NGS Squirrel for Sybase

• Fix vulnerabilities by generating lockdown scripts,

• Generate Comprehensive Reporting,

• Three-mode audit level (quick, normal and full),

• Be regularly updated as and when new vulnerabilities are discovered.

Installation:

NGSSquirrel for Sybase ASE can be currently used on:

Microsoft Windows 2003,

Microsoft Windows 2000,

Microsoft Windows XP,

Microsoft Windows NT Version 4.0 (Service Pack 4+)

Minimum Pentium III or Athlon at 1GHz (Pentium 4 at 2Ghz or Athlon XP 2000+ recommended)

Minimum 256Mb Ram (512Mb+ recommended)

It is available from here.

In addition Sybase ODBC drivers require to be installed (available from Sybase).

Note: - At the time of writing the current product does not work with Sybase ASE15 development edition ODBC drivers and I utilised the ODBC drivers contained within the pcclient12.5 from Sybase.  An ODBC connection could be formed between the Windows XP SP2 test machine and the remote database using the ASE15 drivers but NGS Squirrel could not detect them.

The product itself provides very verbose output and although the GUI does look a little basic, it is functional and provides all the information you need when assessing Sybase servers.

Execution:

Select Scan from the top menu and add a host.

Select Scan from the top menu and add an instance (if not detected)

Select the Instance, right click and select scan settings

Add a valid username and password and to be on the safe side, press the test connection key to verify connectivity.

Alternatively select the I don't have a valid User ID and password and enter account names to be tried and either use the pre-supplied NGS dictionary or use your own.

Select the reporting tab from scan settings and decide on the level of test, quick, normal or full

Press the green arrow, the scan should begin.

Once finished you can save the scan for re-use and export the scan to a number of differing formats.

Abridged Squirrel output:

High Priorities

Non-default admin logins

Issue path: /200.100.100.231/master/Problems/Logins/Non-default admin logins
Severity: High
Details: Administrative login accounts were found that are not present by default. This may be desired behaviour, or it may indicate that the server has been compromised. Please manually confirm that these administrative accounts are really necessary.
Results:

Allow Remote Access

Issue path: /200.100.100.231/master/Problems/System Settings/Allow Remote Access
Severity: High
Details: Currently other Sybase ASEs may connect to this server over RPC. Run sp_configure.
Results:

Medium Priorities

200.100.100.231

Select

Issue path: /200.100.100.231/master/Warnings/Databases/gash/Public Object Permissions/sysalternates/Select
Severity: Medium
Details: The 'public' role has permission to select from the gash.dbo.sysalternates
Results:

Select

Issue path: /200.100.100.231/master/Warnings/Databases/gash/Public Object Permissions/sysattributes/Select
Severity: Medium
Details: The 'public' role has permission to select from the gash.dbo.sysattributes
Results:

Execute

Issue path: /200.100.100.231/master/Warnings/Databases/master/Public Object Permissions/sp_configure/Execute
Severity: Medium
Details: The 'public' role has permission to execute master.dbo.sp_configure
Results: