oracle database threats - laouc webinar
DESCRIPTION
LAOUC Webinar , Top 10 Oracle Database Threats How to Secure Oracle DatabaseTRANSCRIPT
Osama MustafaSenior Oracle DBAGurus Solutions
Top 10 Oracle Database Threats
Overview
bull Introductionbull Why Database security is important bull How Database Are hacked bull How to Protect against Database Attack bull Conclusionbull Referencebull Q amp A
Who Am I
bull Certified OCPOCEOCS 10g11gbull Oracle ACE bull Certified Ethical hacker LPTbull Sun Linux Certified bull Author Of Oracle Penetration testing bookbull Presenter amp Contributor in Oracle Community
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
GoogIe Search
Without Oracle With Oracle
Introduction
bull10 January 2014 Target data theft affected 70 million customersbullData Theft is Becoming Major ThreatbullData Theft is Bank of goldbull90 of companies say theyve been hackedbullMost of the Target Data are Personal Stuff Such as
Credit Card Account Number and Passwords
Revising the Top 10 Data Loss Incidents list
Introduction
ldquoYour Personal Data is Worth Pretty Penny But it All Depends On Who Wants itrdquo TrendMicro Average for personal Data Between 0$-1200$
If you want to know how much your Personal Data Worth Check this Website httpwwwftcomcmss2927ca86e-d29b-11e2-88ed-00144feab7dehtmlaxzz2ukFAZIUF
Introduction
SURPRISE
bull In 2012 Report from Verizon Data Indicate that 96 of Records breached are from databasebull Less Than 5 of Security Spend on Data Center (WW Security Products )
Introduction
5
95
Data Center
Why Database Security Is Important
bull Database is the most important Data Banking bull Financial Databull ClientCustomer Databull Corporateorganization Data
bull If the database stop working the company will lose moneybull If the database is getting hacked imagine what happened to the
company
bull Ensure the data is confidential and prevent any outsourcing modificationbull Secure database provide an additional benefit which is data
management become more efficient and effectivebull Access to database should be only restricted to authorized people
only unless one thing itrsquos Public Databasebull Secure Database leads to monitor activity and knows
authorized people
Why Database Security Is Important
Laws about Security
bull SOX Sarbanes Oxleybull ldquoprotect investors by improving reliability of corporaterdquo
bull PCI Payment Card industry bull Related to Credit card companies such as Visa Master card
bull GLBA Gramm Leach Bliley Act bull companies that offer consumers financial products or services like loans
bull DATA Data Accountability and Trust Actbull security policies and procedures to protect data containing personal
information
How Database are Hacked
How Database are Hacked
bull As Database Administrator you need to know Threats that can effect on your databasebull Definition of threats context of computer security refers to anything
that has the potential to cause serious harm to a computer system A threat is something that may or may not happen but has the potential to cause serious damage Threats can lead to attacks on computer systems networks and morebull Vulnerability Existence of a weakness design or implementation error
that Existence of a weakness design or implementation error that can lead to an unexpected and undesirable event compromising the security of the system
Elements Of Security
bull Confidentiality bull The concealment of information or resources
bull Authenticitybull The identification and assurance of the origin of information
bull Integritybull The trustworthiness of data or resources in terms of preventing improper and
unauthorized changes
bull Availabilitybull The ability to use the desired information or resource
Triangle of Security
Decide Before Moving The Ball
What The Hacker Do bull Gather Information
bull Active Directly Such as social engineeringbull Passive Google search Social media
bull Scanning bull use some tools for scan vulnerabilities of the system
bull Gaining Accessbull Penetration Phase continue attacking to explore deeper into the target network
bull Maintaining Accessbull Downloading Phase
bull Clearing Tracks
ldquoThe more the hacker learns about your internal operations means the more likely he will be intrude and exploit So be Securerdquo
Attack Oracle-Database Server
bull Database servers are usually hacked to get the critical informationbull Mistakes made by the web designers can reveal the databases of the
server to the hacker
bull Finding an Oracle database server on network is done using TCP port scanbull Once Oracle Database Server has been discovered First Port of call is
TNS Listener
Top Threats Effect on Database Server
bull Unused Privileges-bull When user are Granted Database access Privileges that exceed requirement
of their job these Privileges can lead to major issue if the user was know what he is doing
bull REVOKE CREATE DATABASE LINK FROM connectbull REVOKE EXECUTE ON utl_tcp FROM publicbull REVOKE EXECUTE ON utl_smtp FROM publicbull REVOKE EXECUTE ON utl_http FROM publicbull REVOKE EXECUTE ON utl_mail FROM publicbull REVOKE EXECUTE ON utl_inaddr FROM publicbull REVOKE EXECUTE ON utl_file FROM publicbull REVOKE EXECUTE ON dbms_java FROm public
Top Threats Effect on Database Server
bull httpsupportoraclecom
bull Review database user privilegesbull Note 10202866 - Script to Create View to Show All User Privs
Note 10502676 - SCRIPT Script to show table privileges for users and rolesNote 10201766 - SCRIPT Script to Generate object privilege GRANTS
bull Revoke privileges from PUBLIC where not necessarybull Note 2470931 - Be Cautious When Revoking Privileges Granted to PUBLIC
Note 2345511 - PUBLIC Is it a User a Role a User Group a Privilege Note 3902251 - Execute Privileges Are Reset For Public After Applying Patchset
bull Weak Authenticationbull Most common Default Password for Database
Username Password
Sys Manager
Sys System
Sys Oracle
System Same as sys
Apps Apps ( EBS User )
scott tiger
Top Threats Effect on Database Server
Oracle Default Password List By Pete Finniganhttpwwwpetefinnigancomdefaultdefault_password_listhtm
Voyager Beta worm
bull On 20-december 2005 an anonymous poster (kwbbwifindnotcom ) posted an variant of the Oracle Voyager Wormbull Read more About this Worm bull httpwwwred-database-securitycomadvisoryoracle_worm_voyagerhtml
bull attacks Oracle servers using default accounts and passwordbull It attempts a TCP connection to TCP Port 1521 Where oracle
connection Service listensbull If Ok Then Tries Series of Username and passwordbull Systemmanager syschange_on_install dbsnmpdbsnmp scotttiger
bull Authenticate Ok It will create table to transfer payload
bull Denial of service (DoS) -bull Common DoS techniques include buffer overflows data corruption network
flooding and resource consumptionbull It is an attack through which a person can render a system unusable or
significantly slow it down for system unusable or significantly slow it down for legitimate users by overloading its resources
bull Attackers maybull Attempt to flood a network thereby preventing legitimate network trafficbull Attempt to disrupt connections between two machines thereby Attempt to disrupt
connections between two machines thereby preventing access to a servicebull Attempt to prevent a particular individual from accessing a servicebull Attempt to disrupt service to a specific system or person
Top Threats Effect on Database Server
bull The Impact-bull Disabled networkbull Disabled organizationbull Financial lossbull Loss of goodwill
bull DoS Attack Classification-bull Smurf - Generates a large amount of ICMP echo (ping)bull Buffer Overflow Attack - The program writes more information into the bufferbull Ping of death - Send IP Packets larger than the 65536 Bytes bull Teardrop - IP Requires that packet that is too large for next Routerbull SYN Attack - Sends bogus TCP SYN requests to a victim server
Top Threats Effect on Database Server
bull Examples DoS Attack Tools -bull Jolt2bull Buboniccbull Land and LaTierrabull Targabull Blast20bull Nemesybull Panther2bull Crazy Pingerbull Some Troublebull UDP Floodbull FSMax
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull SQL Injectionbull type of security exploit in which the attacker injects Structured Query
Language (SQL) code through a web form input box to gain Structured Query Language (SQL) code through a web form input box to gain access to resources or make changes to databull Programmer use sequential commands with user inputs making it easier for
attackers to inject commandsbull Attacker can do SQL Commands through web applicationbull For Example when a user logs onto a web page by using a user name and
