Auditing an Oracle database for security issues is very important. PeteFinnigan.com provides all of the information and tools that you will need Click here for details of PeteFinnigan.com Limited's detailed Oracle database security audit service Click here for details of PeteFinnigan.com Limited's Oracle Security Training Courses
There are 48 visitors online    
Cookie Policy:We only use essential cookies on small sections of this website. For details see here.

Pete Finnigan's Oracle security weblog


Home » Archives » April 2005 » Another interesting Oracle-l thread on Oracle security auditing

[Previous entry: "An interesting thread on Oracle-l about BBED"] [Next entry: "Amis blog talks about recompling objects"]

Another interesting Oracle-l thread on Oracle security auditing

April 15th, 2005 by Pete


I also saw another interesting thread on the Oracle-L list titled "Security audit of Oracle databases". The poster asks if anyone can give advice for her friend who was having their Oracle database audited by a third party company. She wanted advice on open source software for checking an Oracle database.

The thread has some good discussions and points being made. I penned a few paragraphs to answer the thread and found that i couldn't post to the list. I have been a member for a long time but recently had email troubles so had to re-subscribe. I now see that to post to the list you need to ask Steve the list owner to grant you posting privileges. Anyway the answer I posted there is a bit late now so here it is again:

"Hi Paula,

There are a number of good checklists out there. The first is the CIS
Oracle benchmark that was closely based on the SANS Oracle security
step-by-step guide book. The CIS benchmark and the scoring tool are
free. There is also a good checklist on the SANS website called the
S.C.O.R.E. document. This is also closely based on the SANS Oracle
security SBS. It is in-fact an edited version of the appendix of the
book. There are also a couple of Oracle 9i checklists written by Oracle.

Tools wise there is the CIS benchmark mentioned above, Patrik Karlsons
tools SIDS, OScanner and OAT, the Integrigy listener check tool,
metacortex, nessus, my audit scripts, Geof Ingrams perl script, Tim
Gormans scripts and a few others.

For the checklists you can find links on my Oracle security white papers
page http://www.petefinnigan.com/orasec.htm - see the checklists section
- and for links to the free tools see my Oracle security tools page -
http://www.petefinnigan.com/tools.htm - Also you might want to run the
default password check scripts that are available on my site. These
include passwords for about 600 default users -
http://www.petefinnigan.com/default/default_password_checker.htm
"

April 2005
SMTWTFS
     12
3456789
10111213141516
17181920212223
24252627282930

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

Weblog Home
Weblog Archives


Home
Oracle Security Tools page
Oracle security papers
Oracle Security alerts

Web Development
SQL Server Security

RSS 1.0 FEED
RSS 2.0 FEED
Atom 0.3 FEED
Powered by gm-rss 2.0.0


Valid XHTML 1.0!