Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: DB Auditing & Intrusion Testing Tools

Re: DB Auditing & Intrusion Testing Tools

From: Pete Finnigan <pete_at_petefinnigan.com>
Date: Wed, 23 Jul 2003 09:57:30 +0100
Message-ID: <x2uk+AB63kH$EwYZ@peterfinnigan.demon.co.uk> 





Hi Glen,



Tanel is right, I wrote a simple Oracle scanner for
www.securityfocus.com in 2001. My white papers section has links to many
papers about a lot of aspects of Oracle security written by me and many
by others.



You might be interested in a paper i wrote recently about Oracle audit
that gave some sample SQL for detecting wrong doings such as trying to
connect with non existent accounts, users sharing accounts, attempts to
access the database at strange hours etc.



And also I have written three papers on SQL injection and Oracle, the
latest is "detecting sql injection on Oracle" which was published
yesterday in fact. the links are all on my site
http://www.petefinnigan.com



There are no companies yet (as far as i know) that produce an IDS for
Oracle although at least three that i know of are actively looking at
writing one. www.appsecinc.com has an IDS for MS SQL and they talked a
long time ago about writing one for Oracle - not sure of the status of
it at present. There are many network based intrusion manager systems
from companies such as Tivoli that claim to support Oracle, what this
usually means is that you need to feed audit logs, alert logs etc into
its engine and create rules/signatures to recognise security issues. I
also know of one guy who is looking into updating snort rule bases to
support attacks on Oracle although i don't think much progress has been
made yet.



There are commercial tools to security audit / check a database from
companies such as www.appsecinc (appdetective) and www.nii.co.in
(auditpro) www.iss.com (database scanner), www.ngssoftware.com (NGS
Squirel), ESM for Oracle from Axent. Most of these are very expensive. I
think most of these tools (I am not sure about ISS and ESM) can be
downloaded on free time limited trials.



From what you have listed i would suggest as Sybrand does looking at
audit features of Oracle yourself and writing some simple reports at
least as a staring point. For auditing granted privileges roles access
etc, have a look at some of the papers on my site, they give you some
good starting points of what to check and have a look at the simple
scanner i did, there are also three books on the subject: "Oracle
security" - O'Reilly, "Oracle security handbook" - Oracle Press and
"Oracle security step-by-step" - SANS Institute.



hth



kind regards



Pete

-- 
Pete Finnigan
email:pete_at_petefinnigan.com
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.


Received on Wed Jul 23 2003 - 03:57:30 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US