The DBN-6300 Security Technical Implementation Guide (STIG) provides the technical security policies, requirements, and implementation details for applying security concepts to the DBN- 6300 appliance management, backplane, and traffic inspection functions. The STIG is a package of two STIGs, which together assess the security posture of the device management, backplane, and traffic inspection functions of the appliance. The DBN-6300 Intrusion Detection and Prevention System (IDPS) STIG provides the technical security policies, requirements, and implementation details for applying security concepts to the Structured Query Language (SQL) injection attack detection functions of the DBN-6300 Intrusion Detection System (IDS). The DBN-6300 Network Device Management (NDM) STIG provides the technical security policies, requirements, and implementation details for applying security concepts to the DBN-6300 management and backplane functions. The DBN-6300 is an application layer IDS that inspects the network communications traffic to detect zero-day SQL injection attacks. Traffic is inspected using behavior analysis techniques only; thus, the device is recommended for use in the architecture in front of the database tier and after the site’s perimeter IDPS solution, which is typically signature based. The device is installed as a passive (bump-in-the-wire) device on the network. Administrators can use the reporting feature on the system to gain insight into what types of SQL attacks are being detected and what hidden SQL databases may be installed on the network and may be providing an attack vector for intruders.
- Application Server
- Business Productivity Application
- Specialized Security-Limited Functionality (SSLF)
DoD Instruction (DoDI) 8500.01
Parties within the DoD and Federal Government’s computing environments can obtain the applicable STIG from the Information Assurance Support Environment (IASE) website. This site contains the latest copies of any STIGs, SRGs, and other related security information. The address for the IASE site is http://iase.disa.mil/.
Comments or proposed revisions to this document should be sent via email to the following address: email@example.com. DISA will coordinate all change requests with the relevant DoD organizations before inclusion in this document. Approved changes will be made in accordance with the DISA maintenance release schedule.
typo in reference link has been corrected - 10/30/2017
Update Title - 11/06/2017
corrected resource title
update to FINAL - 1/26/18
updated overview file - 4/25/18
Updated to FINAL - 5/25/18
Updated URLs - 6/5/19
NIST checklist record last modified on 06/05/2019