Quick and Basic Security Assessment for Databases

When preparing a database solution, one must always make sure that the security of the database is up to specification. The first step in proper securing of the database is a security posture assessment.

While there are a lot of tools that will do this for you, Imperva has a free tool named Scuba that will do very basic but very fast database security posture assessment.

To use Scuba, just download and extract the zip file to a folder. Input the DBMS connection parameters, test the connection and press Go.

After Scuba finishes the assessment, it produces an XML report. To review it in a human readable form, choose the level of detail from the report templates (Summary, Assessment with details, Assessment without details) and generate the HTML.

Here is a screenshot of the generated assessment report

The level of the report quality is basic, but it will point you in the right direction by sifting through the well known attack methods and vulnerabilities. One must not rely simply on this tool for database security, and should employ other relevant tools.

User warning: Since the tool comes with NO DOCUMENTATION, here are several warnings and tips that will ease your usage

  1. Since Scuba is a Java based tool, it requires JRE to work. Also, in order to connect to MS SQL RDBMS, you must have a Microsoft SQL Server JDBC Driver installed.
  2. The error messages are logged but there is no user friendly message when an error occurs. In order to debug possible problems, look for the 'scuba-error.txt' file and read through the Java exceptions recorded.
  3. The 'scuba-error.txt' file is appended, so the last error in the file is the one that hit you. For easier debugging, delete the scuba-error.txt after each session to limit the errors from the current session only.
Talkback and comments are most welcome

Related posts
Thrown in the Fire - Database Corruption Investigation
SQL Server Bulk Import - BCP HOW TO
3 Rules to Prevent Backup Headaches

No comments:

Designed by Posicionamiento Web