password for validation a SQL query is user name and password for validation a SQL query is usedbull What I Need Any Web Browser
bull What Should I look For in SQL Injection bull HTML method
bull POST you cannot see any parameters in browserbull GET
bull Check HTML Source CodeltForm action=searchasp method=postgt ltinput type=hidden name=X value=ZgtltFormgt
bull Examples bull http wwwmywebsitecom indexaspid=10
Top Threats Effect on Database Server
Top Threats Effect on Database Server
If you get this error then the website is vulnerable to an SQL injection attack
Top Threats Effect on Database Server
bull But Wait How Can I Test SQL Injection bull Different Way Different Toolsbull Easy Way to use Single Quote in the input
bull Examples bull bull blahrsquo or 1=1mdashbull Loginblahrsquo or 1=1mdashbull bull Passwordblahrsquo or 1=1mdash
http wwwmywebsitecom indexaspid=10
Will be like thishttp wwwmywebsitecomindexaspid=blahrsquo or 1=1--
bull Another examples for single quote usage in SQL Injection bull lsquo or 1=1mdashbull ldquo or 1=1mdashbull lsquo or lsquoarsquo=lsquoabull ldquo or ldquoardquo=ldquoabull lsquo) or (lsquoarsquo=lsquoa)
bull The hacker breaks into the system by injecting malformed SQL into the query because the executed query is formed by the concatenation of a fixed string and values entered by the userbull string strQry = SELECT Count() FROM Users WHERE UserName= + txtUserText + AND
Password= + txtPasswordText +
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull If the user enter valid username and password the query strQry will be changedLike this SELECT Count() FROM Users WHERE UserName=Paul AND Password=passwordlsquo
bull But The Hacker will not leave weak code Alone and he will enter - Or 1=1 ndash
bull The New Query Will be SELECT Count() FROM Users WHERE UserName= Or 1=1 -- AND Password=
bull 1=1 is always true for every row in the table so assuming there is at least one row in the table this SQL always return nonzero count of records
Top Threats Effect on Database Server
bull Weak Audit Trail
In God I trust For everyone else I keep log files
Performance impacts
Determine what is important to be audited
Top Threats Effect on Database Server
Limited Resource
Which Mechanism Of Audit Trail I should Use
No End-To-End Auditing
Top Threats Effect on Database Server
Application
Top Threats Effect on Database Server
bull Whether database auditing is enabled or disabled Oracle will always audit certain database actions into the OS audit trail There is no way to change this behavior because it is a formal requirement of the security evaluation criteria
Documents Every DBA Should Read
bull NOTE1743401 - Audit SYS User Operations (How to Audit SYSDBA)bull NOTE5532251 - How To Set the AUDIT_SYSLOG_LEVEL Parameter bull NOTE12990331- Master Note For Oracle Database Auditingbull Note 1743401 - Audit SYS User Operationsbull note 11713141 HugeLargeExcessive Number Of Audit Records Are Being Generated In The
Databasebull Note 15097231 - Oracle Database Auditing Performance
Top Threats Effect on Database Server
bull Malwarebull is software designed to infiltrate or damage a computer system without the
owners informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile intrusive or annoying software or program code
Report From Verizon Data-ldquo69 breaches incorporated malwarerdquo
httpwwwwiredcomimages_blogsthreatlevel201203Verizon-Data-Breach-Report-2012pdf
Top Threats Effect on Database Server
bull Malware includes computer viruses worms trojan horses spyware adware most rootkits and other malicious programs In law malware is sometimes known as a computer contaminant in various legal codes
Top Threats Effect on Database Server
Most Common Ports-
Windows netstat ndashan | findstr ltport numbergtLinux netstat ndashan | grep ltport numbergt
Name Protocol Ports
Back Office UDP 31337 Or 31338Deep Throat UDP 2140 and 3150Net Bus TCP 12345 and 12346Whack-a-mole TCP 12361 and 12362Net Bus 2 Pro TCP 20034Girlfriend TCP 21544Master Paradise TCP 3129 40421 40422
40423 and 40426
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
Overview
bull Introductionbull Why Database security is important bull How Database Are hacked bull How to Protect against Database Attack bull Conclusionbull Referencebull Q amp A
Who Am I
bull Certified OCPOCEOCS 10g11gbull Oracle ACE bull Certified Ethical hacker LPTbull Sun Linux Certified bull Author Of Oracle Penetration testing bookbull Presenter amp Contributor in Oracle Community
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
GoogIe Search
Without Oracle With Oracle
Introduction
bull10 January 2014 Target data theft affected 70 million customersbullData Theft is Becoming Major ThreatbullData Theft is Bank of goldbull90 of companies say theyve been hackedbullMost of the Target Data are Personal Stuff Such as
Credit Card Account Number and Passwords
Revising the Top 10 Data Loss Incidents list
Introduction
ldquoYour Personal Data is Worth Pretty Penny But it All Depends On Who Wants itrdquo TrendMicro Average for personal Data Between 0$-1200$
If you want to know how much your Personal Data Worth Check this Website httpwwwftcomcmss2927ca86e-d29b-11e2-88ed-00144feab7dehtmlaxzz2ukFAZIUF
Introduction
SURPRISE
bull In 2012 Report from Verizon Data Indicate that 96 of Records breached are from databasebull Less Than 5 of Security Spend on Data Center (WW Security Products )
Introduction
5
95
Data Center
Why Database Security Is Important
bull Database is the most important Data Banking bull Financial Databull ClientCustomer Databull Corporateorganization Data
bull If the database stop working the company will lose moneybull If the database is getting hacked imagine what happened to the
company
bull Ensure the data is confidential and prevent any outsourcing modificationbull Secure database provide an additional benefit which is data
management become more efficient and effectivebull Access to database should be only restricted to authorized people
only unless one thing itrsquos Public Databasebull Secure Database leads to monitor activity and knows
authorized people
Why Database Security Is Important
Laws about Security
bull SOX Sarbanes Oxleybull ldquoprotect investors by improving reliability of corporaterdquo
bull PCI Payment Card industry bull Related to Credit card companies such as Visa Master card
bull GLBA Gramm Leach Bliley Act bull companies that offer consumers financial products or services like loans
bull DATA Data Accountability and Trust Actbull security policies and procedures to protect data containing personal
information
How Database are Hacked
How Database are Hacked
bull As Database Administrator you need to know Threats that can effect on your databasebull Definition of threats context of computer security refers to anything
that has the potential to cause serious harm to a computer system A threat is something that may or may not happen but has the potential to cause serious damage Threats can lead to attacks on computer systems networks and morebull Vulnerability Existence of a weakness design or implementation error
that Existence of a weakness design or implementation error that can lead to an unexpected and undesirable event compromising the security of the system
Elements Of Security
bull Confidentiality bull The concealment of information or resources
bull Authenticitybull The identification and assurance of the origin of information
bull Integritybull The trustworthiness of data or resources in terms of preventing improper and
unauthorized changes
bull Availabilitybull The ability to use the desired information or resource
Triangle of Security
Decide Before Moving The Ball
What The Hacker Do bull Gather Information
bull Active Directly Such as social engineeringbull Passive Google search Social media
bull Scanning bull use some tools for scan vulnerabilities of the system
bull Gaining Accessbull Penetration Phase continue attacking to explore deeper into the target network
bull Maintaining Accessbull Downloading Phase
bull Clearing Tracks
ldquoThe more the hacker learns about your internal operations means the more likely he will be intrude and exploit So be Securerdquo
Attack Oracle-Database Server
bull Database servers are usually hacked to get the critical informationbull Mistakes made by the web designers can reveal the databases of the
server to the hacker
bull Finding an Oracle database server on network is done using TCP port scanbull Once Oracle Database Server has been discovered First Port of call is
TNS Listener
Top Threats Effect on Database Server
bull Unused Privileges-bull When user are Granted Database access Privileges that exceed requirement
of their job these Privileges can lead to major issue if the user was know what he is doing
