60 Oracle Security Tips in 60 Minutes

Source: www.seouc.com
Topic: Oracle Programming

Short Desciption:
Understand Exploits • What : Oracle exploits are available for review and experimentation • Why : Understanding and demonstrating exploits can raise data security awareness • How

 

Content Inside:
60 Oracle Security Tips in 60 Minutes SEOUC 2007 Kenny Smith (and Trish Holliman, Igor Ryzhkov & Bob Vance) Understand Exploits • What : Oracle exploits are available for review and experimentation • Why : Understanding and demonstrating exploits can raise data security awareness • How : Find exploit information and play with hacks on test databases • Where : -Aaron Neumans"Anatomy of a Database Attack" -Review www. red - database - security .comsite -Badstore.net, CAIN, password crackers Tip #1 of 60 Hijack a Users Account • What : A users password hash can be captured from DBA_USERS or export file. Someone with ALTER USER privilege can change the password, do some work, then replace the password using the hash • Why : Misuse can occur as a trusted user without that users detection • Where : See - www.pentest.co.uk/documents/ora_pwd_thorts .htm - http://asktom.oracle.com for "Password in DBA_USERS" Tip #2 of 60 Hijack a Users Account SELECT password FROM dba_users WHERE username = SCOTT; ALTER USER scott IDENTIFIED BY hijack; CONNECT scott/hijack GRANT SELECT ON scott.emp to PUBLIC ALTER USER scott IDENTIFIED BY VALUES 23E3F8C1BB14BB4 D; Tip #2 of 60 Hijack a Users Account •To prevent and detect this attach: *Limit user access to the DBA_USERS view *Audit database changes like user password alterations or escalation of privileges *Prevent commands by being run via PRODUCT_USER_PROFILE table entries. Tip #2 of 60 Automate Database Assessments • What : Examine your database for vulnerabilities • Why : Helps you catch problems • How : Automated options include: -Oracle Enterprise Manager (Configuration Pack) -Application Securitys AppDetective -Center for Internet Security Benchmarking tool • Where : See these sites - www.oracle.com/technology/products/oem/pdf /ds_as_cmp_r2.pdf - www.appsecinc.com - www.cisecurity.org • Note : Find da ...

 

 

oracle security pdf, badstore pdf, badstore net download, download games in 60 minutes, 60 oracle security tips smith, free download pdf oracle discoverer, oracle 60 minutes, badstore net, oracle security with oem, appsecinc