Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: auditing is my friend

Re: auditing is my friend

From: Paul Drake <discgolfdba_at_yahoo.com>
Date: Wed, 08 Oct 2003 12:59:32 -0800
Message-ID: <F001.005D26C2.20031008125932@fatcity.com> 





Pete,
 


I read your paper before I turned auditing on (in the first place). I've spent many an evening reading papers posted on your site and on the sans.org site.
 


I haven't picked up your book in awhile, but I'm due to do so in updating our install docs for Oracle 9i on w2k3 svr. Has content been added online regarding implementing many of the recommendations provided in Oracle security step-by-step Guide? I remember seeing something like that mentioned some time ago, but I haven't followed up on it.



thanks,



Paul




Pete Finnigan <oracle_list_at_peterfinnigan.demon.co.uk> wrote:
Hi Paul,



Have a look at the paper i wrote for security focus a few months ago,
called "An Introduction to simple Oracle auditing" - there is a link to
it on my site - http://www.petefinnigan.com/orasec.htm - its the second
paper on there. It is not in-depth but concentrates on the benefits of
just turning audit on and gives examples of SQL to find a few abuses,
such as logins out of hours, users sharing accounts, attempts to use
accounts that do not exist etc - as i say just basic ideas. I agree its
well worth just turning audit on and seeing what can be learned from
just audit session for instance!.



Kind regards



Pete


-- 



Pete Finnigan


email:pete_at_petefinnigan.com


Web site: http://www.petefinnigan.com - Oracle security audit specialists
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.



-- 



Please see the official ORACLE-L FAQ: http://www.orafaq.net


-- 



Author: Pete Finnigan


INET: oracle_list_at_peterfinnigan.demon.co.uk



Fat City Network Services -- 858-538-5051 http://www.fatcity.com
San Diego, California -- Mailing list and web hosting services




To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).





Do you Yahoo!?


The New Yahoo! Shopping - with improved product search


-- 



Please see the official ORACLE-L FAQ: http://www.orafaq.net


-- 



Author: Paul Drake


  INET: discgolfdba_at_yahoo.com


Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------


To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Wed Oct 08 2003 - 15:59:32 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US