Oracle Database Vault ~ Sponsor
Aprenda cómo Oracle Database Vault trata requisitos reguladores comunes de la conformidad y reduce el riesgo de las amenazas del iniciado. Oracle Database Vault es la solución principal de la seguridad de la base de datos de la industria para tratar conformidad y preocupaciones reguladoras por la amenaza del iniciado. Las ayudas Oracle Database Vault tratan los requisitos del control de acceso asociados a regulaciones tales como PCI y Sarbanes-Oxley. Oracle Database Vault está disponible para el lanzamiento 2 de la base de datos 9i de Oracle, el lanzamiento 2 de la base de datos 10g de Oracle y el lanzamiento 1 de la base de datos 11g de Oracle. Oracle Database Vault se ha validado con los usos de Oracle PeopleSoft.
Read the Article
|
Oracle Forensics Part 1: Dissecting the Redo Logs
This paper represents the first in a series of papers on performing a forensic analysis of a compromised Oracle database server. The research was performed on an Oracle 10g Release 2 server running on Windows. It is important to note that just because something is the way it is in this version of Oracle running on Windows it may not be true of another version of Oracle running on a different operating system. That said, this paper will still provide guidance to a forensic examiner that needs to perform an analysis. Further, as and when I have new information with regards to the "correctness" of this paper as it relates to other systems I will update this paper.
Read the Article
|
Oracle Forensics Part 2: Locating Dropped Objects
After a successful compromise of a database server an attacker will usually attempt to hide their activities and this may include the dropping and purging of objects that they have created along the way, for example tables, functions and procedures. As this second paper in the Oracle Forensics series will show, even when an object has been dropped and purged from the system there will be, in the vast majority of cases, fragments left “lying around” which can be sewn together to build an accurate picture of what the actions the attacker took – or at least some of their actions. Perhaps, depending upon how quickly an investigation takes place from the incident in question, even all data pertaining to the dropped object or objects may still be found.
Read the Article
|
Oracle Forensics: Part 3 Isolating Evidence of Attacks Against the Authentication Mechanism
In this section we’ll look at attacks against the authentication mechanism and evidence from the TNS Listener log file and audit trail, assuming CREATE SESSION is audited of course, and to check whether a logon attempt was successful or not. We’ll also look at other attacks levelled at the authentication process including SID guessing, user enumeration and brute forcing of passwords over the network. We’ll also look at the differences between a logon attempt via the FTP and Web services provided with the XML Database and directly with the RDBMS itself.
Read the Article
|
Oracle Forensics Part 4: Live Response
An organization should have a clear understanding of what actions should be taken in the event of an incident occurring. For those that don’t have a plan often the knee-jerk response is to pull the plug or disconnect the system from the network. This prevents further incursions and theft of data so it is an understandable reaction to have. In taking this action however, useful evidence such as volatile, in-memory data may be lost. Or even worse – consider the case where a logic bomb has been planted.
Read the Article
|
Oracle Forensics Part 5: Finding Evidence of Data Theft in the Absence of Auditing
Knowing whether an attacker has gained access or not is critical when it comes to making the decision as to notify or not. This paper will show how an incident responder may determine if a such a breach of an Oracle database server has occurred in the event that there is no audit trail but it is suspected that an attacker has gain unauthorized SELECT access to data.
Read the Article
|
Oracle Forensics Part 6: Examining Undo Segments, Flashback and the Oracle Recycle Bin
This paper examines the ways in which a forensic examiner or incident responder may look for evidence in those places and technologies designed by Oracle for disaster recovery purposes; namely Undo segments, Flashback and the Recycle Bin of a compromise and the actions an attacker may have taken. Please note that the research conducted for this paper was performed on Oracle 10g Release 2 and the information therefore should only be considered as pertaining to that version. This paper, however, can act as a suitable guideline for researching other versions of Oracle.
Read the Article
|
Dangling Cursor Snarfing: A New Class of Attack in Oracle
In Oracle, a failure to close cursors created and used by DBMS_SQL or a failure to clean up open cursors in the event of an exception can lead to a security hole. If the cursor in question has been created by higher privileged code and left hanging then it's possible for a low privileged user to snarf and use the cursor outside of the application logic that created it. This can lead to data being exposed. Ensuring that cursors are closed after use is, of course, good programming practice but, as we know, good programming practices do not always prevail. What is detailed in this document should provide a security reason as to why developers should ensure that cursors are closed properly, especially in the event of an exception.
Read the Article
|
Oracle Passwords and OraBrute
This paper will discuss the weakness of Oracle passwords and how they are implemented with a reference to a number of current security issues. Lastly this paper will introduce a tool to exploit this weakness in Oracle's most priviledged account.
Read the Article
|
Oracle Security - Keeping Information Private
In this paper I want to explore the rather interesting row level security feature added to Oracle 8i and above, starting with version 8.1.5. This functionality has been described as fine-grained access control or row level security or virtual private databases but they all essentially mean the same thing. The following section describes what row level security can be used for and how it can be used, with some simple examples to illustrate.
Read the Article
|
