Re: db unsolicited access

From: Seth Miller <sethmiller.sm_at_gmail.com>
Date: Tue, 26 Jan 2016 10:43:59 -0600
Message-ID: <CAEueRAVbgNVCZ7PueXQ0Q7zZ_f_Gi8x8OO6Xo9g9Lh7QKNcY+Q_at_mail.gmail.com>



MJ,

Database auditing is your friend. You can audit almost anything in the database, including queries but it won't do you any good unless you have it turned on and correctly configured before the threat happens.

Database Firewall and Database Vault can also help with diagnosis and even prevention in these situations but again, they have to be in place and running before the event occurs.

Seth Miller

On Tue, Jan 26, 2016 at 3:30 AM, Niall Litchfield < niall.litchfield_at_gmail.com> wrote:

> Hypotheticals don't work here. You'd need to understand the specific
> threat and timeframes involved and investigate accordingly. If you are
> concerned about object definition changes you'd look for evidence of that,
> for data changes a different set of specific steps would be required.
>
> I'd expect the in-house info sec team to lead on this, potentially with
> external consultancy as well.
>
> On Tue, Jan 26, 2016 at 2:42 AM, MJ Mody <emjay.mody_at_gmail.com> wrote:
>
>> Oracle Experts
>> I have a hypothetical scenario and apologize for open-ended questions. I
>> will not confirm or deny the following statements. Say your management just
>> got word that some clients' pcs had malware that compromised external
>> facing applications and database objects supporting these applications.
>> While there are v$ and dba_ views that DBA can use to investigate the
>> severity.
>> Any recommendations or sql that DBA can run to do 'damage assessment' or
>> 'damage control'.
>> Your insight is greatly appreciated.
>>
>> Best
>> MJ--
>> http://www.freelists.org/webpage/oracle-l
>>
>>
>>
>
>
> --
> Niall Litchfield
> Oracle DBA
> http://www.orawin.info
>

--
http://www.freelists.org/webpage/oracle-l
Received on Tue Jan 26 2016 - 17:43:59 CET

Original text of this message