bull REVOKE CREATE DATABASE LINK FROM connectbull REVOKE EXECUTE ON utl_tcp FROM publicbull REVOKE EXECUTE ON utl_smtp FROM publicbull REVOKE EXECUTE ON utl_http FROM publicbull REVOKE EXECUTE ON utl_mail FROM publicbull REVOKE EXECUTE ON utl_inaddr FROM publicbull REVOKE EXECUTE ON utl_file FROM publicbull REVOKE EXECUTE ON dbms_java FROm public
Top Threats Effect on Database Server
bull httpsupportoraclecom
bull Review database user privilegesbull Note 10202866 - Script to Create View to Show All User Privs
Note 10502676 - SCRIPT Script to show table privileges for users and rolesNote 10201766 - SCRIPT Script to Generate object privilege GRANTS
bull Revoke privileges from PUBLIC where not necessarybull Note 2470931 - Be Cautious When Revoking Privileges Granted to PUBLIC
Note 2345511 - PUBLIC Is it a User a Role a User Group a Privilege Note 3902251 - Execute Privileges Are Reset For Public After Applying Patchset
bull Weak Authenticationbull Most common Default Password for Database
Username Password
Sys Manager
Sys System
Sys Oracle
System Same as sys
Apps Apps ( EBS User )
scott tiger
Top Threats Effect on Database Server
Oracle Default Password List By Pete Finniganhttpwwwpetefinnigancomdefaultdefault_password_listhtm
Voyager Beta worm
bull On 20-december 2005 an anonymous poster (kwbbwifindnotcom ) posted an variant of the Oracle Voyager Wormbull Read more About this Worm bull httpwwwred-database-securitycomadvisoryoracle_worm_voyagerhtml
bull attacks Oracle servers using default accounts and passwordbull It attempts a TCP connection to TCP Port 1521 Where oracle
connection Service listensbull If Ok Then Tries Series of Username and passwordbull Systemmanager syschange_on_install dbsnmpdbsnmp scotttiger
bull Authenticate Ok It will create table to transfer payload
bull Denial of service (DoS) -bull Common DoS techniques include buffer overflows data corruption network
flooding and resource consumptionbull It is an attack through which a person can render a system unusable or
significantly slow it down for system unusable or significantly slow it down for legitimate users by overloading its resources
bull Attackers maybull Attempt to flood a network thereby preventing legitimate network trafficbull Attempt to disrupt connections between two machines thereby Attempt to disrupt
connections between two machines thereby preventing access to a servicebull Attempt to prevent a particular individual from accessing a servicebull Attempt to disrupt service to a specific system or person
Top Threats Effect on Database Server
bull The Impact-bull Disabled networkbull Disabled organizationbull Financial lossbull Loss of goodwill
bull DoS Attack Classification-bull Smurf - Generates a large amount of ICMP echo (ping)bull Buffer Overflow Attack - The program writes more information into the bufferbull Ping of death - Send IP Packets larger than the 65536 Bytes bull Teardrop - IP Requires that packet that is too large for next Routerbull SYN Attack - Sends bogus TCP SYN requests to a victim server
Top Threats Effect on Database Server
bull Examples DoS Attack Tools -bull Jolt2bull Buboniccbull Land and LaTierrabull Targabull Blast20bull Nemesybull Panther2bull Crazy Pingerbull Some Troublebull UDP Floodbull FSMax
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull SQL Injectionbull type of security exploit in which the attacker injects Structured Query
Language (SQL) code through a web form input box to gain Structured Query Language (SQL) code through a web form input box to gain access to resources or make changes to databull Programmer use sequential commands with user inputs making it easier for
attackers to inject commandsbull Attacker can do SQL Commands through web applicationbull For Example when a user logs onto a web page by using a user name and
password for validation a SQL query is user name and password for validation a SQL query is usedbull What I Need Any Web Browser
bull What Should I look For in SQL Injection bull HTML method
bull POST you cannot see any parameters in browserbull GET
bull Check HTML Source CodeltForm action=searchasp method=postgt ltinput type=hidden name=X value=ZgtltFormgt
bull Examples bull http wwwmywebsitecom indexaspid=10
Top Threats Effect on Database Server
Top Threats Effect on Database Server
If you get this error then the website is vulnerable to an SQL injection attack
Top Threats Effect on Database Server
bull But Wait How Can I Test SQL Injection bull Different Way Different Toolsbull Easy Way to use Single Quote in the input
bull Examples bull bull blahrsquo or 1=1mdashbull Loginblahrsquo or 1=1mdashbull bull Passwordblahrsquo or 1=1mdash
http wwwmywebsitecom indexaspid=10
Will be like thishttp wwwmywebsitecomindexaspid=blahrsquo or 1=1--
bull Another examples for single quote usage in SQL Injection bull lsquo or 1=1mdashbull ldquo or 1=1mdashbull lsquo or lsquoarsquo=lsquoabull ldquo or ldquoardquo=ldquoabull lsquo) or (lsquoarsquo=lsquoa)
bull The hacker breaks into the system by injecting malformed SQL into the query because the executed query is formed by the concatenation of a fixed string and values entered by the userbull string strQry = SELECT Count() FROM Users WHERE UserName= + txtUserText + AND
Password= + txtPasswordText +
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull If the user enter valid username and password the query strQry will be changedLike this SELECT Count() FROM Users WHERE UserName=Paul AND Password=passwordlsquo
bull But The Hacker will not leave weak code Alone and he will enter - Or 1=1 ndash
bull The New Query Will be SELECT Count() FROM Users WHERE UserName= Or 1=1 -- AND Password=
bull 1=1 is always true for every row in the table so assuming there is at least one row in the table this SQL always return nonzero count of records
Top Threats Effect on Database Server
bull Weak Audit Trail
In God I trust For everyone else I keep log files
Performance impacts
Determine what is important to be audited
Top Threats Effect on Database Server
Limited Resource
Which Mechanism Of Audit Trail I should Use
No End-To-End Auditing
Top Threats Effect on Database Server
Application
Top Threats Effect on Database Server
bull Whether database auditing is enabled or disabled Oracle will always audit certain database actions into the OS audit trail There is no way to change this behavior because it is a formal requirement of the security evaluation criteria
Documents Every DBA Should Read
bull NOTE1743401 - Audit SYS User Operations (How to Audit SYSDBA)bull NOTE5532251 - How To Set the AUDIT_SYSLOG_LEVEL Parameter bull NOTE12990331- Master Note For Oracle Database Auditingbull Note 1743401 - Audit SYS User Operationsbull note 11713141 HugeLargeExcessive Number Of Audit Records Are Being Generated In The
Databasebull Note 15097231 - Oracle Database Auditing Performance
Top Threats Effect on Database Server
bull Malwarebull is software designed to infiltrate or damage a computer system without the
owners informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile intrusive or annoying software or program code
Report From Verizon Data-ldquo69 breaches incorporated malwarerdquo
httpwwwwiredcomimages_blogsthreatlevel201203Verizon-Data-Breach-Report-2012pdf
Top Threats Effect on Database Server
bull Malware includes computer viruses worms trojan horses spyware adware most rootkits and other malicious programs In law malware is sometimes known as a computer contaminant in various legal codes
Top Threats Effect on Database Server
Most Common Ports-
Windows netstat ndashan | findstr ltport numbergtLinux netstat ndashan | grep ltport numbergt
Name Protocol Ports
Back Office UDP 31337 Or 31338Deep Throat UDP 2140 and 3150Net Bus TCP 12345 and 12346Whack-a-mole TCP 12361 and 12362Net Bus 2 Pro TCP 20034Girlfriend TCP 21544Master Paradise TCP 3129 40421 40422
40423 and 40426
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
Who Am I
bull Certified OCPOCEOCS 10g11gbull Oracle ACE bull Certified Ethical hacker LPTbull Sun Linux Certified bull Author Of Oracle Penetration testing bookbull Presenter amp Contributor in Oracle Community
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
GoogIe Search
Without Oracle With Oracle
Introduction
bull10 January 2014 Target data theft affected 70 million customersbullData Theft is Becoming Major ThreatbullData Theft is Bank of goldbull90 of companies say theyve been hackedbullMost of the Target Data are Personal Stuff Such as
Credit Card Account Number and Passwords
Revising the Top 10 Data Loss Incidents list
Introduction
ldquoYour Personal Data is Worth Pretty Penny But it All Depends On Who Wants itrdquo TrendMicro Average for personal Data Between 0$-1200$
