Checklist Summary:

The DBN-6300 Security Technical Implementation Guide (STIG) provides the technical security policies, requirements, and implementation details for applying security concepts to the DBN- 6300 appliance management, backplane, and traffic inspection functions. The STIG is a package of two STIGs, which together assess the security posture of the device management, backplane, and traffic inspection functions of the appliance. The DBN-6300 Intrusion Detection and Prevention System (IDPS) STIG provides the technical security policies, requirements, and implementation details for applying security concepts to the Structured Query Language (SQL) injection attack detection functions of the DBN-6300 Intrusion Detection System (IDS). The DBN-6300 Network Device Management (NDM) STIG provides the technical security policies, requirements, and implementation details for applying security concepts to the DBN-6300 management and backplane functions. The DBN-6300 is an application layer IDS that inspects the network communications traffic to detect zero-day SQL injection attacks. Traffic is inspected using behavior analysis techniques only; thus, the device is recommended for use in the architecture in front of the database tier and after the site’s perimeter IDPS solution, which is typically signature based. The device is installed as a passive (bump-in-the-wire) device on the network. Administrators can use the reporting feature on the system to gain insight into what types of SQL attacks are being detected and what hidden SQL databases may be installed on the network and may be providing an attack vector for intruders.

Checklist Role:

• Application Server
• Business Productivity Application

Known Issues:

Not provided.

Target Audience:

Not provided.

Target Operational Environment:

• Managed
• Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not provided.

Regulatory Compliance:

DoD Instruction (DoDI) 8500.01

Comments/Warnings/Miscellaneous:

Although the use of the principles and guidelines in these SRGs/STIGs provides an environment that contributes to the security requirements of DoD systems, applicable NIST SP 800-53 cybersecurity controls need to be applied to all systems and architectures based on the Committee on National Security Systems (CNSS) Instruction (CNSSI) 1253.

Disclaimer:

Not provided.

Product Support:

Parties within the DoD and Federal Government’s computing environments can obtain the applicable STIG from the Information Assurance Support Environment (IASE) website. This site contains the latest copies of any STIGs, SRGs, and other related security information. The address for the IASE site is http://iase.disa.mil/.

Point of Contact:

Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil. DISA will coordinate all change requests with the relevant DoD organizations before inclusion in this document. Approved changes will be made in accordance with the DISA maintenance release schedule.

Sponsor:

Not provided.

Licensing:

Not provided.

Change History:

typo in reference link has been corrected - 10/30/2017
Update Title - 11/06/2017
corrected resource title
update to FINAL - 1/26/18
updated overview file - 4/25/18
Updated to FINAL - 5/25/18
Updated URLs - 6/5/19

Dependency/Requirements:

URL	Description

References:

Reference URL	Description
https://dl.dod.cyber.mil/wp-content/uploads/stigs/pdf/U_DBN-6300_STIG_Ver1_Release_Memo.pdf	DBN-6300 STIG Ver 1 Release Memo
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_DBN-6300_V1R2_Overview.zip	DBN-6300 Overview - Ver 1, Rel 2

NIST checklist record last modified on 06/05/2019