Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Cisco Adaptive Security Appliance goes beyond blocking ports. Is that a Microsoft-only defense?

Re: Cisco Adaptive Security Appliance goes beyond blocking ports. Is that a Microsoft-only defense?

From: joel garry <joel-garry_at_home.com>
Date: 2 Mar 2007 17:13:33 -0800
Message-ID: <1172884413.777309.127380@v33g2000cwv.googlegroups.com> 





On Mar 2, 4:49 pm, "Ramon F Herrera" <r..._at_conexus.net> wrote:


> On Mar 2, 5:29 pm, "joel garry" <joel-ga..._at_home.com> wrote:

>

>

>

>

>

> > On Mar 2, 12:20 pm, "Ramon F Herrera" <r..._at_conexus.net> wrote:

>

> > > I recently installed my first Cisco ASA-5500 security box. It is a

> > > very impressive piece of equipment, with a bewildering array of

> > > capabilities. The feature that find most intriguing is that it goes

> > > above (in the ISO/OSI sense) the IP, TCP and UDP layers, presumably

> > > inspecting whether a message or packet contains a virus or other

> > > malware.

>

> > > What I would like to clarify, because is a matter of dispute among

> > > some colleagues, is exactly what applications and operating systems

> > > are being inspected. My buddies claim (more like a wild or hopeful

> > > guess) that not only is port 1521 of an Oracle server blocked but the

> > > ASA knows about Oracle exploits, and similarly it can check for

> > > weaknesses on behalf of Linux or other Unixes. I find that very hard

> > > to believe, and my counterclaim is that only Windows or other

> > > Microsoft products have reached a level of disseminated infections to

> > > grant the depth of attention by the security software.

>

> > > Comments?

>

> > > -Ramon F Herrera

>

> > Looking at the data sheets, it just looks like it uses typical trend

> > micro stuff to look for malware.  If they can point to something that

> > specifically mentions Oracle, let us know.

>

> > Most of us don't even use port 1521 anymore.

>

> Please clarify. Are you claiming that most folks are simply using

> another port different from 1521 in hopes of confusing the attackers

> (due respect, but that would be a rather poor defense) or are they

> using a non-TCP mechanism to communicate with the server?

>

> -Ramon




Search metalink and Oracle security related sites for the minimum
necessary hardening.  The proof of concept worm that was floating
about not long ago got everyone in a tizzy about changing 1521.  See
http://www.dizwell.com/prod/node/374



petefinnegan.com pointed to this:  http://www.sans.org/score/oraclechecklist.php



jg

--
@home.com is bogus.
http://www.cockeyed.com/magic/bad_4.php


Received on Fri Mar 02 2007 - 19:13:33 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US