Download Free Checklist for Auditing Databases

Database Audit

- Verify that database permissions are granted or revoked appropriately for the required level of authorization.
- Review database permissions granted to individuals instead of groups or roles.
- Ensure that database permissions are not implicitly granted incorrectly.
- Review dynamic SQL executed in stored procedures.
- Ensure that row-level access to table data is implemented properly.
- Revoke PUBLIC permissions where not needed.
- Restrict access to the operating system.
- Restrict permissions on the directory to which the database is installed.
- Restrict permissions on the registry keys used by the database.
- Check for default usernames and passwords.
- Check for easily guessed passwords.
- Check that password management capabilities are enabled.
- Check that auditing is enabled.
- Verify that network encryption is implemented.
- Verify that encryption of data-at-rest is implemented where appropriate. Ensure that encryption key management is part of the disaster-recovery plan.
- Verify that the latest patches for the database have been installed.
- Verify that the database is running a version the vendor continues to support.
- Verify that policies and procedures are in place to identify when a patch is available and to apply the patch.
- Check the integrity of the database by looking for root kits, viruses, backdoors, and Trojan horses.

Bookmark/Search this post with:
  • Delicious
  • Digg
  • StumbleUpon
  • Propeller
  • Reddit
  • Magnoliacom
  • Google
  • Yahoo
  • Technorati

Trackback URL for this post:

http://www.desktopauditing.com/trackback/143

User login

Who's new

  • emineswift55
  • BoopAtteddy
  • johanna amboya
  • Staubsaugerbhru
  • xsaljhp

Who's online

There are currently 0 users and 2 guests online.