Detect perimeter changes before hackers detect them!
If your network perimeter changes unexpectedly, that's unlikely to be a good thing. What is the cause?
- Unauthorised change?
- Steve in networking misconfigured a firewall?
- Hacker's shell?
- Shadow IT?
- Rogue device?
- Post-M&A networking headaches?
Musang is a software tool for automatically assessing the security of Oracle Databases.
Musang's design ensures:
- Accuracy: The testing module has full and clear visibility of database configuration.
- Efficiency: Configuration is easy, and reports are concise, focusing on the critical aspects.
- Designed AND IMPLEMENTED by Subject Matter Experts: Unlike so many other security software packages, Musang was not only conceived by Security experts, it was also fully designed and implemented by Oracle Database security subject matter experts, with 10 years of experience behind them.
- Speed: The bottleneck is more likely to be network bandwidth rather than processing time.
- Compliance Testing: Tests covered ensure most popular audit concerns are covered - HIPPA, PCI-DSS, ISO 27001, etc
Musang interrogates Oracle Databases in a fast and accurate way. There are many Oracle Database vulnerabilities known to the security community that arise from misconfigurations and DBA oversights. Musang tests for these vulnerabilities in a unique way that permits accuracy and efficiency.
Partial Screen Shots
|Musang login||Test progress||Test report|
How Does Musang Work?
Musang relies on authenticated methods to test vulnerability and the authenticated part is the most critical aspect. Being authenticated, having effectively read-only DBA access, means Musang can "see" clearly all aspects of database configuration. And this also means radically fewer false positives. In most cases there will be no false positives at all.
The authenticated nature of the testing plus the contextual testing (see next section) implemented by Oracle Database security experts ensures radically fewer false positives compared with unauthenticated, "blind" scanners.
Unlike other scanners, Musang takes into account the effect that different server settings can have on each other. For example: weak passwords by themselves constitutes a vulnerability, but what if the accounts are lock or expired? In this case a vulnerability is not flagged by Musang, however both items of configuration are itemised as "Informational" by the testing engine.
False positives are bad for business. They're bad for the information security practice in a business, and they're consequently bad for operations, application developers, and management. They're a time and resources sink hole.
The worst aspect of false positives is the effect they have on trust. Security Managers and Analysts want to be able to trust their tools to automatically find vulnerability. If there is no trust, it makes integration with other departments very tough. Security Managers need to have confidence when they report on the progress of their vulnerability management programs.
With Musang - the lack of false positives and accurate output finally allows confidence in the automation of vulnerability assessment.
Musang is a Python/Django web-based project currently at version 1.4.
Currently Oracle Database 12c, 11g and 10g are supported targets.
The tests library has been compiled based on the requirements of most businesses' Security Standards for Oracle Database. There are several public sources of Oracle Database security configuration items (e.g. the CIS Benchmarks) and these tests are all included as well as some important tests included by the development team based on their experiences in security testing and security incidents. In summary: no stone has been left unturned.
As a high level description, the following tests are covered:
- User account profile tests
- Informational config dumps: these are not vulnerability tests per say, they give DBAs/devs information which may well be of interest from a security perspective. The information that is dumped may well reveal further vulnerabilities on investigation, or it might just typically be of interest for DBAs, developers, or Security experts
- TNS listener poisoning
- Auditing and logging configuration tests
- Passwords (password hashes are viewable for users in a username:password format, suitable for crackers such as JTR, Hashcat, etc)
- Obvious weak and default passwords
- Other TNS listener critical tests
- User account authentication settings
- Roles and privileges (the full dump of privileges is made available with some suspect items highlighted)
- User account trust relationships are investigated
- Database links are identified (and highlighted) and tested
Latest Blog Post
SIEM - Windows Events Quick Win
June 21, 2021, 7:08 p.m.
There has been a modicum of interest in a Windows spreadsheet I shared on social media recently, that if absorbed and acted upon, can be a early no-brainer win with SIEM products that are licensed based on volume or Events Per Second (EPS).
Its no big secret that Windows machines, virtual or real, are noisy. Clients I worked with - I would estimate 90%, for various reasonsdon't act on the noise from Windows devices and it's costing them a fortune (right or wrong, approx 50% of those prioritise other tasks).
In Splunk, one can use searches to estimate the benefit of removing noisy Windows events, and what I found was quite a broad range of results. It makes little sense to give the full breakdown because the result depends heavily on the spread and amount of Windows to other Operating Systems (OS). But there were a couple of cases where logging events volume was reduced by 70%.
Security De-engineering, published by Taylor Francis, covers ubiquitous problems in information security and offers a solution in the final chapter
Areas covered: Penetration testing, Hackers, CASEs (Checklists and Standards Evangelists), IDS, Cloud Security, jobs in security, Identity Management, and organisational elements.