Information Security Software & Services

 

How can you ensure that your database security is adequately maintained?

We offer assurance that your databases are continually protected.

Features include:

  • Full range of software  to offer security assurance for any type of database.
  • Scan any size of network.
  • Contains special checks for compliance templates.
  • Manage risk on an on-going basis with minimal effort.

SQuirreL Vulnerability Scanner

SQuirreL is the high-powered vulnerability assessment scanner for RDBMS infrastructures that exceeds standard specifications and allows systems professionals and database administrators to quickly and accurately assess security vulnerabilities and deficits.

Key Features

  • One click fix - fixes vulnerabilities by generating lockdown scripts.
  • Multiple reporting formats (Text, RTF, HTML, XML and external database).
  • Flexibility - multiple audit levels with an option to change the configuration of all checks performed.
  • Checks for unencrypted sensitive information such as credit card and Social Security numbers.
  • Comparative reporting (confirmation of fixed issues and alerts on new threats).

Download product evaluation   Contact us for your 14 day free trial

SQuirreL Screenshot

SQuirreL versions are available for Microsoft SQL Server, Oracle, MySQL, IBM Informix, IBM DB2 and Sybase ASE. These vulnerability assessment scanners set the standard for relational database infrastructures and have been developed with the help of the highly experienced NCC Group research team. More than simply scanners, some SQuirreL versions provide the capability to audit password quality, rectify identified threats and manage users and roles as well as system and object privileges.

 

Auditor Vulnerability Scanner

How do you check your database for vulnerabilities?

Auditor is an enterprise class database vulnerability scanner, suitable for finding vulnerabilities in many of the most widely used databases.

Auditor uses a distributed architecture system based upon a repository, scan engine, scheduler and management console. The repository (on a SQL Server database) stores the settings, results, reports and schedules for each scan together with the relevant system configuration data. All data contained within the repository is encrypted.

The scan engines can be placed in discrete database segments (such as the DMZ) allowing security auditing from any point in the enterprise. Each scan engine runs vulnerability checks for each of the hosts and stores these results in a designated repository. Hosts that are to be scanned can be specified by the user, or the scan engine can perform host discovery based upon a range of IP addresses.

Auditor can produce trend analysis and a wide selection of compliance auditing reports, including PCI, SOX, HIPAA, GLBA, FISMA Sans Top 20, CIS Benchmarks (SQL Server and Oracle) and the NSA Benchmark for SQL Server.

Key Features

  • Distributed architecture
  • Supported RDBMS systems to scan:
    • MS SQL Server 7/2000/2005/2008
    • Oracle 7r3/8i/9i/10g/11g
    • IDS Informix Dynamic Server 9x/10x/11x
    • MySQL
  • Encryption of data within the repository
  • Multiple distributed scanning engines
    • Scan Engines can be added as required to support growth
  • Lights out automated function via built-in scheduling engine
  • Role based access (Admin, Reporting, Scheduling etc.)
  • Highly configurable policy based scanning hierarchy:
    • Grouping of systems to be scanned by
      • System type (e.g. Database Server, Web Server, Network Device etc.)
      • System location (e.g. London, U.K., Europe, Dallas, U.S. etc.)
      • Client (for Service Providers)
    • Secondary grouping per client (for device type etc.)
    • Ad-hoc grouping as required by client
  • Powerful reporting engine with separate reporting aimed at all the following:
    • Executive Management, Mid-Level Management
    • Security Management, Technical Security Staff
  • Trend analysis via comparative reporting
  • Multiple report formats (TXT, RTF, HTML, XML, External Database)
  • Built-in compliance auditing covering:
    • PCI-DSS, SOX, HIPAA, GLBA
    • FISMA, SANS Top 20
    • NSA Benchmark for SQL Server
  • Built-in risk dashboard and results analyser reporting tools

Download product evaluation   Contact us for your 14 day free trial

OraScan

Do you want full control of the security issues surrounding your online applications and front-end servers?

OraScan performs robust, in-depth security vulnerability audits, seeking out potential problem areas like SQL injection, cross-site scripting and poor web server configuration in Oracle web applications.

OraScan can also be deployed to audit the configuration of IAS web servers, ensuring that the web application portion of your database software architecture is free of any security weaknesses.

Key Features

    • Flexible web server auditing:
      • Oracle web applications on Oracle Internet application servers
      • Oracle web applications on any other web application servers
    • Complete automated auditing:
      • Front-end server security and online applications security
    • Configuration audits:
      • Ensures that no security holes exist within the base software
      • Includes PL/SQL, JSP, SQLJSP and XSQL
    • Advanced spidering capability:
      • Derives the structure of an Oracle web application and tests each functional component
      • Includes checks for all site links and referenced scripts
    • Multiple reporting formats (TXT, RTF, HTML, XML & External Database)
    • Fast, easy to use & highly configurable
    • In-depth vulnerability audits uncovering threats such as:
      • SQL injection
      • Cross site scripting
      • Poor web server configuration
    • New checks added in August 2011 include: -
      • Over 200 new default DAD's
      • Many new default directories and files
      • 12 vulnerable PL/SQL packages

Download product evaluation   Contact us for your 14 day free trial

 

Domino Scan II

Do you know how exposed your Lotus Domino web servers are?