If you want to know how much your Personal Data Worth Check this Website httpwwwftcomcmss2927ca86e-d29b-11e2-88ed-00144feab7dehtmlaxzz2ukFAZIUF
Introduction
SURPRISE
bull In 2012 Report from Verizon Data Indicate that 96 of Records breached are from databasebull Less Than 5 of Security Spend on Data Center (WW Security Products )
Introduction
5
95
Data Center
Why Database Security Is Important
bull Database is the most important Data Banking bull Financial Databull ClientCustomer Databull Corporateorganization Data
bull If the database stop working the company will lose moneybull If the database is getting hacked imagine what happened to the
company
bull Ensure the data is confidential and prevent any outsourcing modificationbull Secure database provide an additional benefit which is data
management become more efficient and effectivebull Access to database should be only restricted to authorized people
only unless one thing itrsquos Public Databasebull Secure Database leads to monitor activity and knows
authorized people
Why Database Security Is Important
Laws about Security
bull SOX Sarbanes Oxleybull ldquoprotect investors by improving reliability of corporaterdquo
bull PCI Payment Card industry bull Related to Credit card companies such as Visa Master card
bull GLBA Gramm Leach Bliley Act bull companies that offer consumers financial products or services like loans
bull DATA Data Accountability and Trust Actbull security policies and procedures to protect data containing personal
information
How Database are Hacked
How Database are Hacked
bull As Database Administrator you need to know Threats that can effect on your databasebull Definition of threats context of computer security refers to anything
that has the potential to cause serious harm to a computer system A threat is something that may or may not happen but has the potential to cause serious damage Threats can lead to attacks on computer systems networks and morebull Vulnerability Existence of a weakness design or implementation error
that Existence of a weakness design or implementation error that can lead to an unexpected and undesirable event compromising the security of the system
Elements Of Security
bull Confidentiality bull The concealment of information or resources
bull Authenticitybull The identification and assurance of the origin of information
bull Integritybull The trustworthiness of data or resources in terms of preventing improper and
unauthorized changes
bull Availabilitybull The ability to use the desired information or resource
Triangle of Security
Decide Before Moving The Ball
What The Hacker Do bull Gather Information
bull Active Directly Such as social engineeringbull Passive Google search Social media
bull Scanning bull use some tools for scan vulnerabilities of the system
bull Gaining Accessbull Penetration Phase continue attacking to explore deeper into the target network
bull Maintaining Accessbull Downloading Phase
bull Clearing Tracks
ldquoThe more the hacker learns about your internal operations means the more likely he will be intrude and exploit So be Securerdquo
Attack Oracle-Database Server
bull Database servers are usually hacked to get the critical informationbull Mistakes made by the web designers can reveal the databases of the
server to the hacker
bull Finding an Oracle database server on network is done using TCP port scanbull Once Oracle Database Server has been discovered First Port of call is
TNS Listener
Top Threats Effect on Database Server
bull Unused Privileges-bull When user are Granted Database access Privileges that exceed requirement
of their job these Privileges can lead to major issue if the user was know what he is doing
bull REVOKE CREATE DATABASE LINK FROM connectbull REVOKE EXECUTE ON utl_tcp FROM publicbull REVOKE EXECUTE ON utl_smtp FROM publicbull REVOKE EXECUTE ON utl_http FROM publicbull REVOKE EXECUTE ON utl_mail FROM publicbull REVOKE EXECUTE ON utl_inaddr FROM publicbull REVOKE EXECUTE ON utl_file FROM publicbull REVOKE EXECUTE ON dbms_java FROm public
Top Threats Effect on Database Server
bull httpsupportoraclecom
bull Review database user privilegesbull Note 10202866 - Script to Create View to Show All User Privs
Note 10502676 - SCRIPT Script to show table privileges for users and rolesNote 10201766 - SCRIPT Script to Generate object privilege GRANTS
bull Revoke privileges from PUBLIC where not necessarybull Note 2470931 - Be Cautious When Revoking Privileges Granted to PUBLIC
Note 2345511 - PUBLIC Is it a User a Role a User Group a Privilege Note 3902251 - Execute Privileges Are Reset For Public After Applying Patchset
bull Weak Authenticationbull Most common Default Password for Database
Username Password
Sys Manager
Sys System
Sys Oracle
System Same as sys
Apps Apps ( EBS User )
scott tiger
Top Threats Effect on Database Server
Oracle Default Password List By Pete Finniganhttpwwwpetefinnigancomdefaultdefault_password_listhtm
Voyager Beta worm
bull On 20-december 2005 an anonymous poster (kwbbwifindnotcom ) posted an variant of the Oracle Voyager Wormbull Read more About this Worm bull httpwwwred-database-securitycomadvisoryoracle_worm_voyagerhtml
bull attacks Oracle servers using default accounts and passwordbull It attempts a TCP connection to TCP Port 1521 Where oracle
connection Service listensbull If Ok Then Tries Series of Username and passwordbull Systemmanager syschange_on_install dbsnmpdbsnmp scotttiger
bull Authenticate Ok It will create table to transfer payload
bull Denial of service (DoS) -bull Common DoS techniques include buffer overflows data corruption network
flooding and resource consumptionbull It is an attack through which a person can render a system unusable or
significantly slow it down for system unusable or significantly slow it down for legitimate users by overloading its resources
bull Attackers maybull Attempt to flood a network thereby preventing legitimate network trafficbull Attempt to disrupt connections between two machines thereby Attempt to disrupt
connections between two machines thereby preventing access to a servicebull Attempt to prevent a particular individual from accessing a servicebull Attempt to disrupt service to a specific system or person
Top Threats Effect on Database Server
bull The Impact-bull Disabled networkbull Disabled organizationbull Financial lossbull Loss of goodwill
bull DoS Attack Classification-bull Smurf - Generates a large amount of ICMP echo (ping)bull Buffer Overflow Attack - The program writes more information into the bufferbull Ping of death - Send IP Packets larger than the 65536 Bytes bull Teardrop - IP Requires that packet that is too large for next Routerbull SYN Attack - Sends bogus TCP SYN requests to a victim server
Top Threats Effect on Database Server
bull Examples DoS Attack Tools -bull Jolt2bull Buboniccbull Land and LaTierrabull Targabull Blast20bull Nemesybull Panther2bull Crazy Pingerbull Some Troublebull UDP Floodbull FSMax
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull SQL Injectionbull type of security exploit in which the attacker injects Structured Query
Language (SQL) code through a web form input box to gain Structured Query Language (SQL) code through a web form input box to gain access to resources or make changes to databull Programmer use sequential commands with user inputs making it easier for
attackers to inject commandsbull Attacker can do SQL Commands through web applicationbull For Example when a user logs onto a web page by using a user name and
password for validation a SQL query is user name and password for validation a SQL query is usedbull What I Need Any Web Browser
bull What Should I look For in SQL Injection bull HTML method
bull POST you cannot see any parameters in browserbull GET
bull Check HTML Source CodeltForm action=searchasp method=postgt ltinput type=hidden name=X value=ZgtltFormgt
bull Examples bull http wwwmywebsitecom indexaspid=10
Top Threats Effect on Database Server
Top Threats Effect on Database Server
If you get this error then the website is vulnerable to an SQL injection attack
Top Threats Effect on Database Server
bull But Wait How Can I Test SQL Injection bull Different Way Different Toolsbull Easy Way to use Single Quote in the input
bull Examples bull bull blahrsquo or 1=1mdashbull Loginblahrsquo or 1=1mdashbull bull Passwordblahrsquo or 1=1mdash
http wwwmywebsitecom indexaspid=10
Will be like thishttp wwwmywebsitecomindexaspid=blahrsquo or 1=1--
bull Another examples for single quote usage in SQL Injection bull lsquo or 1=1mdashbull ldquo or 1=1mdashbull lsquo or lsquoarsquo=lsquoabull ldquo or ldquoardquo=ldquoabull lsquo) or (lsquoarsquo=lsquoa)
