IDS mailing list archives
RE: IDS for DataBase Systems.
From: "Ross, Alan D" <alan.d.ross () intel com>
Date: Sat, 16 Nov 2002 08:43:50 -0800
Entercept has a database edition of its product for MS-SQL servers. It monitors all system calls and can alert/prevent based on policy. I have had a look at it and it does a pretty good job against things like SQL injection and some other common SQL exploits. Last I heard they are thinking about a version for Oracle on Windows and perhaps Oracle on Solaris, but don't quote me on that. Regards, Alan *not speaking for my employer, vendors, government officials, professional athletes, the mpaa, et boring cetera* -----Original Message----- From: Ralph Los [mailto:RLos () enteredge com] Sent: Friday, November 15, 2002 8:13 AM To: 'Galappatti, Kishantha'; 'Hemant Ramnani'; focus-ids () securityfocus com Cc: Hemant Ramnani Subject: RE: IDS for DataBase Systems. Yes - but that's a scanner, I think what we're looking for is an intrusion detection system. ISS's Database Scanner is a vulnerability scanning tool (and believe me, there are much better out there) - and not an DB_IDS. I'm not aware of any Database-Type IDSes, perhaps we could start a development effort to write one? It would essentially be a compilation (for MS SQL anyway) of Triggers, SP's, etc if I'm guessing right. Log scanning, 'anomaly detection', all very important. Cheers, Ralph ::: -----Original Message----- ::: From: Galappatti, Kishantha [mailto:Kishantha.Galappatti () gs com] ::: Sent: Thursday, November 14, 2002 9:24 AM ::: To: 'Hemant Ramnani'; focus-ids () securityfocus com ::: Cc: Hemant Ramnani ::: Subject: RE: IDS for DataBase Systems. ::: ::: ::: ISS has a product called Database Scanner ::: ::: -----Original Message----- ::: From: Hemant Ramnani [mailto:ramnani () cs umn edu] ::: Sent: Wednesday, November 13, 2002 12:30 PM ::: To: focus-ids () securityfocus com ::: Cc: Hemant Ramnani ::: Subject: IDS for DataBase Systems. ::: ::: ::: Hello Everyone, ::: I have seen a lot of papers, research work and commercial ::: products for intrusion detection systems in networks. ::: However I was wondering if the same has been done for ::: intrusion detection in DATABASE SYSTEMS in particular, ::: specially those dealing with using data mining techniques ::: for the same. ::: ::: Any help would be really appreciated. ::: ::: Thanks, ::: Hemant.R ::: ::: Hemant Ramnani ::: Masters student, Computer Science ::: University Of Minnesota, Twin Cities ::: Contact no: 612 379 2807 (R) ::: 612 625 6597 (O) ::: ::: None ::: ::: ::: ::: ::: :::
Current thread:
- RE: IDS for DataBase Systems. Galappatti, Kishantha (Nov 14)
- <Possible follow-ups>
- RE: IDS for DataBase Systems. Kohlenberg, Toby (Nov 16)
- RE: IDS for DataBase Systems. Greg Shipley (Nov 19)
- RE: IDS for DataBase Systems. Ralph Los (Nov 16)
- RE: IDS for DataBase Systems. Lanzilotta, Chris S. (MBS) (Nov 17)
- RE: IDS for DataBase Systems. Ross, Alan D (Nov 17)
- RE: IDS for DataBase Systems. Ken Smith (Nov 21)