Oracle Consulting Oracle Training Oracle Support Development
Home
Catalog
Oracle Books
SQL Server Books
IT Books
Job Interview Books
eBooks
Rampant Horse Books
911 Series
Pedagogue Books

Oracle Software
image
Write for Rampant
Publish with Rampant
Rampant News
Rampant Authors
Rampant Staff
 Phone
 800-766-1884
Oracle News
Oracle Forum
Oracle Tips
Articles by our Authors
Press Releases
SQL Server Books
image
image

Oracle 11g Books

Oracle tuning

Oracle training

Oracle support

Remote Oracle

STATSPACK Viewer

Privacy Policy

  

 

ISBN 0-9776715-2-6
ISBN 13 978-0977671526
Library of Congress Number 2007930081
320 pages - Perfect bind - 9x7 PD 508
Shelving: Database/Oracle Oracle in-Focus: Series # 26
 

  Oracle Forensics
Oracle Security Best Practices

Paul M. Wright

Retail Price $69.95 /  £57.95
 
Key Features   About the Author
Table of Contents   Errata
Reader Comments   Index Topics

Order now and get 30%-off the retail price!

Only $48.95  

Get the Security Pack - Half price!
Both books for only 69.95 - A $140 value
Oracle Privacy Security Auditing:  2nd Edition     $69.95
Oracle Forensics $69.95

Today’s Oracle professionals are challenged to protect their mission-critical data from many types of threats. Electronic data is being stolen is record amounts, and criminals are constantly devising sophisticated tools to breech your Oracle firewall.

With advanced Oracle Forensics we can now proactively ensure the safety and security of our Oracle data, and all Oracle Forensics techniques are part of the due diligence that is required for all production databases. A failure to apply Forensics techniques to identify unseen threats can lead to a disaster, and this book is required reading for every Oracle DBA.

This indispensable book is authored by Paul Wright, the world’s top Oracle forensics expert, and the father of the field of Oracle Forensics. Packed with insights and expert tips, this is the definitive reference for all Oracle professional who are charged with protecting their valuable corporate information.
 
 
 

                
                    Secure your
                Oracle data with     
           advanced  Forensics!

 

Key Features

* Ensure that your mission-critical Oracle data is safe and secure.

* Learn advanced Oracle forensics techniques.
Isolate and remove Oracle vulnerabilities.

* See how to prevent SQL injection attacks.

 

 

This book is a first of its kind and represents a comprehensive solution to the problems raised by Black-hat Oracle researchers.  This definitive reference is the defining union of two proven commercial areas of computer practice and delivers a proven method to ensure that their Oracle servers and processes are secure from outside attack.

Oracle Forensics offers a way to ascertain vulnerability at a technical level which can be automated and built into your current processes. Furthermore this vulnerability can be measured retrospectively in order to gain a metric for risk over a time period that can be compared year after year.

Given the difficulty of patching in many circumstances, the skill of measuring risk can be very useful during planning phases and budget allocation. Running Oracle servers without completely up-to-date patch levels may allow production to carry on unhindered in some cases, but preparation in terms of knowing how best to react in case of an incident is crucial both for compliance but also to keep the companies name out of the media and courtroom in future.

This book will show the reader how to ascertain past vulnerability to zero-days, techniques for patching activity and how to react to an security breach using forensic techniques translated to Oracle databases. Our journey will be illustrated with realistic examples using coded PL/SQL utilities to automate the process as well as new forensic tools for database analysis.

* Develop an automated framework for accessing database security.

* Learn how to handle an incident on an Oracle database forensically.

* Correlate vulnerability information with log data onto an Oracle timeline to allow after the fact analysis.

* Quantify risk by calculating the time for which packages have been vulnerable.

* Learn how test for new vulnerabilities.

* Learn how to forensically identify PL/SQL packages that are vulnerable to SQL Injection.

* Forensically identify past patching activity by the DBA and current Patch level using PL/SQL Scripts.

 

 

About the Author:

 


Paul Wright

 

Paul Wright is currently the world's foremost expert in Oracle Forensics. Mr. Wright wrote the first paper on Oracle Forensics in January 2005 and is the only person to currently hold both the GIAC Oracle Security qualification and the GIAC Forensics qualification.

 
Mr. Wright has a Masters Degree in Computer Science (Msc) from the University of Manchester, specializing on database security analysis and he has nearly a decade of real-world experience as a Oracle certified DBA and developer.

 

Paul was instrumental in his work with NGS Software writing Oracle Security checks for NGS SQuirreL for Oracle (A master tool that provides vulnerability checks that cut out false positives and new Zero day checks), and he teaches various database security related courses for SANS.  


In his spare time, Paul enjoys Jeet Kun Do martial arts, Guitar, walking in the country and swimming.

