

2. View the Auto-discovery configuration:

a. Click the Discover icon .
DISHA DHAMDHERE 20100BTCSDSI07268

b. Go to Database Discovery > Auto-discovery Configuration. The Auto-

discovery Process Selector page opens.

3. To create a database discovery process, click the New icon. The Auto-discovery Process
Builder page opens.
DISHA DHAMDHERE 20100BTCSDSI07268

4. To name the process, in the Process name field, type Discover Databases.
5. To save the process, click Apply.
6. To add the IP range to scan, in the Host(s) field, type 10.0.100.*.
7. To add the ports to scan, in the Port(s) field, type 1000-6000.
Complete the configuration of the hosts and ports to scan. You scan the entire 10.0.100 subnet for
hosts with open ports in the 1000-6000 range. To identify the type of databases that exist on the
hosts, Auto-discovery probes any discovered hosts with open ports within the range you set upt.
For the probe to run after the scan, do not clear the checkbox for the default, Run probe after
scan.

8. To add the host & port combination to the process, click Add scan.
9. To begin the database scan, click Run Once Now. You see a confirmation that the
process is active.
10. To close the confirmation window, click OK.
View the progress of the Auto-discovery process.

a. Scroll down.
b. Click Progress/Summary.
The Auto-discovery process progress page opens. This page details the current
progress by task within the process.
DISHA DHAMDHERE 20100BTCSDSI07268

11. To view the current progress of the task, expand the Hosts/Ports section.
Useful information is displayed, which details the progress of the task. At this point in the
scan, 21 host systems & 42 open ports are discovered.

12. To update the progress of the task, click Refresh. The process completes.

13. To view the run details of the task, expand the Hosts/Ports section.

14. To close the window, scroll down and click Close.

15. View databases discovered by the scan: Click the User Interface Search field. Type datab. Press
Enter or click the Search Icon. Click any Discovered Databases report. The Discovered
Databases report opens and shows that nine databases across three hosts were found. The
types of databases found were MSSQL, MySQL, Postgres, Oracle, and Sybase. As
Database Auto-discovery runs, the Guardium collector sends a handshake to each open
port. If there is a database listening on that port, it responds in such a way that Guardium
is able to determine that it is Oracle, Db2, or any other supported database.
DISHA DHAMDHERE 20100BTCSDSI07268

Practical No. 19
Aim: Configure auto-discovery of specific hosts.
Scans of entire subnets or large ranges might take a long time to complete. Therefore, to be more
efficient, it is common to target specific hosts and ports that are known to have databases on
them.
We configure Guardium to scan for new databases, targeting specific hosts and ports. For each
host and port combination, we set up a target scan and add them to the Auto-discovery process.
We use port ranges that are known to be used by Db2 databases.
1. View the Auto-discovery configuration:
a. Click the Discover icon .
b. Go to Database Discovery > Auto-discovery Configuration. Thu Auto-Discovery
Process Selector page opens.

2. To edit the Discover Databases process, click the Modify icon.

3. Edit the existing Host(s) & Port(s) fields:
a. In the Host(s) field, type 10.0.100.197.
b. In the Posts field, type 50000-60000.
4. To add another host & port to the scan, from the Add hosts and ports to process… section:
DISHA DHAMDHERE 20100BTCSDSI07268

a. In the Host(s) field, type 10.0.100.207.

b. In the Port(s) field, type 50000—60000.
c. Click Add scan & then click OK.
There are 2 hosts set up for the scan., which probe ports within the 50000-60000 range for
active databases.

5. To begin the scan, click Run Once Now.

6. To close the confirmation window, click OK.

7. View the progress of the Auto-discovery process:

a. Scroll down.

b. Click Progress/Summary.
DISHA DHAMDHERE 20100BTCSDSI07268

The Auto-discovery Process Page opens. The process is running and there is a task for each host
and port combination.
8. To view the progress of the host 10.0.100.197 / 50000-60000 task, expand the section.

9. To view the progress of the host 10.0.100.207 / 50000-60000 task, expand the section.
10. For a complete view of both tasks, scroll down.
11. After you review the details for each scan, click Refresh.
The scan is complete. Note that because you set up the scan to target specific hosts as
opposed to an entire subnet, like in the first scan, it takes seconds to complete.

12. To close the Auto-discovery Process Progress window, click Close.

13. View the Databases Discovered report:
a. Click the Discover icon .
b. Go to Reports > Databases Discovered.
The Databases Discovered report opens. A new Db2 database is shown for host
10.0.100.207. Also, note that there is no new database discovered for host 10.0.100.197
because the Db2 instance on that host is inactive. This highlights the fact that for the Auto-
discovery scan to detect a new database, the database must be active.
DISHA DHAMDHERE 20100BTCSDSI07268