Opened 12 years ago
#2317 new defect
CAT 2 V0015644 NAME: DBMS access control bypass DESCRIPTION: Attempts to bypass access controls should be audited.
Reported by: | doconnor24 | Owned by: | |
---|---|---|---|
Priority: | highest | Milestone: | OMAR Dec 2012 |
Component: | Algorithms/Functionality | Version: | ossim/OMAR 1.8.14-3 |
Severity: | critical | Keywords: | |
Cc: |
Description
Configure auditing to capture the events listed below where available in the DBMS:
- unsuccessful logon attempts
- account locking events
- account disabling from a specific source location
- failed database object attempts or attempts to access objects that do not exist
- other activities that may produce unexpected failures or trigger DBMS lockdown actions.
If audit for these events results in an unacceptable adverse impact on application operation, scale back the audit to a reasonable and acceptable level.
Note:
See TracTickets
for help on using tickets.