IPLocks Vulnerability Assessment: A Database Assessment Solution

Transcription

1 IPLOCKS WHITE PAPER September 2005 IPLocks Vulnerability Assessment: A Database Assessment Solution 2665 North First Street, Suite 110 San Jose, CA Telephone:

2 TABLE OF CONTENTS INTRODUCTION...2 DATABASE VULNERABILITY ASSESSMENT...2 Auto Discovery...3 Assessment Rules...3 Analysis and Reporting...3 PRIVILEGE SUMMARY...3 SUMMARY...4 ABOUT IPLOCKS...5 1

3 INTRODUCTION Security is a top concern in every enterprise. Enterprises have spent millions of dollars on ensuring their network is secure from intruders. With dozens of vulnerabilities uncovered daily, it has become increasingly difficult to manage the overwhelming number of patches from all the various software and hardware vendors. Enterprises have to ensure critical security patches have been applied across the environment as it only requires a single point for an intruder to gain access. There is a wide array of vulnerability assessment tools available. Typically, vulnerability assessment tools focus on the vulnerabilities associated with network and operating systems. Network vulnerabilities tools are designed to report network configuration flaws and security holes that an intruder might exploit. Ensuring operating systems are updated with the most current security patches is essential to maintaining security and availability. As companies are continually investing in traditional network, operating system, anti-virus, and anti-spam security solutions, the susceptibility of the database is often overlooked. Since over 90% of intellectual property is stored in databases, it is critical to ensure the most recent security patches have been applied and that security best practices are enforced across the enterprises heterogeneous database environments. Most enterprises use a manual approach to discover and patch vulnerabilities. This manual process is generally time consuming, flawed, and inconsistent. The Aberdeen Group identified that there is no improvement to information vulnerabilities unless an automated vulnerability system is utilized. Those that used an automated approach discovered hundreds of vulnerabilities enabling them to plug remaining compliance gaps. 1 Working along side traditional security solutions, the IPLocks Vulnerability Assessment is a key component to securing enterprise s critical information within the database. DATABASE VUNERABILITY ASSESSMENT Database vulnerabilities are routinely uncovered by database vendors, Mitre, Security Focus, and various consulting firms. The IPLocks Vulnerability Assessment Solution is a software product enabling enterprises to automatically and consistently identify and address database vulnerabilities. With the IPLocks Vulnerability Assessment Solution, enterprises are able to auto-discover databases, assess and alert against pre-defined and customized vulnerability rules, and provide summary and detailed reports. The IPLocks Vulnerability Assessment software is easily installed on Windows or Linux systems. It is separate from the scanned database server(s) and can be managed from anywhere on the network from an intuitive web-based management console or via our Command Line Interface (CLI) (Figure 1). The CLI is used to automate the assessment functions and easily manage hundreds or thousands of databases. The vulnerability assessment can be completed in minutes depending on the size of the individual database. The IPLocks Vulnerability Assessment currently supports IBM, Microsoft, Oracle, Sybase, and Teradata 2 databases. Figure 1: IPLocks Vulnerability Assessment assesses local and remote databases within the enterprise. 1 Aberdeen Group Best Practices in Security, Information and Access June Available in upcoming release. 2

4 Auto discovery To ensure the security of critical data, administrators need to be aware of all local and remote databases in the enterprise. The IPLocks Vulnerability Assessment Solution is capable of discovering all databases, known and unknown, within the network and scanning them for potential vulnerabilities. By supplying IPLocks with the IP address range and port numbers, all databases including those at remote sites, can be discovered and assessed. Assessment Rules The IPLocks Vulnerability Assessment has hundreds of vulnerability rules with ranging severity. The rules have been gathered from database vendors and security organizations and can be supplemented by an unlimited number of user-defined rules to address any company specific vulnerability policies. Any violations and recommended corrective actions are collected, recorded, and sent as alerts. Since vulnerabilities and best practices are periodically uncovered, it is imperative that the vulnerability rules stay current. IPLocks provides an automated notification when new policies and rules are available for download via the IPLocks VA Up2date notification program. Since enterprise environments are dynamic, IPLocks provides the mechanism to schedule vulnerability assessments. Once a baseline is established, use IPLocks to track security progress and identify new vulnerabilities as new policies are added. Analysis and Reporting IPLocks provides a suite of reports to ease the task of vulnerability analysis and to help prove the accuracy and stability of the database required by internal, state, and federal regulations (Figure 2). Score Reports are generated for each database to easily identify the critical and major security holes. Summary Reports contain an item-by-item summary demonstrating which rules have passed and which have failed. Each rule is color-coded by severity to easily gauge the state of vulnerabilities. Detailed Reports provide information as to the significance of the rule, where the rule came from, and suggestions on how to resolve the problem. Trend Reports are available to demonstrate how database vulnerability health has progressed over time. Global reports show an overall health report for all databases and per database type. Privilege Summary Although most databases come with the ability to report on user and group permissions, IPLocks Vulnerability Assessment provides a summary report on all heterogeneous databases across the enterprise. It is no longer necessary to depend on others to generate a permission report per database. Using the IPLocks Vulnerability Assessment, generating a complete view of permissions for users, groups, and roles across all databases is simple and fast. This unique feature also identifies if the privilege is obtained directly or indirectly. Reports are downloaded to PDF, Excel, and text file formats or exported to third party tools for specialized report generation. Figure 2: Vulnerability Assessment Reports. 3

5 Figure 3: Three pillars of the IPLocks solution: Vulnerability Assessment, Monitoring, and Auditing. summary The IPLocks Vulnerability Assessment is an enterprise class software solution that tracks and manages database vulnerabilities by autodiscovering databases, assessing and alerting against pre-defined and customized vulnerability rules, and providing summary and detailed reports of vulnerabilities. IPLocks complements existing network and operating system security solutions and goes beyond traditional vulnerability assessment to minimize operational, software, configuration, and security risks. The IPLocks Vulnerability Assessment is the first step in hardening databases within the enterprise. In order to reliably secure the information critical to your business, a complete risk management solution containing database vulnerability assessment, continuous monitoring, and auditing is essential. IPLocks Information Risk Management Solution for databases enhances the Vulnerability Assessment by providing monitoring and auditing for all aspects of database security: user behavior, privileges, metadata, content, and transactions (Figure 3). The IPLocks Information Risk Management Solution sends out near real-time alerts on any abnormal behavior or potential security breaches. For more information about IPLocks Information Risk Management Solution or IPLocks Vulnerability Assessment Solution, please visit 4

6 ABOUT IPLOCKS IPLocks, Inc. is the leading provider of database security and information risk management solutions. The company works with enterprises worldwide to protect critical information assets from negligent and malicious user threats, manage database security policy vulnerabilities, ease the pain of compliance and to protect privacy. San Jose, California-based IPLocks is a privately held global corporation with customers throughout North America, Asia Pacific, South America, and Europe. For additional information, visit IPLocks and the IPLocks logo are trademarks of IPLocks, Inc. All rights reserved. Any unauthorized use or reproduction of the IPLocks logo is prohibited IPLocks, Inc. Rev 1 9/05. 5