Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Oracle Security auditing

Re: Oracle Security auditing

From: Pete Finnigan <pete_at_peterfinnigan.demon.co.uk>
Date: Fri, 1 Feb 2002 15:26:56 +0000
Message-ID: <$cT+BECAPrW8EwuQ@peterfinnigan.demon.co.uk> 





Hi John



There are some papers on our web site http://www.pentest-limited.com in
the technical and white papers section, you can also check out the two
printed books on Oracle security Oracle Security on O'Rielly and Oracle
security Handbook on Oracle press. The second one is most recent. There
is a simple check list referenced on www.cccure.org but its not very
complete. I did a paper recently for securityfocus for the infocus
section that included a simple PL/SQL scanner for some of the simple
security issues that are known. Its at http://www.securityfocus.com/info
cus/1522 and you can download the script from our site as well.




Aaron Newman at www.appsecinc.com has a scanner tool for Oracle, you can
still download an evaluation copy. There are some simple papers
referenced on security of Oracle on the SANS institute web site. Howard
Smith of the Oracle internal security section has also written a paper
about his team and Kev Else of braintree has written some Oracle
security papers.



As far as a check list is concerned other than the simple scanner and
the simple paper on cccure.org there isn't much. I am currently writing
a definitive check list for Oracle security for a major security
organisation that will be offered as a book in the coming months.



I hope this helps you with some security for your database
cheers



Pete Finnigan


www.pentest-limited.com




In article <3C5AAF9E.2020905_at_sas.upenn.edu>, John H. Yates
<yates_at_sas.upenn.edu> writes


>Are there any good Oracle security FAQs, tip sheets, tools, or the

>like to help an Oracle DBA determine how secure their Oracle installation

>is? One that would include something like a cookbook checklist of even

>the simple things that you don't want to overlook in your installation

>and operation.

>

>Thanks, John

>



-- 
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager at admin_at_pentest-limited.com
--
Pete Finnigan
IT Security Consultant
PenTest Limited

Office  01565 830 990
Fax     01565 830 889
Mobile  07974 087 885

pete.finnigan_at_pentest-limited.com

www.pentest-limited.com


Received on Fri Feb 01 2002 - 09:26:56 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US