New solution for search of the database vulnerabilities WareValley
Conducting individual organizations information security audits, such as the user enumeration (a list of existing user logins), verification of hacking passwords and fuzzing can not give a complete picture of database security. With this task cope Cyclone – provides a multi-dimensional database security checks on the various global standards and makes recommendations to improve its level of protection, described in the company.
Cyclone works with the following databases: Oracle, MS SQL, Server IBM DB2 / UDB, Sybase ASE, Mysql and others.
In scanner mode, the solution collects information about the system detects installed database and determines their version, conducts a penetration test simulates an attack by external hackers, system audits and prepares a report. Cyclone discovers sensitive data on specific requests and analyzes the degree of protection of these data. During the audit, the solution provides recommendations to address vulnerabilities using Fit Scripts messages. At the end of the audit the user receives a complete report database and a list of methods to eliminate vulnerabilities.
According to JM Consulting & Systems, 10 main threats to the database in terms of vulnerabilities and configuration errors include: user name is the default or not, the password is weak; implementation of the code in SQL-query the database; inappropriate roles privileges to individual users and groups; connection of unused database functions; impaired configuration management (broken configuration management); buffer overflow (buffer overflows); excess privilege (privilege escalation); DDoS attacks; the absence of the latest patches on the database (un-patched databases); unencrypted confidential data (unencrypted sensitive data).
All these and many other vulnerabilities can be found and eliminated by solving the Cyclone, the company said. The main functions of the solution are: detection with a penetration test of critical security vulnerabilities (protocol vulnerability, password attack, buffer over-flow, DDOS attack); analysis of the possibility of “fall” of the database as a result of such actions, as buffer overflows (BOF) and DoS attacks (during this test checks the database resistance to Brute Forcing, Dictionary Attack, Password Cracking methods); Search all the other system vulnerabilities using “security audit” (includes: definition of vulnerability as a result of incorrectly installed privileges (passwords and profiles), the Backup properly organized, the issue of the status of the installation of necessary patches (Patch Management) and the integration of the status of the operating system and applications); easy security policy management on received Fix Scripts recommendations; receive a full report on the assessment of the database vulnerabilities.