Space banner

   

This version of the product has reached end of support. The documentation is available for your convenience. However, you must be logged in to access it. You will not be able to leave comments.

Security planning

Review the following topics for information about how BMC Database Automation provides security and for recommendations on deploying securely:

Security overview

Security within the BMC Database Automation product is comprised of robust authentication mechanisms, flexible and granular Role Based Access Controls (RBAC), and comprehensive monitoring. This makes BMC Database Automation well suited for complex enterprise organizations, such as financial institutions or service providers, where portions of the database infrastructure are managed by different teams that must operate autonomously due to regulatory separation of duty policies. 

BMC Database Automation is handled at multiple tiers:

  • Using the management GUI, users can access the web interface based on the product's RBAC mechanisms.
  • At a transport level, all of the communications between the management server and the agents are encrypted using SSL, with both server and client certificates being presented. This means that a malicious party cannot masquerade as an agent nor a manager, and that all of the communications are secured against third-party discovery or injections.
  • Application-level security is provided by encryption and digital signatures of all of the workflow libraries on the management server (these libraries are what interpret, for example, how to run the Oracle installer), with the keys embedded in the management server code and the agent. This prevents a malicious party from gaining privileged access to the management server and modifying the instructions the management server sends to the agents.

All of the commands that are run are centrally logged and audited on the management server. For any job that is run, a user with the correct privileges can bring up a log file with the commands, arguments, outputs, and associated log files. For information about this and other security-based administrative tasks that can be managed and configured in BMC Database Automation, see Performing security administration tasks.

Note

Beginning with BDA 8.8, an optional sample_rbac_setup.pl script is provided in /app/clarity/manager_scripts/bin that automatically generates a pre-defined set of roles containing pre-defined capabilities in each role. This enables you to instantly configure a comprehensive default RBAC starting point (for Roles only) on a new Manager so that you do not have to define the entire Security plan using the GUI. 

Security assessment FAQs

QuestionResponse
Does product development follow a Security Development Lifecycle (SDL) Process?No. The BMC Database Automation product does not follow a formal SDL process. However, many aspects of the SDL process are done during our development lifecycle and are documented as follows.
Do you conduct security reviews? If so, what?

Yes. Security-related product testing is done as part of each release. In addition, the BMC AppSec team performs penetration and other security tests on our product prior to each release.  

Do you use any tools to test for vulnerabilities?

Yes. Although most of of the testing is done manually, the BMC AppSec team also uses Burp Suite(Pro), a web proxy tool.

Can you provide the results of these vulnerability reviews performed?Yes.  We can provide the report from the BMC AppSec team upon request.
Have you closed on vulnerabilities found for the subject application using these application security reviews?Yes. All High/Severe issues are required to be closed before releasing the software as part of our Quality Certification (QCert) checkpoint; low/medium issues are reviewed and assessed on a case-by-case basis.
Are you committed to perform regular security reviews of the application and resolving vulnerabilities identified?

Yes, BMC is committed to resolve all Common Vulnerability Scoring System (CVSS) High and Critical vulnerabilities found in our code and remediate any found in 3rd party components we include and ship with our product. BMC's AppSec team performs regular penetration tests during the product's release lifecycle. See www.bmc.com/security for BMC's disclosure and alert details.

BMC and the BMC Database Automation product are committed to monitor, find, and resolve security-related product issues both during our release process and after releases are available to customers. For the BMC Network Automation Product:

  • OWASP 3rd Party Dependency checks are run and reviewed on every nightly build; issues are resolved shortly after they are detected
  • 3rd Party Dependencies are updated to the latest versions several times during our release lifecycle
  • BMC AppSec team performs penetration and other security-related testing on the product at least once prior to release
  • QA team runs AppsScan (penetration testing tool) regularly during the release lifecycle; issues are resolved shortly after they are detected
  • BMC Quality Certification (QCert) contains a security section that all products must complete and pass before receiving executive sign-off for release

Is the product FIPS-140 compliant?

No.

What type of encryption is used for storing sensitive data?

Communication between the management server and the agents are encrypted using SSL, with both server and client certificates being presented. This means that a malicious party cannot masquerade as an agent nor a BMC Database Automation manager, and that all of the communications are secured against third-party discovery or injections.

What kind of encryption is used when the database is not fully encrypted, for example, when using Oracle?

Application-level security is provided by encryption and digital signatures of all of the workflow libraries on the management server (these libraries are what understand, for example, how to run the Oracle installer), with the keys embedded in the management server code and the agent. This prevents a malicious party from gaining privileged access to the management server and modifying the instructions the management server sends to the agents.

Users can be centrally authenticated against LDAP or AD, so when a user leaves the company, simply disabling their user in AD will prevent them from logging in to the GUI.

Back to top

RBAC access control

Role Based Access Controls (RBAC), separate from the database server OS-level permissions, enable users to control access to execute commands in BMC Database Automation against servers where they do not have OS-level access. RBAC provides a mechanism for restricting user access and defining segregation of duties based on the concept of roles, groups, and capabilities, where BMC Database Automation users are members of groups and groups are assigned roles (which contains one or more capabilities). For more information about managing RBAC, see Managing the RBAC access controls.

Roles

Unable to render {include} The included page could not be found.

Back to top

Groups

A group consists of one or more users. Each group has roles assigned and is granted access to domains. A user can be a member of more than one group. Groups can be granted different roles in different domains or the same role in different domains. When more than one role is granted to the same group on the same domain, the result is cumulative capabilities.

Note

Because roles are assigned to groups rather than to individual users, a user must be a member of a group to be assigned a role.

To create a group, do the following:

  1. From the Management Console main page, select Security > Groups within the Context Frame.
  2. In the Groups Content page, click Create New Group.
  3. In the Group Information page, enter a Name and Description for the group, and click Next.
  4. To select an available role, click add corresponding to the role in the Grants page.
    You are prompted with the list of domains for granting access.

  5. Select the check boxes for the associated domains or subdomains and click OK. Repeat for each role added.

    Note

    • Selecting Grid, the root level, grants access to all domains and subdomains.
    • Selecting all subdomains in a domain is not equivalent to selecting the parent domain. Selecting the parent domain grants access on all current subdomains and subdomains added to this domain going forward.
    • Roles and domain grants appear in the Modified Grants section at the bottom of the page.
  6. Click Next.
  7. In the Users Information page, add members to this group by clicking the add link next to the appropriate users.
    Information about the selected users appear in the Modified Users section at the bottom of the page.
  8. Click Next.
    The Summary page displays the configuration details.
  9. In the Summary page, click Go to to make changes for that section.
  10. Click Create Group.

Users

BMC Database Automation user accounts include the full name, user name, password and the groups in which a user is a member. Users must be members of a group to be granted permissions. The group membership for a user determines their assigned roles and granted domains. A user can be a member of more than one group.

Note

Users who do not have group assignments are only allowed to edit their own password.

To create a user, do the following:

  1. From the Management Console main page, select Security > Users in the Context Frame.
  2. Click Create New User.
  3. In the User Information page, enter the following information in the Create User form, and click Next.
    • Username
    • First Name

    • Last Name

    • Department (optional)

    • Password

    • Confirm Password

      Note

      When using internal authentication, passwords must meet the requirements specified. See Configuring internal authentication for details.

  4. In the Available Groups section of the Group page, assign group membership for this user by clicking the add link next to the wanted groups.
    Any groups selected are moved to the Modified Groups section.
  5. Click Next.
    The Summary page displays the configuration details.
  6. In the Summary page, click Go to to make changes for that section.
  7. Click Create User.

Security implementation examples

Typical enterprise level implementations of BDA include the setup of Roles and Groups that segregate the activities of engineering and operational DBAs. For example, engineering DBAs might only be allowed to create and test patch packages on non-production servers that are published to operational DBAs. As a result, the operational DBAs would only be able to apply or roll back patch packages to production servers but not modify those packages.

Another common example is for non-DBAs (such as DBA Managers) to be granted access to BMC Database Automation only to view DBA activity, check OS and database versions and physical CPU counts, or to run reports without the ability to initiate any other intrusive database-related activities (such as patching or provisioning).

Best Practice

BMC recommends that you implement an RBAC design that incorporates the minimum complexity of privileges as possible. This means granting users only the privileges they require to perform their work. A design of this nature helps to address a multitude of security goals while ensuring the ease of deployment and management of users within BMC Database Automation.

Using calculated RBAC strategies enables Security Managers to operate under a secure and granular system access system that ultimately provides their security teams to operate according to pre-existing policies. Managers can start a RBAC security model with tight controls and then gradually transition the model to less stringent requirements by gradually loosening the permissions.

For example, they might start a model whereby all Oracle DBAs can see all Oracle servers for activities such as provisioning and patching, but not be able to view any Actions that have already been created. Over time, those Actions might be published to certain groups, users, and databases, according to specifications enforced by security teams and management.

Authentication

BMC Database Automation provides the ability to authenticate off of LDAP or Active Directory, and to configure authentication settings including password expiration time and grace period, password complexity requirements, and password lockout policy. For more information, see Configuring authentication.

Data security

All of the communications between the management server and the agents are encrypted using SSL, with both server and client certificates being presented. This means that a malicious party cannot masquerade as an agent nor a BDA manager, and that all of the communications are secured against third-party discovery or injections. All of the workflow libraries on the management server require digital signatures and are encrypted with the keys embedded in the management server code and the agent. This prevents a malicious party from gaining privileged access to the management server and modifying the instructions the management server sends to the agents.

Back to top

Additional security considerations

The following sections detail additional measures you can take to ensure the security of your BMC Database Automation implementation.

Scanning for malicious files

It is possible to inadvertently upload malicious files to BMC Database Automation. Because of this risk, BMC strongly recommends that you scan upload directories for malicious files using anti-virus software before uploading any files to BMC Database Automation.

Disabling the Autocomplete browser feature

Browsers implement the Autocomplete feature that keeps track of information that has been recently and repetitively submitted, such as web addresses, information in forms (user name and passwords), and search queries. Enabling Autocomplete by default prevents the web browser from specifically caching the login_password fields. To disable the web browser Autocomplete feature, open the /app/clarity/dmanager/etc/d2500_config file on the Manager with a text editor and set prevent_password_auto_complete to true.

Back to top

Related topic

Performing security administration tasks

Was this page helpful? Yes No Submitting... Thank you

Comments