TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
> > Database Scanner 4.1. This latest version continues to
> reinforce Database
> > Scanner's status as the first and only database security
> solution of its
> > kind:
>
> How do you mean the only one of it's kind, what does it
> provide over and
> above the other database scanners currently on the market?
There are probably several attribrutes that we have focused on that make
Database Scanner unique:
Integration with ISS Overall Framework and Architecture.
- Combining Scanning Technologies
- X-Press Updates
- Decisions
Depth of Database Security Knowledge.
Easy of Deployment and Use.
>From an ISS framework and integration standpoint:
It is the only database protection that I am aware of that is integrated
with a networking scanning technology. For example, with Internet Scanner,
it locates many of the databases on a network, and feeds the DB location to
the Database Scanner (DBS). DBS attempts brute force password cracking
against Oracle, SQL, and Sybase. If successful, can do a full-audit of the
database security profile. We are finding many auditors are loving this
feature.
With X-Press Updates capability that we have built into all our security
agents, including Database Scanner, it gives ISS the unique ability to
rapidly push new updates to our agents. This gives us the ability to
update and protect very fast. For example, last year Internet Scanner had
12 X-Press Updates (targetting approx. 1 per month). I am not aware of any
commercial Scanner being updated as frequently. Even last month, we just
had an X-Press Updates with 44 new checks. In case of an emergency, X-Press
Updates allow us to rapidly update the DBS.
With DBS tied into Decisions, this gives the ability to combine data from
System Scanner, Internet Scanner, and Database Scanner into single cohesive
reports for analysis and security trends.
Depth of Security Knowledge
Pioneering in this database security market, when combining all the security
tests for Oracle, MS SQL, and Sybase, we have developed close to 300 or more
security configuration and vulnerability assessment tests which profile the
database security. We have released 4 or 5 database security advisories of
high risk issues (Found at http://xforce.iss.net/alerts/alerts.php). There
is no other company that I am aware of who has released as many security
advisories on databases as Internet Security Systems.
Easy of Use and Deployment
We have spent significant number of resources and are very proud of the
database security team in making this product very easy to use and deploy.
We've made the GUI intuitive and easy to navigate. One aspect of DBS is that
you do not need to install DBS on the database server itself, but can be
used similiarly as our Internet Scanner from across the network. For an
auditor, they can run everything from their laptop as long as it has network
connection. This minimizes deployment effort of actually installing
software on each DB server. You can rapidly measure and determine the
security status of databases.
Hopefully this helps. Any feedback on how to improve our products is always
welcome.
Thanks,
ck
>
> http://www.networkintrusion.co.uk
> Talisker's Network Security Tools List
>
> Security Tools Notification
> http://groups.yahoo.com/group/security-tools/join
> ----- Original Message -----
> From: "Klaus, Chris (ISSAtlanta)" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, January 29, 2001 5:09 AM
> Subject: Database Scanner Version 4.1 Now Available!
>
>
> >
> > TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of
> your message
> to
> > [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
> problems!
> >
> --------------------------------------------------------------
> ------------
> --
> >
> >
> > Greetings:
> >
> > The Database Scanner development team is proud to announce
> the release of
> > Database Scanner 4.1. This latest version continues to
> reinforce Database
> > Scanner's status as the first and only database security
> solution of its
> > kind:
> >
> > "A killer security-scanning application that is never-out-of date."
> > - Windows 2000, January 2001
> > (http://www.sqlmag.com/Articles/Index.cfm?ArticleID=16059&pg=1)
> >
> > Database Scanner 4.1 delivers the following new features
> and enhancements:
> >
> > - Enhanced X-Press Update Support. Increasing Database
> Scanner's ability
> to
> > be a more dynamic and up-to-date database security solution.
> >
> > - Enhanced Integration with Internet Scanner. Database
> Scanner penetration
> > testing feature now supports dynamic ("on-the-fly")
> connections for any
> > database servers discovered by Internet scanner. This
> enhancement allows
> > users to automatically run a penetration test on any database server
> > detected by Internet Scanner.
> >
> > - New Policy Levels. Database Scanner now includes a new set of
> pre-defined
> > security policy levels, ranked Level 2 through 7, as well
> as a default New
> > Security Policy that simplifies the creation of new policies.
> >
> > - Expanded Database Version Support. Database Scanner 4.1
> adds support
> for
> > the latest versions of each supported database platform:
> > - Microsoft SQL Server 2000 (SQL Server 8)
> > - Oracle 8.1.6 (Oracle 8i, Release 2)
> > - Sybase Adaptive Server 12
> >
> > - New Vulnerability Checks. This release adds thirteen new
> checks (7 MS
> > SQL, 1 Oracle, 5 Sybase) to Database Scanner's check
> catalog. For more
> > details, see the "What's New" section located at the following:
> > http://www.iss.net/customer_care/whats_new/dbs_new.php. A complete
> listing
> > of Database Scanner checks can be found within the
> following location:
> > http://documents.iss.net/literature/DatabaseScanner/DBS41Checks.pdf.
> >
> > - New Reports. Two new reports are included in Database
> Scanner 4.1. A
> > complete sample set of reports are available online within
> the following
> > location:
> >
> http://www.iss.net/customer_care/resource_center/product_lit/s
ecurity_assess
> ment/reports/
>
> - Audit Configuration (MS SQL Server 2000): This report displays
> information on configured traces and the events configured for each trace,
> as implemented in Microsoft SQL Sever 2000.
> - Roles / Users (Sybase Adaptive Server): The Roles/Users Report
> lists information about system and user defined roles, and shows the users
> that are members of each role.
>
>
> The following are links to some recent positive reviews of previous
versions
> of Database Scanner:
>
> Database Scanner 4.0.1 - Set and enforce security policies (Windows 2000
> Magazine, January 2001)
> - http://www.sqlmag.com/Articles/Index.cfm?ArticleID=16059&pg=1.
>
> Database Security - Securing Oracle (Information Security Magazine,
> September 2001)
> - http://www.infosecuritymag.com/articles/september00/features1.shtml
>
> In Conclusion:
> Internet-enabled organizations need a database security solution that is
> flexible, easy-to-use, and saves valuable resources. Database Scanner
meets
> this need, empowering organizations to protect their valuable data and the
> continued operation of their critical systems.
>
> For additional questions concerning Database Scanner version 4.1, please
> feel free to contact the following anytime:
>
> - Eric Gonzales, Product Manager ([EMAIL PROTECTED])
> - Patrick Wheeler, Technical Product Manager ([EMAIL PROTECTED])
>
>
>
