The WhiteHack Blog

I have noticed that I have not been including much in the way of security items within this blog, so lets kick off with a couple of cool new/updated toys.

First up we have GreenSQL, a database firewall.

(Original article here)

Any site that uses a database backend needs to be very aware of how easy a SQL injection attack is, just do a search on youtube and you’ll find loads (well, just under 800). For a good (and easy to read) book explaining how to protect against SQL injection (using PHP & MySQL 5) check out this book.

For those of you who want to take a belt-and-braces approach to your website back end security an interesting option is GreenSQL.

GreenSQL is an Open Source database firewall designed to protect databases from SQL injection attacks. It works as a proxy.

GreenSQL uses a risk scoring matrix as well as blocking known database admin commands such as DROP and CREATE.

It is released under the GPL license, and comes ready packaged for Debian, Ubuntu, Redhat (and rebuilds) and FreeBSD distros.

Installation

Installation is fairly simple

• Download the greensql-fw package (here)
• Install
• Set up the configuration database (/usr/sbin/greensql-config – using either MySQL or PostgreSQL) to store alerts and the configuration
• Start the firewall (/etc/init.d/greensql-fw start)
• Load up the web-based management tool
• Validate the settings (mysql -h 127.0.0.1 -P 3305 -u root -p)
• Change your PHP code to point to the firewall

Once you have reached step 6 (Validate) you can type a show databases; command, and (if everything is set up correctly) you will get this result:
Query OK, 0 rows affected (0.00 sec), this shows that GreenSQL is blocking the command.

Changing the PHP code is easy as well, if your existing connection details show as: $link = mysql_connect('localhost', 'mysql_user', 'mysql_password');, just change it to $link = mysql_connect('127.0.0.1:3305', 'mysql_user', 'mysql_password');, and you are all set.

Download from here.
GreenSQL’s site is here.

Next up we have the latest incarnation of nmap (version 5.21).

Nmap (network mapper) is a must-have in any security toolkit. It is a free open source utility for network exploration or security auditing.

It is fast and can whizz through large networks. Using raw IP packets NMAP can determine:

• What hosts are available on the network
• What services (application name and version) those hosts are running
• What operating systems (and OS versions) they are running
• What type of packet filters/firewalls are in use
• And much much more

If you look after a network you NEED nmap. It will get you out of at least one tricky situation.

Verion 5.21 offers over 150 improvements from the last version including:

• 30+ new Nmap Scripting Engine scripts
• Enhanced performance and reduced memory consumption
• Protocol-specific payloads for more effectie UDP scanning
• A completely rewritten traceroute engine
• Massive OS and version detection DB updates (10,000+ signatures)

Get the Linux version here, the Windows version here, or head over to nmap’s site here.