Penetration Testing mailing list archives
Re: Oracle Auditing
From: Pete Finnigan <plsql () peterfinnigan demon co uk>
Date: Thu, 11 Aug 2005 20:02:10 +0100
Hi, Can I also add that I have an Oracle Security tools page you can find at http://www.petefinnigan.com/tools.htm that lists all free and commercial Oracle security tools I currently know about. I was not aware of DokFleed tool till I read this thread so thanks for that. You say that you do not know much about Oracle - can i suggest that the check list from the Center for Internet Security is a good starting point for a good overall list of oracle security configuration / auditing issues. This is originally based on the SANS Step-by-step book and also the SANS S.C.O.R.E. list is also based on the same - The CIS checklist also comes with a free benchmark tool. Links to both are on my oracle security white papers page http://www.petefinnigan.com/orasec.htm quoted by David. There are lots of good papers on Oracle security there as well. You might also be interested in Integrigy's free listener audit tool and Patrik Karrlson's Oracle tools (links on my tools page). Also check out Alex Kornbrusts site http://www.red-database-security.com and Esteban martinex Fayo / Cesar Cerrudo's site http://www.argeniss.com which has some great Oracle security info. Aarons site www.appsecinc.com also has some good info including listener issues as has NGS at http://www.ngssoftware.com The recent WinSID's listener tool looks not bad also from Paul Bruenic. A link is on my tools page. Also I wrote the SANS Securing Oracle course that Josh quoted from using James Abendschans tnscmd.pl tool. Its based on the example James gives in his notes. Hth kind regards Pete -- Pete Finnigan (email:pete () petefinnigan com) Web site: http://www.petefinnigan.com - Oracle security audit specialists Oracle Security Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html Book:Oracle security step-by-step Guide - see http://store.sans.org for details. ------------------------------------------------------------------------------ FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't Learn the hacker's secrets that compromise wireless LANs. Secure your WLAN by understanding these threats, available hacking tools and proven countermeasures. Defend your WLAN against man-in-the-Middle attacks and session hijacking, denial-of-service, rogue access points, identity thefts and MAC spoofing. Request your complimentary white paper at: http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801 -------------------------------------------------------------------------------
Current thread:
- Oracle Auditing Joe T (Aug 02)
- RE: Oracle Auditing Clement Dupuis (Aug 02)
- Re: Oracle Auditing Joshua Wright (Aug 02)
- Re: Oracle Auditing DokFLeed (Aug 03)
- Re: Oracle Auditing Thor (Hammer of God) (Aug 03)
- RE: Oracle Auditing Erez (Aug 03)
- Re: Oracle Auditing David Eduardo Acosta RodrÃguez (Aug 03)
- Re: Oracle Auditing Pete Finnigan (Aug 12)