IDS mailing list archives

RE: IDS for DataBase Systems.

From: "Ross, Alan D" <alan.d.ross () intel com>
Date: Sat, 16 Nov 2002 08:43:50 -0800

Entercept has a database edition of its product for MS-SQL servers.  It
monitors all system calls and can alert/prevent based on policy.  I have
had a look at it and it does a pretty good job against things like SQL
injection and some other common SQL exploits.  Last I heard they are
thinking about a version for Oracle on Windows and perhaps Oracle on
Solaris, but don't quote me on that.

Regards,
Alan
*not speaking for my employer, vendors, government officials,
professional
athletes, the mpaa, et boring cetera*

-----Original Message-----
From: Ralph Los [mailto:RLos () enteredge com] 
Sent: Friday, November 15, 2002 8:13 AM
To: 'Galappatti, Kishantha'; 'Hemant Ramnani';
focus-ids () securityfocus com
Cc: Hemant Ramnani
Subject: RE: IDS for DataBase Systems.

Yes - but that's a scanner, I think what we're looking for is an
intrusion
detection system.  ISS's Database Scanner is a vulnerability scanning
tool
(and believe me, there are much better out there) - and not an DB_IDS.

I'm not aware of any Database-Type IDSes, perhaps we could start a
development effort to write one?  It would essentially be a compilation
(for
MS SQL anyway) of Triggers, SP's, etc if I'm guessing right.  Log
scanning,
'anomaly detection', all very important.

Cheers,
  Ralph

::: -----Original Message-----
::: From: Galappatti, Kishantha [mailto:Kishantha.Galappatti () gs com] 
::: Sent: Thursday, November 14, 2002 9:24 AM
::: To: 'Hemant Ramnani'; focus-ids () securityfocus com
::: Cc: Hemant Ramnani
::: Subject: RE: IDS for DataBase Systems.
::: 
::: 
::: ISS has a product called Database Scanner
::: 
::: -----Original Message-----
::: From: Hemant Ramnani [mailto:ramnani () cs umn edu] 
::: Sent: Wednesday, November 13, 2002 12:30 PM
::: To: focus-ids () securityfocus com
::: Cc: Hemant Ramnani
::: Subject: IDS for DataBase Systems.
::: 
::: 
::: Hello Everyone,
::: I have seen a lot of papers, research work and commercial 
::: products for intrusion detection systems in networks. 
::: However I was wondering if the same has been done for 
::: intrusion detection in DATABASE SYSTEMS in particular, 
::: specially those dealing with using data mining techniques 
::: for the same.
::: 
::: Any help would be really appreciated.
::: 
::: Thanks,
::: Hemant.R
::: 
::: Hemant Ramnani
::: Masters student, Computer Science
::: University Of Minnesota, Twin Cities
::: Contact no: 612 379 2807 (R)
:::         612 625 6597 (O)
::: 
::: None
::: 
::: 
::: 
::: 
::: 
:::

Current thread:

RE: IDS for DataBase Systems. Galappatti, Kishantha (Nov 14)
- <Possible follow-ups>
- RE: IDS for DataBase Systems. Kohlenberg, Toby (Nov 16)
  - RE: IDS for DataBase Systems. Greg Shipley (Nov 19)
- RE: IDS for DataBase Systems. Ralph Los (Nov 16)
- RE: IDS for DataBase Systems. Lanzilotta, Chris S. (MBS) (Nov 17)
- RE: IDS for DataBase Systems. Ross, Alan D (Nov 17)
- RE: IDS for DataBase Systems. Ken Smith (Nov 21)