bull The hacker breaks into the system by injecting malformed SQL into the query because the executed query is formed by the concatenation of a fixed string and values entered by the userbull string strQry = SELECT Count() FROM Users WHERE UserName= + txtUserText + AND
Password= + txtPasswordText +
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull If the user enter valid username and password the query strQry will be changedLike this SELECT Count() FROM Users WHERE UserName=Paul AND Password=passwordlsquo
bull But The Hacker will not leave weak code Alone and he will enter - Or 1=1 ndash
bull The New Query Will be SELECT Count() FROM Users WHERE UserName= Or 1=1 -- AND Password=
bull 1=1 is always true for every row in the table so assuming there is at least one row in the table this SQL always return nonzero count of records
Top Threats Effect on Database Server
bull Weak Audit Trail
In God I trust For everyone else I keep log files
Performance impacts
Determine what is important to be audited
Top Threats Effect on Database Server
Limited Resource
Which Mechanism Of Audit Trail I should Use
No End-To-End Auditing
Top Threats Effect on Database Server
Application
Top Threats Effect on Database Server
bull Whether database auditing is enabled or disabled Oracle will always audit certain database actions into the OS audit trail There is no way to change this behavior because it is a formal requirement of the security evaluation criteria
Documents Every DBA Should Read
bull NOTE1743401 - Audit SYS User Operations (How to Audit SYSDBA)bull NOTE5532251 - How To Set the AUDIT_SYSLOG_LEVEL Parameter bull NOTE12990331- Master Note For Oracle Database Auditingbull Note 1743401 - Audit SYS User Operationsbull note 11713141 HugeLargeExcessive Number Of Audit Records Are Being Generated In The
Databasebull Note 15097231 - Oracle Database Auditing Performance
Top Threats Effect on Database Server
bull Malwarebull is software designed to infiltrate or damage a computer system without the
owners informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile intrusive or annoying software or program code
Report From Verizon Data-ldquo69 breaches incorporated malwarerdquo
httpwwwwiredcomimages_blogsthreatlevel201203Verizon-Data-Breach-Report-2012pdf
Top Threats Effect on Database Server
bull Malware includes computer viruses worms trojan horses spyware adware most rootkits and other malicious programs In law malware is sometimes known as a computer contaminant in various legal codes
Top Threats Effect on Database Server
Most Common Ports-
Windows netstat ndashan | findstr ltport numbergtLinux netstat ndashan | grep ltport numbergt
Name Protocol Ports
Back Office UDP 31337 Or 31338Deep Throat UDP 2140 and 3150Net Bus TCP 12345 and 12346Whack-a-mole TCP 12361 and 12362Net Bus 2 Pro TCP 20034Girlfriend TCP 21544Master Paradise TCP 3129 40421 40422
40423 and 40426
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
GoogIe Search
Without Oracle With Oracle
Introduction
bull10 January 2014 Target data theft affected 70 million customersbullData Theft is Becoming Major ThreatbullData Theft is Bank of goldbull90 of companies say theyve been hackedbullMost of the Target Data are Personal Stuff Such as
Credit Card Account Number and Passwords
Revising the Top 10 Data Loss Incidents list
Introduction
ldquoYour Personal Data is Worth Pretty Penny But it All Depends On Who Wants itrdquo TrendMicro Average for personal Data Between 0$-1200$
If you want to know how much your Personal Data Worth Check this Website httpwwwftcomcmss2927ca86e-d29b-11e2-88ed-00144feab7dehtmlaxzz2ukFAZIUF
Introduction
SURPRISE
bull In 2012 Report from Verizon Data Indicate that 96 of Records breached are from databasebull Less Than 5 of Security Spend on Data Center (WW Security Products )
Introduction
5
95
Data Center
Why Database Security Is Important
bull Database is the most important Data Banking bull Financial Databull ClientCustomer Databull Corporateorganization Data
bull If the database stop working the company will lose moneybull If the database is getting hacked imagine what happened to the
company
bull Ensure the data is confidential and prevent any outsourcing modificationbull Secure database provide an additional benefit which is data
management become more efficient and effectivebull Access to database should be only restricted to authorized people
only unless one thing itrsquos Public Databasebull Secure Database leads to monitor activity and knows
authorized people
Why Database Security Is Important
Laws about Security
bull SOX Sarbanes Oxleybull ldquoprotect investors by improving reliability of corporaterdquo
bull PCI Payment Card industry bull Related to Credit card companies such as Visa Master card
bull GLBA Gramm Leach Bliley Act bull companies that offer consumers financial products or services like loans
bull DATA Data Accountability and Trust Actbull security policies and procedures to protect data containing personal
information
How Database are Hacked
How Database are Hacked
bull As Database Administrator you need to know Threats that can effect on your databasebull Definition of threats context of computer security refers to anything
that has the potential to cause serious harm to a computer system A threat is something that may or may not happen but has the potential to cause serious damage Threats can lead to attacks on computer systems networks and morebull Vulnerability Existence of a weakness design or implementation error
that Existence of a weakness design or implementation error that can lead to an unexpected and undesirable event compromising the security of the system
Elements Of Security
bull Confidentiality bull The concealment of information or resources
bull Authenticitybull The identification and assurance of the origin of information
bull Integritybull The trustworthiness of data or resources in terms of preventing improper and
unauthorized changes
bull Availabilitybull The ability to use the desired information or resource
Triangle of Security
Decide Before Moving The Ball
What The Hacker Do bull Gather Information
bull Active Directly Such as social engineeringbull Passive Google search Social media
bull Scanning bull use some tools for scan vulnerabilities of the system
bull Gaining Accessbull Penetration Phase continue attacking to explore deeper into the target network
bull Maintaining Accessbull Downloading Phase
bull Clearing Tracks
ldquoThe more the hacker learns about your internal operations means the more likely he will be intrude and exploit So be Securerdquo
Attack Oracle-Database Server
bull Database servers are usually hacked to get the critical informationbull Mistakes made by the web designers can reveal the databases of the
server to the hacker
bull Finding an Oracle database server on network is done using TCP port scanbull Once Oracle Database Server has been discovered First Port of call is
TNS Listener
Top Threats Effect on Database Server
bull Unused Privileges-bull When user are Granted Database access Privileges that exceed requirement
of their job these Privileges can lead to major issue if the user was know what he is doing
bull REVOKE CREATE DATABASE LINK FROM connectbull REVOKE EXECUTE ON utl_tcp FROM publicbull REVOKE EXECUTE ON utl_smtp FROM publicbull REVOKE EXECUTE ON utl_http FROM publicbull REVOKE EXECUTE ON utl_mail FROM publicbull REVOKE EXECUTE ON utl_inaddr FROM publicbull REVOKE EXECUTE ON utl_file FROM publicbull REVOKE EXECUTE ON dbms_java FROm public
Top Threats Effect on Database Server
bull httpsupportoraclecom
bull Review database user privilegesbull Note 10202866 - Script to Create View to Show All User Privs
Note 10502676 - SCRIPT Script to show table privileges for users and rolesNote 10201766 - SCRIPT Script to Generate object privilege GRANTS
bull Revoke privileges from PUBLIC where not necessarybull Note 2470931 - Be Cautious When Revoking Privileges Granted to PUBLIC
Note 2345511 - PUBLIC Is it a User a Role a User Group a Privilege Note 3902251 - Execute Privileges Are Reset For Public After Applying Patchset
bull Weak Authenticationbull Most common Default Password for Database
Username Password
Sys Manager
Sys System
Sys Oracle
System Same as sys
Apps Apps ( EBS User )
scott tiger
Top Threats Effect on Database Server
Oracle Default Password List By Pete Finniganhttpwwwpetefinnigancomdefaultdefault_password_listhtm
Voyager Beta worm
bull On 20-december 2005 an anonymous poster (kwbbwifindnotcom ) posted an variant of the Oracle Voyager Wormbull Read more About this Worm bull httpwwwred-database-securitycomadvisoryoracle_worm_voyagerhtml
bull attacks Oracle servers using default accounts and passwordbull It attempts a TCP connection to TCP Port 1521 Where oracle
