Oracle Database Security Health Check

Picture a scene...

segregated subnets

 

Despite the claims of anti-virus vendors, malware problems are near impossible to control. Attackers own user workstation subnets and mobile devices, and very often malware either directly finds a route to databases (critical infrastructure) or it opens a tunnel for manual hacker gangs to exploit.

musangSeven Stone's software Musang targets Oracle Database 10g and 11g and gives organisations a quick and accurate view of Oracle Database security.

In critical cases (e.g. "crown jewels" hosting, credit card details, personal information with potential legal nightmares attached), Seven Stones long experience in Oracle Database security can be used to develop internal security solutions to good effect. More details...


services2

Architecture

This service varies from client to client, as it depends very much on the maturity of existing controls. This is usually the service which we need to perform as a first step. In summary, it's an information gathering workshop and it allows us to learn how we can best deliver value for our clients.

For more details, please consult our terms of engagement and service portfolio.

Vulnass

Vulnerability Assessment

When you see this title you probably think in terms of penetration testing. The reality is though that penetration testing, even when delivered properly (i.e. not using automated scanners and with all testing restrictions removed), doesn't lend itself to cost-effectiveness.

Generally, we only deliver these services when we are sure the clients' investment is justified in terms of risk.


policies

Corporate Policies

At Seven Stones, we have no interest in consulting or delivering for clients, if the recommendations we make are likely to be implemented, but then forgotten after a change of staff, or just the passage of time.

Policies and standards (an ISO 27001 - based baseline policy, plus technical build standards) are very important, not least for helping to ensure that improved processes and practices are "carved in stone".

incidents

Incident Response

Incident response, and the whole area of best practices in incident management, are complex. If you think it's simple, then you probably don't have effective processes.

We have a track record of having dealt in this area with large firms in transport and finance, and we know what works in practice, as opposed to just theory.

For more details on our offering in incident response, click here


Security Macromorphosis

Sacred Cows

Latest Blog Post

Post Date: 22nd February 2019

  

Prevalent DNS Attacks – is DNSSEC The Answer?

Recently the venerable Brian Krebs covered a mass-DNS hijacking attack wherein suspected Iranian attackers intercepted highly sensitive traffic from public and private organisations. Over the course of the last decade, DNS issues such as cache poisoning and response/request hijacking have caused financial headaches for many organisations.

Wired does occasionally dip into the world of infosec when there’s something major to cover, as they did here, and Arstechnica published an article in January this year that quotes warnings about DNS issues from Federal authorities and private researchers. Interestingly DNSSEC isn’t covered in either of these.

The eggheads behind the Domain Name System Security Extensions (obvious really – you could have worked that out from the use of ‘DNSSEC’) are keeping out of the limelight, and its unknown as to exactly how DNSSEC was conceived, although if you like RFCs (and who doesn’t?) there is a strong clue from RFC 3833 – 2004 was a fine year for RFCs.

The idea that responses from DNS servers may be untrustworthy goes way back, indeed the Council of Elrond behind ... link to original article

Publication

Literatecode

Security
De-engineering

Security De-engineering, published in December 2011 by Taylor Francis, covers ubiquitous problems in information security and offers a solution in the final chapter

Areas covered: Penetration testing, Hackers, CASEs (Checklists and Standards Evangelists), IDS, Cloud Security, jobs in security, Identity Management, and organisational elements.

 

Partners

Literatecode

Literatecode

 

Literatecode was established in 2003 as an informal R&D lab and reorganized to a registered business in 2012.

Literatecode specializes in applied research and experimental development to help companies and individuals defend themselves against security threats.