Domino Scan II vulnerability scanner is able to discover vulnerabilities on servers that may otherwise have remained hidden using other conventional vulnerability scanning software. It will undoubtedly help you guard against a variety of digital threats and maintain a strong defence posture.

Domino Scan II can be quickly configured to perform a detailed range of highly focused scanning activities, and deployed as part of a focused auditing process.

In order to ascertain your risk exposure, Domino Scan II uses a rigorous methodology to interrogate every view, form and agent within a database, even if ACL access protection has been invoked. It then performs an exhaustive range of tests on each document, auditing over a hundred sensitive and default databases and subjecting all documents to a vigorous set of vulnerability assessment checks. By using its intelligent spidering technology it performs deep-level database enumeration.

Key Features

  • Supports Domino versions R6 to R8 inclusive
  • Attempts to gain access to over 100 sensitive/default databases:
    • Web Administrator template access using ReplicaID
    • Web Administrator template access using buffer truncation
    • cache.dsk access using buffer truncation
  • Directory traversal
  • Database browsing
  • Audits bespoke databases & Notes applications
  • Unique database structure enumeration technology:
    • Finds hidden & visible views, forms & agents
    • Bypasses ACL protection
  • Default navigator access:
    • Attempts to bypass default navigator protection
  • Evaluates database design:
    • Checks every document for edit access
    • Attempts a forced search
    • ReadEntries & ReadViewEntries access
  • Multiple reporting formats (TXT, RTF, HTML, XML & External Database)
  • Fast, easy to use & highly configurable
  • Can perform focused audits
  • Unique spidering capability offering intelligent script & link scanning
  • Ability to scan with or without credentials
  • Ability to perform QuickHit Audit
  • Vulnerability link to CVE

Download product evaluation   Contact us for your 14 day free trial

 

SQLCrack Password Utility

How strong are your passwords?

Weak passwords can render even the most secure systems vulnerable, but with SQLCrack you can guard against weak passwords that make your network susceptible to attack.

This clever database password cracking utility for Microsoft SQL Server, Oracle, MySQL, Postgres and Sybase ASE will identify user accounts with weak passwords so they can be reset with stronger ones, thus protecting the overall integrity of your database infrastructure.

Key Features

  • Contains multiple phases each with built-in presets:
  • Customised options are available as well as:
    • Common names
    • Keyboard patterns
    • CVC patterns
    • Dictionary attack
    • Brute force
  • Phase variations can be increased by using:
    • Prefixes
    • Suffixes
    • Substitutions
    • Separators
  • Password hashes can be manually added or retrieved from the database
  • Note: Only DB admin and local admin accounts can access password hashes
  • Supported RDBMS versions:
    • MS SQL Server 7/2000/2005/2008
    • Oracle 8i/9i/10g/11g
    • Sybase ASE 15
    • MySQL 4.1, 5.0, 5.1 & 5.5 
  • Password hashes can be pasted from query analyser
  • Password hashes can now be imported from MySQL and Postgres database architectures for analysis
  • Passwords can now be hidden at user's request
  • Password strength meter for quick password strength review
  • Correct SQL for retrieving hashes from instances named "MSSQLServer"
  • Cost effective - requiring minimal time and labour to use

Download product evaluation   Contact us for your 14 day free trial

 

Typhon Network Scanner

Typhon Network Scanner Banner

Can the process of identifying and fixing infrastructure and web application vulnerabilities ever be an exact science?

Typhon is a standalone low cost security network and server vulnerability scanner that is trusted internationally by both large and SMBs. It can efficiently and non-intrusively run live scans of your network.  Typhon is continuously updated with the latest known threats such as the recent Heartbleed bug.

Typhon allows users to audit and manage their exposure across an unlimited IP range and or selected targeted IPs as frequently as they need.  It will run checks for all known vulnerabilities identifying and reporting weakness to; patch levels, configuration issues and industry compliance offering remediation advice and links to fixes.

Typhon also offers our clients free software support from our experienced developers.

Key Benefits

  • Outside In (non-credentialed) or Inside Out (credentialed) scans
    • Audit using Windows or SSH credentials.
    • Scan without credentials following a port scan.
  • Automatically generate reports after completing a scan
  • Run scans on a daily, weekly or monthly schedule.
  • TCP protocol discovery identifies nearly 100 different protocols.
  • HTML format Compliance reports for the following regulatory standards.
    • Compare two sets of scan results to highlight new, fixed and persisting vulnerabilities
  • Integrated web spidering capability offering intelligent script & link scanning
    • Scans every script and referenced link on every page
    • SQL Injection and Cross Site Scripting (XSS) checks in web forms
  • Multiple vulnerability report formats (TXT, RTF, PDF, HTML, XML & External Database)
    • SOX, HIPAA, GLBA, FISMA, ISO 27001(2013), PCI DSS 3.0 and SANS Top 20
  • Trend analysis via comparative reports.
  • Lockdown scripts for Windows registry issues (one click fix)
  • Internal database of ~10,000 checks
    • Patch Checking – contains vulnerabilities on over 250 software products
    • Searchable by either CVE identifiers
    • All severities based on Common Venerability Scoring System.
  • External data sources
    • Downloads and uses patch checking schemas from Microsoft and Oracle
  • Easy to use with scan wizard and intuitive User Interface
  • Lease License model supports unlimited IP addresses
    • Per engagement or per project licenses supported

Download product evaluation   Contact us for your 14 day free trial