Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Oracle Security auditing
Hi John
There are some papers on our web site http://www.pentest-limited.com in the technical and white papers section, you can also check out the two printed books on Oracle security Oracle Security on O'Rielly and Oracle security Handbook on Oracle press. The second one is most recent. There is a simple check list referenced on www.cccure.org but its not very complete. I did a paper recently for securityfocus for the infocus section that included a simple PL/SQL scanner for some of the simple security issues that are known. Its at http://www.securityfocus.com/info cus/1522 and you can download the script from our site as well.
Aaron Newman at www.appsecinc.com has a scanner tool for Oracle, you can still download an evaluation copy. There are some simple papers referenced on security of Oracle on the SANS institute web site. Howard Smith of the Oracle internal security section has also written a paper about his team and Kev Else of braintree has written some Oracle security papers.
As far as a check list is concerned other than the simple scanner and the simple paper on cccure.org there isn't much. I am currently writing a definitive check list for Oracle security for a major security organisation that will be offered as a book in the coming months.
I hope this helps you with some security for your database cheers
Pete Finnigan
www.pentest-limited.com
In article <3C5AAF9E.2020905_at_sas.upenn.edu>, John H. Yates
<yates_at_sas.upenn.edu> writes
>Are there any good Oracle security FAQs, tip sheets, tools, or the
>like to help an Oracle DBA determine how secure their Oracle installation
>is? One that would include something like a cookbook checklist of even
>the simple things that you don't want to overlook in your installation
>and operation.
>
>Thanks, John
>
-- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager at admin_at_pentest-limited.com -- Pete Finnigan IT Security Consultant PenTest Limited Office 01565 830 990 Fax 01565 830 889 Mobile 07974 087 885 pete.finnigan_at_pentest-limited.com www.pentest-limited.comReceived on Fri Feb 01 2002 - 09:26:56 CST