connection Service listensbull If Ok Then Tries Series of Username and passwordbull Systemmanager syschange_on_install dbsnmpdbsnmp scotttiger
bull Authenticate Ok It will create table to transfer payload
bull Denial of service (DoS) -bull Common DoS techniques include buffer overflows data corruption network
flooding and resource consumptionbull It is an attack through which a person can render a system unusable or
significantly slow it down for system unusable or significantly slow it down for legitimate users by overloading its resources
bull Attackers maybull Attempt to flood a network thereby preventing legitimate network trafficbull Attempt to disrupt connections between two machines thereby Attempt to disrupt
connections between two machines thereby preventing access to a servicebull Attempt to prevent a particular individual from accessing a servicebull Attempt to disrupt service to a specific system or person
Top Threats Effect on Database Server
bull The Impact-bull Disabled networkbull Disabled organizationbull Financial lossbull Loss of goodwill
bull DoS Attack Classification-bull Smurf - Generates a large amount of ICMP echo (ping)bull Buffer Overflow Attack - The program writes more information into the bufferbull Ping of death - Send IP Packets larger than the 65536 Bytes bull Teardrop - IP Requires that packet that is too large for next Routerbull SYN Attack - Sends bogus TCP SYN requests to a victim server
Top Threats Effect on Database Server
bull Examples DoS Attack Tools -bull Jolt2bull Buboniccbull Land and LaTierrabull Targabull Blast20bull Nemesybull Panther2bull Crazy Pingerbull Some Troublebull UDP Floodbull FSMax
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull SQL Injectionbull type of security exploit in which the attacker injects Structured Query
Language (SQL) code through a web form input box to gain Structured Query Language (SQL) code through a web form input box to gain access to resources or make changes to databull Programmer use sequential commands with user inputs making it easier for
attackers to inject commandsbull Attacker can do SQL Commands through web applicationbull For Example when a user logs onto a web page by using a user name and
password for validation a SQL query is user name and password for validation a SQL query is usedbull What I Need Any Web Browser
bull What Should I look For in SQL Injection bull HTML method
bull POST you cannot see any parameters in browserbull GET
bull Check HTML Source CodeltForm action=searchasp method=postgt ltinput type=hidden name=X value=ZgtltFormgt
bull Examples bull http wwwmywebsitecom indexaspid=10
Top Threats Effect on Database Server
Top Threats Effect on Database Server
If you get this error then the website is vulnerable to an SQL injection attack
Top Threats Effect on Database Server
bull But Wait How Can I Test SQL Injection bull Different Way Different Toolsbull Easy Way to use Single Quote in the input
bull Examples bull bull blahrsquo or 1=1mdashbull Loginblahrsquo or 1=1mdashbull bull Passwordblahrsquo or 1=1mdash
http wwwmywebsitecom indexaspid=10
Will be like thishttp wwwmywebsitecomindexaspid=blahrsquo or 1=1--
bull Another examples for single quote usage in SQL Injection bull lsquo or 1=1mdashbull ldquo or 1=1mdashbull lsquo or lsquoarsquo=lsquoabull ldquo or ldquoardquo=ldquoabull lsquo) or (lsquoarsquo=lsquoa)
bull The hacker breaks into the system by injecting malformed SQL into the query because the executed query is formed by the concatenation of a fixed string and values entered by the userbull string strQry = SELECT Count() FROM Users WHERE UserName= + txtUserText + AND
Password= + txtPasswordText +
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull If the user enter valid username and password the query strQry will be changedLike this SELECT Count() FROM Users WHERE UserName=Paul AND Password=passwordlsquo
bull But The Hacker will not leave weak code Alone and he will enter - Or 1=1 ndash
bull The New Query Will be SELECT Count() FROM Users WHERE UserName= Or 1=1 -- AND Password=
bull 1=1 is always true for every row in the table so assuming there is at least one row in the table this SQL always return nonzero count of records
Top Threats Effect on Database Server
bull Weak Audit Trail
In God I trust For everyone else I keep log files
Performance impacts
Determine what is important to be audited
Top Threats Effect on Database Server
Limited Resource
Which Mechanism Of Audit Trail I should Use
No End-To-End Auditing
Top Threats Effect on Database Server
Application
Top Threats Effect on Database Server
bull Whether database auditing is enabled or disabled Oracle will always audit certain database actions into the OS audit trail There is no way to change this behavior because it is a formal requirement of the security evaluation criteria
Documents Every DBA Should Read
bull NOTE1743401 - Audit SYS User Operations (How to Audit SYSDBA)bull NOTE5532251 - How To Set the AUDIT_SYSLOG_LEVEL Parameter bull NOTE12990331- Master Note For Oracle Database Auditingbull Note 1743401 - Audit SYS User Operationsbull note 11713141 HugeLargeExcessive Number Of Audit Records Are Being Generated In The
Databasebull Note 15097231 - Oracle Database Auditing Performance
Top Threats Effect on Database Server
bull Malwarebull is software designed to infiltrate or damage a computer system without the
owners informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile intrusive or annoying software or program code
Report From Verizon Data-ldquo69 breaches incorporated malwarerdquo
httpwwwwiredcomimages_blogsthreatlevel201203Verizon-Data-Breach-Report-2012pdf
Top Threats Effect on Database Server
bull Malware includes computer viruses worms trojan horses spyware adware most rootkits and other malicious programs In law malware is sometimes known as a computer contaminant in various legal codes
Top Threats Effect on Database Server
Most Common Ports-
Windows netstat ndashan | findstr ltport numbergtLinux netstat ndashan | grep ltport numbergt
Name Protocol Ports
Back Office UDP 31337 Or 31338Deep Throat UDP 2140 and 3150Net Bus TCP 12345 and 12346Whack-a-mole TCP 12361 and 12362Net Bus 2 Pro TCP 20034Girlfriend TCP 21544Master Paradise TCP 3129 40421 40422
40423 and 40426
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
Introduction
bull10 January 2014 Target data theft affected 70 million customersbullData Theft is Becoming Major ThreatbullData Theft is Bank of goldbull90 of companies say theyve been hackedbullMost of the Target Data are Personal Stuff Such as
Credit Card Account Number and Passwords
Revising the Top 10 Data Loss Incidents list
Introduction
ldquoYour Personal Data is Worth Pretty Penny But it All Depends On Who Wants itrdquo TrendMicro Average for personal Data Between 0$-1200$
If you want to know how much your Personal Data Worth Check this Website httpwwwftcomcmss2927ca86e-d29b-11e2-88ed-00144feab7dehtmlaxzz2ukFAZIUF
Introduction
SURPRISE
bull In 2012 Report from Verizon Data Indicate that 96 of Records breached are from databasebull Less Than 5 of Security Spend on Data Center (WW Security Products )
Introduction
5
95
Data Center
Why Database Security Is Important
bull Database is the most important Data Banking bull Financial Databull ClientCustomer Databull Corporateorganization Data
bull If the database stop working the company will lose moneybull If the database is getting hacked imagine what happened to the
company
bull Ensure the data is confidential and prevent any outsourcing modificationbull Secure database provide an additional benefit which is data
management become more efficient and effectivebull Access to database should be only restricted to authorized people
only unless one thing itrsquos Public Databasebull Secure Database leads to monitor activity and knows
authorized people
Why Database Security Is Important
Laws about Security
bull SOX Sarbanes Oxleybull ldquoprotect investors by improving reliability of corporaterdquo
bull PCI Payment Card industry bull Related to Credit card companies such as Visa Master card
bull GLBA Gramm Leach Bliley Act bull companies that offer consumers financial products or services like loans
bull DATA Data Accountability and Trust Actbull security policies and procedures to protect data containing personal
information
How Database are Hacked
How Database are Hacked
bull As Database Administrator you need to know Threats that can effect on your databasebull Definition of threats context of computer security refers to anything
that has the potential to cause serious harm to a computer system A threat is something that may or may not happen but has the potential to cause serious damage Threats can lead to attacks on computer systems networks and morebull Vulnerability Existence of a weakness design or implementation error
that Existence of a weakness design or implementation error that can lead to an unexpected and undesirable event compromising the security of the system
Elements Of Security
bull Confidentiality bull The concealment of information or resources
bull Authenticitybull The identification and assurance of the origin of information
bull Integritybull The trustworthiness of data or resources in terms of preventing improper and
unauthorized changes
bull Availabilitybull The ability to use the desired information or resource
Triangle of Security
Decide Before Moving The Ball
What The Hacker Do bull Gather Information
bull Active Directly Such as social engineeringbull Passive Google search Social media
bull Scanning bull use some tools for scan vulnerabilities of the system
bull Gaining Accessbull Penetration Phase continue attacking to explore deeper into the target network
bull Maintaining Accessbull Downloading Phase
bull Clearing Tracks
ldquoThe more the hacker learns about your internal operations means the more likely he will be intrude and exploit So be Securerdquo
Attack Oracle-Database Server
bull Database servers are usually hacked to get the critical informationbull Mistakes made by the web designers can reveal the databases of the
server to the hacker
bull Finding an Oracle database server on network is done using TCP port scanbull Once Oracle Database Server has been discovered First Port of call is
TNS Listener
Top Threats Effect on Database Server
bull Unused Privileges-bull When user are Granted Database access Privileges that exceed requirement
of their job these Privileges can lead to major issue if the user was know what he is doing
bull REVOKE CREATE DATABASE LINK FROM connectbull REVOKE EXECUTE ON utl_tcp FROM publicbull REVOKE EXECUTE ON utl_smtp FROM publicbull REVOKE EXECUTE ON utl_http FROM publicbull REVOKE EXECUTE ON utl_mail FROM publicbull REVOKE EXECUTE ON utl_inaddr FROM publicbull REVOKE EXECUTE ON utl_file FROM publicbull REVOKE EXECUTE ON dbms_java FROm public
Top Threats Effect on Database Server
bull httpsupportoraclecom
bull Review database user privilegesbull Note 10202866 - Script to Create View to Show All User Privs
Note 10502676 - SCRIPT Script to show table privileges for users and rolesNote 10201766 - SCRIPT Script to Generate object privilege GRANTS
bull Revoke privileges from PUBLIC where not necessarybull Note 2470931 - Be Cautious When Revoking Privileges Granted to PUBLIC
Note 2345511 - PUBLIC Is it a User a Role a User Group a Privilege Note 3902251 - Execute Privileges Are Reset For Public After Applying Patchset
bull Weak Authenticationbull Most common Default Password for Database
Username Password
Sys Manager
Sys System
Sys Oracle
System Same as sys
Apps Apps ( EBS User )
scott tiger
Top Threats Effect on Database Server
Oracle Default Password List By Pete Finniganhttpwwwpetefinnigancomdefaultdefault_password_listhtm
Voyager Beta worm
bull On 20-december 2005 an anonymous poster (kwbbwifindnotcom ) posted an variant of the Oracle Voyager Wormbull Read more About this Worm bull httpwwwred-database-securitycomadvisoryoracle_worm_voyagerhtml
bull attacks Oracle servers using default accounts and passwordbull It attempts a TCP connection to TCP Port 1521 Where oracle
connection Service listensbull If Ok Then Tries Series of Username and passwordbull Systemmanager syschange_on_install dbsnmpdbsnmp scotttiger
bull Authenticate Ok It will create table to transfer payload
bull Denial of service (DoS) -bull Common DoS techniques include buffer overflows data corruption network
flooding and resource consumptionbull It is an attack through which a person can render a system unusable or
significantly slow it down for system unusable or significantly slow it down for legitimate users by overloading its resources
bull Attackers maybull Attempt to flood a network thereby preventing legitimate network trafficbull Attempt to disrupt connections between two machines thereby Attempt to disrupt
connections between two machines thereby preventing access to a servicebull Attempt to prevent a particular individual from accessing a servicebull Attempt to disrupt service to a specific system or person
Top Threats Effect on Database Server
bull The Impact-bull Disabled networkbull Disabled organizationbull Financial lossbull Loss of goodwill
bull DoS Attack Classification-bull Smurf - Generates a large amount of ICMP echo (ping)bull Buffer Overflow Attack - The program writes more information into the bufferbull Ping of death - Send IP Packets larger than the 65536 Bytes bull Teardrop - IP Requires that packet that is too large for next Routerbull SYN Attack - Sends bogus TCP SYN requests to a victim server
Top Threats Effect on Database Server
bull Examples DoS Attack Tools -bull Jolt2bull Buboniccbull Land and LaTierrabull Targabull Blast20bull Nemesybull Panther2bull Crazy Pingerbull Some Troublebull UDP Floodbull FSMax
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull SQL Injectionbull type of security exploit in which the attacker injects Structured Query
Language (SQL) code through a web form input box to gain Structured Query Language (SQL) code through a web form input box to gain access to resources or make changes to databull Programmer use sequential commands with user inputs making it easier for
attackers to inject commandsbull Attacker can do SQL Commands through web applicationbull For Example when a user logs onto a web page by using a user name and
password for validation a SQL query is user name and password for validation a SQL query is usedbull What I Need Any Web Browser
bull What Should I look For in SQL Injection bull HTML method
bull POST you cannot see any parameters in browserbull GET
bull Check HTML Source CodeltForm action=searchasp method=postgt ltinput type=hidden name=X value=ZgtltFormgt
bull Examples bull http wwwmywebsitecom indexaspid=10
Top Threats Effect on Database Server
Top Threats Effect on Database Server
If you get this error then the website is vulnerable to an SQL injection attack
Top Threats Effect on Database Server
bull But Wait How Can I Test SQL Injection bull Different Way Different Toolsbull Easy Way to use Single Quote in the input
bull Examples bull bull blahrsquo or 1=1mdashbull Loginblahrsquo or 1=1mdashbull bull Passwordblahrsquo or 1=1mdash
http wwwmywebsitecom indexaspid=10
Will be like thishttp wwwmywebsitecomindexaspid=blahrsquo or 1=1--
bull Another examples for single quote usage in SQL Injection bull lsquo or 1=1mdashbull ldquo or 1=1mdashbull lsquo or lsquoarsquo=lsquoabull ldquo or ldquoardquo=ldquoabull lsquo) or (lsquoarsquo=lsquoa)
bull The hacker breaks into the system by injecting malformed SQL into the query because the executed query is formed by the concatenation of a fixed string and values entered by the userbull string strQry = SELECT Count() FROM Users WHERE UserName= + txtUserText + AND
Password= + txtPasswordText +
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull If the user enter valid username and password the query strQry will be changedLike this SELECT Count() FROM Users WHERE UserName=Paul AND Password=passwordlsquo
bull But The Hacker will not leave weak code Alone and he will enter - Or 1=1 ndash
bull The New Query Will be SELECT Count() FROM Users WHERE UserName= Or 1=1 -- AND Password=
bull 1=1 is always true for every row in the table so assuming there is at least one row in the table this SQL always return nonzero count of records
Top Threats Effect on Database Server
bull Weak Audit Trail
In God I trust For everyone else I keep log files
Performance impacts
Determine what is important to be audited
Top Threats Effect on Database Server
Limited Resource
Which Mechanism Of Audit Trail I should Use
No End-To-End Auditing
Top Threats Effect on Database Server
Application
Top Threats Effect on Database Server
bull Whether database auditing is enabled or disabled Oracle will always audit certain database actions into the OS audit trail There is no way to change this behavior because it is a formal requirement of the security evaluation criteria
Documents Every DBA Should Read
bull NOTE1743401 - Audit SYS User Operations (How to Audit SYSDBA)bull NOTE5532251 - How To Set the AUDIT_SYSLOG_LEVEL Parameter bull NOTE12990331- Master Note For Oracle Database Auditingbull Note 1743401 - Audit SYS User Operationsbull note 11713141 HugeLargeExcessive Number Of Audit Records Are Being Generated In The
Databasebull Note 15097231 - Oracle Database Auditing Performance
Top Threats Effect on Database Server
bull Malwarebull is software designed to infiltrate or damage a computer system without the
