Call now: 252-767-6166  
Oracle Training Oracle Support Development Oracle Apps

 
 Home
 E-mail Us
 Oracle Articles
New Oracle Articles


 Oracle Training
 Oracle Tips

 Oracle Forum
 Class Catalog


 Remote DBA
 Oracle Tuning
 Emergency 911
 RAC Support
 Apps Support
 Analysis
 Design
 Implementation
 Oracle Support


 SQL Tuning
 Security

 Oracle UNIX
 Oracle Linux
 Monitoring
 Remote s
upport
 Remote plans
 Remote
services
 Application Server

 Applications
 Oracle Forms
 Oracle Portal
 App Upgrades
 SQL Server
 Oracle Concepts
 Software Support

 Remote S
upport  
 Development  

 Implementation


 Consulting Staff
 Consulting Prices
 Help Wanted!

 


 Oracle Posters
 Oracle Books

 Oracle Scripts
 Ion
 Excel-DB  

Don Burleson Blog 


 

 

 


 

 

 

 

 

Oracle Security Auditing Horror Stories

Don Burleson

 

Burleson is the co-author of the bestselling book "Oracle Privacy Security Auditing: Includes Federal Law Compliance with HIPAA, Sarbanes-Oxley & The Gramm-Leach-Bliley Act GLB", by Rampant TechPress.

We need not look far to see the public cases of computer security violations and the liability suffered by the custodian of the data.  With millions of dollars at stake, there are many resourceful people waiting for you to make a mistake and expose your confidential information.  These attacks on your information take many forms, from malicious hackers, dishonest employees and honest mistakes.  Let's look at some specific ways that companies lose control of their information.

Security breaches, hacks (outside-in)

Threats from hacker's remain a major concern, especially threats from overseas countries in Eastern Europe and Asia.   Some companies report access attempts by automated hacker "bots" every few minutes as these rogue programs constantly sweep the Internet looking for ports with access vulnerabilities.

These automated bots contain very sophisticated logic and are designed by criminals to identify and exploit weaknesses in online computer systems.  Some of the common exploits include:

        Tipping the user ID - This is where a telnet or FTP access attempt tells you that you have entered a valid ID, but provided an improper password.

        No password disabling - Hacker routines love systems that do not disable a user ID after repeated password attempts and run bots to try hundreds of thousands of password until they gain entry.

        Man-in-the middle attacks - Hackers can gain access to computer systems by guessing the IP address of a connected user and sending a TCP/IP packet with that users IP information.

        Injection threats - Many database system have vulnerabilities where access to confidential data can be gained via a SQL injection, a technique where a "1=1" string is added to a sign-on string.  For example, this query might return the "real" password for a user named Jane: 

select
   userid, password
from
   dba_users
where
   userid = 'jane'
and
   password = 'xxx'
OR 1=1;"

        Buffer Overflow attacks - In these attacks, the web cache buffer is deliberately overloaded to gain unauthorized entry to the system.

Hacker attempts for web-enabled systems are constant and many companies report thousands of attempts every day.  A comprehensive auditing system will record all illegal access attempts and include the time, referrer IP address and all other relevant information.  Let's take a look at a real-world case.

Internal fraud (inside jobs)

IT managers report that internal fraud is the most common type of threat and special auditing mechanisms must be used to audit all access by authorized employees.  Inside job threats include the following:

        Root kit attacks - In a root kit attack, the operating system is compromised.  I once fixed a client site with a rootkit that had installed a daemon process that was constantly accessing confidential information and e-mailing it to a competitor.  This attack went undiscovered for more than a year and virtually all of the company's proprietary information was lost.

        Fire-me attacks - Internal IT personnel have been know to write routines that trigger a data extraction on the day when their user ID is removed from the computer system.  Because most IT procedures required pulling the user ID before notifying the employee, these hackers will return home to find all of the confidential information waiting for them in their in-box.

        Trojan Horse - Once an employee gets the internal IP address of another employee, they can map-out phony sign-on screens to their boss and get a privileged password.  These attacks are usually easy using tools such as X-Windows that allow screen images to be redirected onto other screens.

        PC Privacy Tools - Common tools such as PC Anywhere can be used to look-over the shoulder of a co-employee, snooping into their activities and passwords.

Here are many documented cases of data disclosure by disgruntled employees, especially "privileged users" who were given unaudited access privileges.  Let's look at some specific real-world horror stories.  These are not fictional stories. They actually happened, and they serve to show what happens when a slack IT manager entrusts their access and auditing controls to a Systems Administrator or Database Administrator.

Get the Oracle auditing book, click here

For an excellent Oracle auditing product, click here


 

 

��  
 
 
Oracle Training at Sea
 
 
 
 
oracle dba poster
 

 
Follow us on Twitter 
 
Oracle performance tuning software 
 
Oracle Linux poster
 
 
 

 

Burleson is the American Team

Note: This Oracle documentation was created as a support and Oracle training reference for use by our DBA performance tuning consulting professionals.  Feel free to ask questions on our Oracle forum.

Verify experience! Anyone considering using the services of an Oracle support expert should independently investigate their credentials and experience, and not rely on advertisements and self-proclaimed expertise. All legitimate Oracle experts publish their Oracle qualifications.

Errata?  Oracle technology is changing and we strive to update our BC Oracle support information.  If you find an error or have a suggestion for improving our content, we would appreciate your feedback.  Just  e-mail:  

and include the URL for the page.


                    









Burleson Consulting

The Oracle of Database Support

Oracle Performance Tuning

Remote DBA Services


 

Copyright © 1996 -  2017

All rights reserved by Burleson

Oracle ® is the registered trademark of Oracle Corporation.

Remote Emergency Support provided by Conversational