Re: Oracle Auditing

From: Pete Finnigan (plsql@peterfinnigan.demon.co.uk)
Date: Thu Aug 11 2005 - 15:02:10 EDT

• Next message: Brokken, Allen P.: "RE: Application Assessment"
• Previous message: erick: "Cheaper and Stronger than V:I:A:G:R:A!!"
• In reply to: David Eduardo Acosta Rodríguez: "Re: Oracle Auditing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

Can I also add that I have an Oracle Security tools page you can find at
http://www.petefinnigan.com/tools.htm that lists all free and commercial
Oracle security tools I currently know about.

I was not aware of DokFleed tool till I read this thread so thanks for
that.

You say that you do not know much about Oracle - can i suggest that the
check list from the Center for Internet Security is a good starting
point for a good overall list of oracle security configuration /
auditing issues. This is originally based on the SANS Step-by-step book
and also the SANS S.C.O.R.E. list is also based on the same - The CIS
checklist also comes with a free benchmark tool. Links to both are on my
oracle security white papers page http://www.petefinnigan.com/orasec.htm
quoted by David. There are lots of good papers on Oracle security there
as well.

You might also be interested in Integrigy's free listener audit tool and
Patrik Karrlson's Oracle tools (links on my tools page).

Also check out Alex Kornbrusts site http://www.red-database-security.com
and Esteban martinex Fayo / Cesar Cerrudo's site http://www.argeniss.com
which has some great Oracle security info. Aarons site www.appsecinc.com
also has some good info including listener issues as has NGS at
http://www.ngssoftware.com

The recent WinSID's listener tool looks not bad also from Paul Bruenic.
A link is on my tools page.

Also I wrote the SANS Securing Oracle course that Josh quoted from using
James Abendschans tnscmd.pl tool. Its based on the example James gives
in his notes.

Hth

kind regards

Pete

-- 
Pete Finnigan (email:pete@petefinnigan.com)
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Oracle Security Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.
------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't
Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:
http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------

• Next message: Brokken, Allen P.: "RE: Application Assessment"
• Previous message: erick: "Cheaper and Stronger than V:I:A:G:R:A!!"
• In reply to: David Eduardo Acosta Rodríguez: "Re: Oracle Auditing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:44 EDT