ISBN 0-9776715-2-6 ISBN 13 978-0977671526 Library of Congress Number 2007930081 320 pages - Perfect bind - 9x7 PD 508 Shelving: Database/Oracle Oracle in-Focus: Series # 26			Oracle Forensics Oracle Security Best Practices Paul M. Wright Retail Price $69.95 /  £57.95   Key Features   About the Author Table of Contents   Errata Reader Comments   Index Topics Order now and get 30%-off the retail price! Only $48.95   Get the Security Pack - Half price! Both books for only 69.95 - A $140 value Oracle Privacy Security Auditing:  2nd Edition     $69.95 Oracle Forensics $69.95

Today’s Oracle professionals are challenged to protect their mission-critical data from many types of threats. Electronic data is being stolen is record amounts, and criminals are constantly devising sophisticated tools to breech your Oracle firewall. With advanced Oracle Forensics we can now proactively ensure the safety and security of our Oracle data, and all Oracle Forensics techniques are part of the due diligence that is required for all production databases. A failure to apply Forensics techniques to identify unseen threats can lead to a disaster, and this book is required reading for every Oracle DBA. This indispensable book is authored by Paul Wright, the world’s top Oracle forensics expert, and the father of the field of Oracle Forensics. Packed with insights and expert tips, this is the definitive reference for all Oracle professional who are charged with protecting their valuable corporate information.

Secure your                 Oracle data with                 advanced  Forensics!   * Ensure that your mission-critical Oracle data is safe and secure. * Learn advanced Oracle forensics techniques. Isolate and remove Oracle vulnerabilities. * See how to prevent SQL injection attacks.

This book is a first of its kind and represents a comprehensive solution to the problems raised by Black-hat Oracle researchers.  This definitive reference is the defining union of two proven commercial areas of computer practice and delivers a proven method to ensure that their Oracle servers and processes are secure from outside attack.

Oracle Forensics offers a way to ascertain vulnerability at a technical level which can be automated and built into your current processes. Furthermore this vulnerability can be measured retrospectively in order to gain a metric for risk over a time period that can be compared year after year.

Given the difficulty of patching in many circumstances, the skill of measuring risk can be very useful during planning phases and budget allocation. Running Oracle servers without completely up-to-date patch levels may allow production to carry on unhindered in some cases, but preparation in terms of knowing how best to react in case of an incident is crucial both for compliance but also to keep the companies name out of the media and courtroom in future.

This book will show the reader how to ascertain past vulnerability to zero-days, techniques for patching activity and how to react to an security breach using forensic techniques translated to Oracle databases. Our journey will be illustrated with realistic examples using coded PL/SQL utilities to automate the process as well as new forensic tools for database analysis.

* Develop an automated framework for accessing database security.

* Learn how to handle an incident on an Oracle database forensically.

* Correlate vulnerability information with log data onto an Oracle timeline to allow after the fact analysis.

* Quantify risk by calculating the time for which packages have been vulnerable.

* Learn how test for new vulnerabilities.

* Learn how to forensically identify PL/SQL packages that are vulnerable to SQL Injection.

* Forensically identify past patching activity by the DBA and current Patch level using PL/SQL Scripts.

 

About the Author:

 

Paul Wright

Paul Wright is currently the world's foremost expert in Oracle Forensics. Mr. Wright wrote the first paper on Oracle Forensics in January 2005 and is the only person to currently hold both the GIAC Oracle Security qualification and the GIAC Forensics qualification.   Mr. Wright has a Masters Degree in Computer Science (Msc) from the University of Manchester, specializing on database security analysis and he has nearly a decade of real-world experience as a Oracle certified DBA and developer.   Paul was instrumental in his work with NGS Software writing Oracle Security checks for NGS SQuirreL for Oracle (A master tool that provides vulnerability checks that cut out false positives and new Zero day checks), and he teaches various database security related courses for SANS.   In his spare time, Paul enjoys Jeet Kun Do martial arts, Guitar, walking in the country and swimming.

Table of Contents:

Chapter 1: Introduction Intended audience   Chapter 2: Ten Stages of a network attack IT Security Anatomy of an Attack Chapter 3: Oracle Database Primer Oracle DB/SQL   Chapter 4: Oracle Security Security Concepts   Client side issues   Oracle Patching   Application server issues   Network issues   Database issues   Operating system issues   Oracle Passwords   Privilege assignment   SQL injection   Buffer overflows Java security   Oracle Assessment Kit   Chapter 5: Contemporary Oracle Server Attack Scenarios Common Attacks Scenario 1 Default user/password to gain access to passwords Scenario 2 Exploiting an OS level vulnerability to gain OSDBA account Scenario 3 Escalating privilege of a low privileged user account   Scenario 4 Brute forcing SYS AS SYSDBA using OraBrute   Traditional way to defend against these attacks Chapter 6: Computer Forensic Incident Handling Forensic Incident Handling   Definition of the term “forensic(s)”   Four core forensics technical tasks mapped from OS to Oracle databases   Forensic Incident Response   Oracle forensics scenario 1 ~ Internal deletion - flashback   Oracle forensics scenario 2 OraBrute of sysdba   Oracle forensics scenario 3 Using BBED to find deleted data   Oracle forensics Scenario 4 DB Extended Audit to catch IDS evasion   Oracle forensics Scenario 5 ~ DB audit is deleted by the attacker   Oracle forensics Scenario 7 ~ No DB files left by the attacker   Oracle forensics scenario Conclusion   Securing Oracle forensically using a Depository   Time synchronization as the foundation to a good forensic incident response   Chapter 7: New Vulnerability Research Looking for buffer overflows   Local Buffer overflow in Oracle   PLSQL Injection and finding examples

Chapter 8: Using DB Version Number for Vulnerability Status Identification   Vunerability Status   Chapter 9: Oracle Patching Problems Security Issues   Chapter 10: Using the OS to ascertain Patch activity OPatch   Chapter 11: Ascertaining DB Vulnerability status Ascertaining status independent of reported patch level Checksum and package size method   Packages without ready made checksums ~ 9i and 8i   Packages with non-vulnerable checksums   Inferring DBAs patch activity from checksum pattern Automating the collection of all checksums   Correlating timestamp with checksum   Making the PLSQL Package integrity verification more forensically sound.   Chapter 12: Calculating retrospective risk to zero days What is a Zero-Day?   Assessing retrospective Zero-days by checksum and timestamp   Correlating previous exploitation windows retrospectively   Flashing back vulnerable objects after patching    Chapter 13: Identifying Oracle Malware   Forensically identifying Oracle Malware such as rootkits Chapter 14: Defeating Oracle Antiforensics Defensive Strategy  Chapter 15: Depository Review ~ Quis custodiet ipsos custodes Repository   Oracle Audit vault   Chapter 16: Handling forensic investigation data Using databases to handle the data of an ongoing forensic investigation  Chapter 17: Important Messages Conclusions  Appendix A: The Boot CDs The boot CDS  Appendix B: Object Reference Numbers Object reference numbers for the object integrity query Appendix C: DBMS_METADATA List of object types and which object types DBMS_METADATA will handle.