 

 

Table of Contents:

Chapter 1: Introduction
Intended audience  

Chapter 2: Ten Stages of a network attack
IT Security
Anatomy of an Attack

Chapter 3: Oracle Database Primer
Oracle DB/SQL  

Chapter 4: Oracle Security
Security Concepts  
Client side issues  
Oracle Patching  
Application server issues  
Network issues  
Database issues  
Operating system issues  
Oracle Passwords  
Privilege assignment  
SQL injection  
Buffer overflows
Java security  
Oracle Assessment Kit  

Chapter 5: Contemporary Oracle Server Attack Scenarios Common Attacks
Scenario 1 Default user/password to gain access to passwords
Scenario 2 Exploiting an OS level vulnerability to gain OSDBA account
Scenario 3 Escalating privilege of a low privileged user account  
Scenario 4 Brute forcing SYS AS SYSDBA using OraBrute  
Traditional way to defend against these attacks

Chapter 6: Computer Forensic Incident Handling
Forensic Incident Handling  
Definition of the term “forensic(s)”  
Four core forensics technical tasks mapped from OS to Oracle databases  
Forensic Incident Response  
Oracle forensics scenario 1 ~ Internal deletion - flashback  
Oracle forensics scenario 2 OraBrute of sysdba  
Oracle forensics scenario 3 Using BBED to find deleted data  
Oracle forensics Scenario 4 DB Extended Audit to catch IDS evasion  
Oracle forensics Scenario 5 ~ DB audit is deleted by the attacker  
Oracle forensics Scenario 7 ~ No DB files left by the attacker  
Oracle forensics scenario Conclusion  
Securing Oracle forensically using a Depository  
Time synchronization as the foundation to a good forensic incident response  

Chapter 7: New Vulnerability Research
Looking for buffer overflows  
Local Buffer overflow in Oracle  
PLSQL Injection and finding examples  
 

Chapter 8: Using DB Version Number for Vulnerability Status Identification  
Vunerability Status  

Chapter 9: Oracle Patching Problems
Security Issues  

Chapter 10: Using the OS to ascertain Patch activity
OPatch  

Chapter 11: Ascertaining DB Vulnerability status
Ascertaining status independent of reported patch level
Checksum and package size method  
Packages without ready made checksums ~ 9i and 8i  
Packages with non-vulnerable checksums  
Inferring DBAs patch activity from checksum pattern
Automating the collection of all checksums  
Correlating timestamp with checksum  
Making the PLSQL Package integrity verification more forensically sound.  

Chapter 12: Calculating retrospective risk to zero days
What is a Zero-Day?  
Assessing retrospective Zero-days by checksum and timestamp  
Correlating previous exploitation windows retrospectively  
Flashing back vulnerable objects after patching  
 

Chapter 13: Identifying Oracle Malware  
Forensically identifying Oracle Malware such as rootkits

Chapter 14: Defeating Oracle Antiforensics
Defensive Strategy 

Chapter 15: Depository Review ~ Quis custodiet ipsos custodes
Repository  
Oracle Audit vault  

Chapter 16: Handling forensic investigation data
Using databases to handle the data of an ongoing forensic investigation 

Chapter 17: Important Messages
Conclusions 

Appendix A: The Boot CDs
The boot CDS 

Appendix B: Object Reference Numbers
Object reference numbers for the object integrity query

Appendix C: DBMS_METADATA
List of object types and which object types DBMS_METADATA will handle.  

Reviews:

Errata:
 

 
  Index:
 

*
*nix  

A
Agntsrvc.log
Alert log
amap
AppDetective
AppSecIncs
Archived redo logs
aud$
Autopsy

B
banner grabbing
BBED
bespoke
buffer overflow
 

C
Cain
CANVAS
catcpu.sql
cdc_drop_ctable_before
change_table_trigger
ChangeTableTrigger
checkpwd
CORE Impact
Coroners Toolkit
ctxsys.driload
 

D
db_block_checksum
db_extended
dba_audit_trail
dba_fga_audit_trail
dba_objects
dba_registry_history
dba_source
dba_users
dba_views
dbms_assert
dbms_cdc_impdp
dbms_cdc_ipublish
dbms_export_extention
dbverify
do_brk()

E
Encase
Exploitation
Extproc

F
fga_log$
Flashback
forensic_host
 

G
get_domain_index_metadata
GLB

H
Hiding tracks
HIPPA
 

I
imperva bug
Incident Handler
Infraguard
 

J
JDUL
JTR

L
Lazarus
Listener log
listener.ora
Logminer
LogMiner
lsnrctl
lsof
 

M
Metasploit

N
nessus
Nessus
netcat
netstat
Network mapping
NGS SQuirreL
Nmap
 

O
OPatch
OraBrute
Oracle Listener
Orapwd
OraPWD
Oscanner
 

P
Paketto keiretsu
Port scanning
Privilege escalation
 

R
Rainbow crack
Reconnaissance
Recyclebin
Redo logs
Rexec
rexecd
Rootkit
Rootkit installation
 

S
SADMIND
SADMIND overflow
SANS SCORE GUIDE
Security forest
SIDGuess
Sleuthkit
SNORT
SOX
SQL injection
SQL Injection
SQL*PLUS
Sqlnet.log
SQLTools
SQUIRRELPATCH
Stage
sys.aud$
SYS.USER$

T
timestomper
tnscmd.pl
tnsnames.ora
tnsping
Tomsrootboot
Tor
Typhon
 

U
Ultraedit
user$
utl_file
 

V
v$logmnr_contents

   

 Copyright © 1996 -2016 by Burleson. All rights reserved.


Oracle® is the registered trademark of Oracle Corporation. SQL Server® is the registered trademark of Microsoft Corporation. 
Many of the designations used by computer vendors to distinguish their products are claimed as Trademarks