NetDelta

Netdelta looks for changes in network services by port scanning at scheduled time intervals and reports differences. If something changes in a critical subnet - say your DMZ - and you didn't authorise it, this can only be bad. Causes can be:

musang

Project Musang

Musang is a software tool for automatically assessing the security of Oracle Databases.

Musang's design ensures:

Musang interrogates Oracle Databases in a fast and accurate way. There are many Oracle Database vulnerabilities known to the security community that arise from misconfigurations and DBA oversights. Musang tests for these vulnerabilities in a unique way that permits accuracy and efficiency.

Partial Screen Shots (*- click to enlarge)

Musang login Test progress Test report
setup scan progress report

 

How Does Musang Work?

Musang relies on authenticated methods to test vulnerability and the authenticated part is the most critical aspect. Being authenticated, having effectively read-only DBA access, means Musang can "see" clearly all aspects of database configuration. And this also means radically fewer false positives. In most cases there will be no false positives at all.

The authenticated nature of the testing plus the contextual testing (see next section) implemented by Oracle Database security experts ensures radically fewer false positives compared with unauthenticated, "blind" scanners.

Contextual Testing

Unlike other scanners, Musang takes into account the effect that different server settings can have on each other. For example: weak passwords by themselves constitutes a vulnerability, but what if the accounts are lock or expired? In this case a vulnerability is not flagged by Musang, however both items of configuration are itemised as "Informational" by the testing engine.

False Positives

False positives are bad for business. They're bad for the information security practice in a business, and they're consequently bad for operations, application developers, and management. They're a time and resources sink hole.

The worst aspect of false positives is the effect they have on trust. Security Managers and Analysts want to be able to trust their tools to automatically find vulnerability. If there is no trust, it makes integration with other departments very tough. Security Managers need to have confidence when they report on the progress of their vulnerability management programs.

With Musang - the lack of false positives and accurate output finally allows confidence in the automation of vulnerability assessment.

Features

Musang is a Python/Django web-based project currently at version 1.12.

Currently Oracle Database 11g and 10g are supported targets.

The tests library has been compiled based on the requirements of most businesses' Security Standards for Oracle Database. There are several public sources of Oracle Database security configuration items (e.g. the CIS Benchmarks) and these tests are all included as well as some important tests included by the development team based on their experiences in security testing and security incidents. In summary: no stone has been left unturned.

As a high level description, the following tests are covered: