The DBMS must restrict the ability of users to launch Denial of Service (DoS) attacks against other information systems or networks.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-32550	SRG-APP-000246-DB-000133	SV-42887r1_rule		Low

Description
When it comes to DoS attacks most of the attention is paid to ensuring that systems and applications are not victims of these attacks. While it is true that those accountable for systems want to ensure they are not affected by a DoS attack, they also need to ensure their systems and applications are not used to launch such an attack against others. To that extent, a variety of technologies exist to limit, or in some cases, eliminate the effects of DoS attacks. For example, boundary protection devices can filter certain types of packets to protect devices from being directly affected by DoS attacks. Limiting system resources that are allocated to any user to a bare minimum may also reduce the ability of users to launch some DoS attacks. Applications and application developers must take the steps needed to ensure users cannot use these applications to launch DoS attacks against other systems and networks. An example would be designing applications to include mechanisms that throttle network traffic so users are not able to generate unlimited network traffic via the application. The methods employed to counter this risk will be dependent upon the potential application layer methods that can be used to exploit it.

Description

When it comes to DoS attacks most of the attention is paid to ensuring that systems and applications are not victims of these attacks. While it is true that those accountable for systems want to ensure they are not affected by a DoS attack, they also need to ensure their systems and applications are not used to launch such an attack against others. To that extent, a variety of technologies exist to limit, or in some cases, eliminate the effects of DoS attacks. For example, boundary protection devices can filter certain types of packets to protect devices from being directly affected by DoS attacks. Limiting system resources that are allocated to any user to a bare minimum may also reduce the ability of users to launch some DoS attacks. Applications and application developers must take the steps needed to ensure users cannot use these applications to launch DoS attacks against other systems and networks. An example would be designing applications to include mechanisms that throttle network traffic so users are not able to generate unlimited network traffic via the application. The methods employed to counter this risk will be dependent upon the potential application layer methods that can be used to exploit it.

STIG	Date
Database Security Requirements Guide	2012-07-02

Details

Check Text ( C-40989r1_chk )
Review DBMS settings and custom database code to determine whether the DBMS or database application code could be used to launch DoS attacks. If the DBMS or custom database code would facilitate DoS style attacks against other information systems, this is a finding.

Fix Text (F-36465r2_fix)
Configure DBMS settings to restrict functionality that could be used to initiate DoS attacks. Modify custom database code to not allow it to be used to initiate DoS attacks.