Re: db unsolicited access

From: Niall Litchfield <niall.litchfield_at_gmail.com>
Date: Tue, 26 Jan 2016 09:30:02 +0000
Message-ID: <CABe10saUSE=YUqVQifi4apGsFht0QXVyYA0VhqLZ6aC14MZo5Q_at_mail.gmail.com>



Hypotheticals don't work here. You'd need to understand the specific threat and timeframes involved and investigate accordingly. If you are concerned about object definition changes you'd look for evidence of that, for data changes a different set of specific steps would be required.

I'd expect the in-house info sec team to lead on this, potentially with external consultancy as well.

On Tue, Jan 26, 2016 at 2:42 AM, MJ Mody <emjay.mody_at_gmail.com> wrote:

> Oracle Experts
> I have a hypothetical scenario and apologize for open-ended questions. I
> will not confirm or deny the following statements. Say your management just
> got word that some clients' pcs had malware that compromised external
> facing applications and database objects supporting these applications.
> While there are v$ and dba_ views that DBA can use to investigate the
> severity.
> Any recommendations or sql that DBA can run to do 'damage assessment' or
> 'damage control'.
> Your insight is greatly appreciated.
>
> Best
> MJ--
> http://www.freelists.org/webpage/oracle-l
>
>
>

-- 
Niall Litchfield
Oracle DBA
http://www.orawin.info

--
http://www.freelists.org/webpage/oracle-l
Received on Tue Jan 26 2016 - 10:30:02 CET

Original text of this message