NGSSQuirreL for Oracle is the most comprehensive security auditing tool designed for an Oracle database server. NGSSQuirreL for Oracle performs the fullest audit of business risk currently available in any Oracle database server vulnerability scanner.
NGSSQuirreL for Oracle is intuitive and fully configurable, performing literally hundreds of checks including denial of service and remote server compromises. NGSSQuirreL for Oracle is designed to be an ideal tool for any developer, administrator or security professional.
Here are some key features of "NGSSQuirreL for Oracle":
· Built-in Password Auditor included for detection of weak passwords
New check database architecture:
· View and edit core checks
· Create user checks, user references and user reference types
· One click fix – fixes vulnerabilities by generating lockdown scripts
· Multiple reporting formats (TXT, RTF, HTML, XML & External Database)
Flexibility – manual or auto select audit level with an option to view and/or change all checks performed:
· Quick – No credentials
· Normal – User credentials
· Full – Admin credentials
Up to date automatically:
· Regularly updated as and when new vulnerabilities are discovered
Supports the following RDBMS infrastructures:
· Oracle 7r3/8i/9i/10g/11g
· Oracle listener – carries out a complete scan of Oracle TNS listener vulnerabilities including denial of service and remote server compromises
· Compatible with Cyber-Ark enterprise password vault (EPV)
· Part of the Cyber-Ark PIM System (Password Management System)
· Oracle security parameters – parses Oracle environment parameters and alerts on any incorrect configurations
· Full auditing – audits permissions on custom tables and views
· Security manager – directly administers and manages users, roles, profiles, object privileges & system privileges in Oracle RDBMS
· Checks for unencrypted sensitive information such as credit card and Social Security numbers.
Comparative Reporting built-in:
· Compares two scans over time, listing New, Fixed and Persisting vulnerabilities
· This allows Trend Analysis to be performed over time
Compliance auditing built-in:
· PCI-DSS, FISMA, HIPAA, SANS Top 20, SOX, GLBA
· CIS Benchmarks for Oracle
Requirements:
· Minimum Pentium III or Athlon at 1GHz (Pentium 4 at 2Ghz or Athlon XP 2000+ recommended)
· Minimum 256Mb Ram (512Mb+ recommended)
· 20Mb free disk space for installation and program files
· 150MB – 625MB (depending on version) for the Oracle Client Components
Limitations:
· 30 day time limit.
· No descriptions for high and critical severity bugs.
· Zero day issues removed.
· Resultsets are limited to 75 characters for high and critical severity issues.
· Can't export to XML or an ODBC datasource.
· Only CIS Benchmark compliance template enabled.
· Unencrypted Sensitive information checks are limited to first 200 tables.
· 5 instance limit.
· Can't edit core checks or create user checks.
· Lockdown script functionality disabled.
· Security Manager disabled.
What's New in This Release: [ read full changelog ]
· CIS Benchmark for 11g compliance template
· Previleges held by locked or expired accounts now reported as informational
· OCI Support - no third-party drivers are now required to use NGS SQuirreL
· introduced comparative reporting
Find us on Google+