owners informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile intrusive or annoying software or program code
Report From Verizon Data-ldquo69 breaches incorporated malwarerdquo
httpwwwwiredcomimages_blogsthreatlevel201203Verizon-Data-Breach-Report-2012pdf
Top Threats Effect on Database Server
bull Malware includes computer viruses worms trojan horses spyware adware most rootkits and other malicious programs In law malware is sometimes known as a computer contaminant in various legal codes
Top Threats Effect on Database Server
Most Common Ports-
Windows netstat ndashan | findstr ltport numbergtLinux netstat ndashan | grep ltport numbergt
Name Protocol Ports
Back Office UDP 31337 Or 31338Deep Throat UDP 2140 and 3150Net Bus TCP 12345 and 12346Whack-a-mole TCP 12361 and 12362Net Bus 2 Pro TCP 20034Girlfriend TCP 21544Master Paradise TCP 3129 40421 40422
40423 and 40426
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
Revising the Top 10 Data Loss Incidents list
Introduction
ldquoYour Personal Data is Worth Pretty Penny But it All Depends On Who Wants itrdquo TrendMicro Average for personal Data Between 0$-1200$
If you want to know how much your Personal Data Worth Check this Website httpwwwftcomcmss2927ca86e-d29b-11e2-88ed-00144feab7dehtmlaxzz2ukFAZIUF
Introduction
SURPRISE
bull In 2012 Report from Verizon Data Indicate that 96 of Records breached are from databasebull Less Than 5 of Security Spend on Data Center (WW Security Products )
Introduction
5
95
Data Center
Why Database Security Is Important
bull Database is the most important Data Banking bull Financial Databull ClientCustomer Databull Corporateorganization Data
bull If the database stop working the company will lose moneybull If the database is getting hacked imagine what happened to the
company
bull Ensure the data is confidential and prevent any outsourcing modificationbull Secure database provide an additional benefit which is data
management become more efficient and effectivebull Access to database should be only restricted to authorized people
only unless one thing itrsquos Public Databasebull Secure Database leads to monitor activity and knows
authorized people
Why Database Security Is Important
Laws about Security
bull SOX Sarbanes Oxleybull ldquoprotect investors by improving reliability of corporaterdquo
bull PCI Payment Card industry bull Related to Credit card companies such as Visa Master card
bull GLBA Gramm Leach Bliley Act bull companies that offer consumers financial products or services like loans
bull DATA Data Accountability and Trust Actbull security policies and procedures to protect data containing personal
information
How Database are Hacked
How Database are Hacked
bull As Database Administrator you need to know Threats that can effect on your databasebull Definition of threats context of computer security refers to anything
that has the potential to cause serious harm to a computer system A threat is something that may or may not happen but has the potential to cause serious damage Threats can lead to attacks on computer systems networks and morebull Vulnerability Existence of a weakness design or implementation error
that Existence of a weakness design or implementation error that can lead to an unexpected and undesirable event compromising the security of the system
Elements Of Security
bull Confidentiality bull The concealment of information or resources
bull Authenticitybull The identification and assurance of the origin of information
bull Integritybull The trustworthiness of data or resources in terms of preventing improper and
unauthorized changes
bull Availabilitybull The ability to use the desired information or resource
Triangle of Security
Decide Before Moving The Ball
What The Hacker Do bull Gather Information
bull Active Directly Such as social engineeringbull Passive Google search Social media
bull Scanning bull use some tools for scan vulnerabilities of the system
bull Gaining Accessbull Penetration Phase continue attacking to explore deeper into the target network
bull Maintaining Accessbull Downloading Phase
bull Clearing Tracks
ldquoThe more the hacker learns about your internal operations means the more likely he will be intrude and exploit So be Securerdquo
Attack Oracle-Database Server
bull Database servers are usually hacked to get the critical informationbull Mistakes made by the web designers can reveal the databases of the
server to the hacker
bull Finding an Oracle database server on network is done using TCP port scanbull Once Oracle Database Server has been discovered First Port of call is
TNS Listener
Top Threats Effect on Database Server
bull Unused Privileges-bull When user are Granted Database access Privileges that exceed requirement
of their job these Privileges can lead to major issue if the user was know what he is doing
bull REVOKE CREATE DATABASE LINK FROM connectbull REVOKE EXECUTE ON utl_tcp FROM publicbull REVOKE EXECUTE ON utl_smtp FROM publicbull REVOKE EXECUTE ON utl_http FROM publicbull REVOKE EXECUTE ON utl_mail FROM publicbull REVOKE EXECUTE ON utl_inaddr FROM publicbull REVOKE EXECUTE ON utl_file FROM publicbull REVOKE EXECUTE ON dbms_java FROm public
Top Threats Effect on Database Server
bull httpsupportoraclecom
bull Review database user privilegesbull Note 10202866 - Script to Create View to Show All User Privs
Note 10502676 - SCRIPT Script to show table privileges for users and rolesNote 10201766 - SCRIPT Script to Generate object privilege GRANTS
bull Revoke privileges from PUBLIC where not necessarybull Note 2470931 - Be Cautious When Revoking Privileges Granted to PUBLIC
Note 2345511 - PUBLIC Is it a User a Role a User Group a Privilege Note 3902251 - Execute Privileges Are Reset For Public After Applying Patchset
bull Weak Authenticationbull Most common Default Password for Database
Username Password
Sys Manager
Sys System
Sys Oracle
System Same as sys
Apps Apps ( EBS User )
scott tiger
Top Threats Effect on Database Server
Oracle Default Password List By Pete Finniganhttpwwwpetefinnigancomdefaultdefault_password_listhtm
Voyager Beta worm
bull On 20-december 2005 an anonymous poster (kwbbwifindnotcom ) posted an variant of the Oracle Voyager Wormbull Read more About this Worm bull httpwwwred-database-securitycomadvisoryoracle_worm_voyagerhtml
bull attacks Oracle servers using default accounts and passwordbull It attempts a TCP connection to TCP Port 1521 Where oracle
connection Service listensbull If Ok Then Tries Series of Username and passwordbull Systemmanager syschange_on_install dbsnmpdbsnmp scotttiger
bull Authenticate Ok It will create table to transfer payload
bull Denial of service (DoS) -bull Common DoS techniques include buffer overflows data corruption network
flooding and resource consumptionbull It is an attack through which a person can render a system unusable or
significantly slow it down for system unusable or significantly slow it down for legitimate users by overloading its resources
bull Attackers maybull Attempt to flood a network thereby preventing legitimate network trafficbull Attempt to disrupt connections between two machines thereby Attempt to disrupt
connections between two machines thereby preventing access to a servicebull Attempt to prevent a particular individual from accessing a servicebull Attempt to disrupt service to a specific system or person
Top Threats Effect on Database Server
bull The Impact-bull Disabled networkbull Disabled organizationbull Financial lossbull Loss of goodwill
bull DoS Attack Classification-bull Smurf - Generates a large amount of ICMP echo (ping)bull Buffer Overflow Attack - The program writes more information into the bufferbull Ping of death - Send IP Packets larger than the 65536 Bytes bull Teardrop - IP Requires that packet that is too large for next Routerbull SYN Attack - Sends bogus TCP SYN requests to a victim server
Top Threats Effect on Database Server
bull Examples DoS Attack Tools -bull Jolt2bull Buboniccbull Land and LaTierrabull Targabull Blast20bull Nemesybull Panther2bull Crazy Pingerbull Some Troublebull UDP Floodbull FSMax
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull SQL Injectionbull type of security exploit in which the attacker injects Structured Query
Language (SQL) code through a web form input box to gain Structured Query Language (SQL) code through a web form input box to gain access to resources or make changes to databull Programmer use sequential commands with user inputs making it easier for
attackers to inject commandsbull Attacker can do SQL Commands through web applicationbull For Example when a user logs onto a web page by using a user name and
password for validation a SQL query is user name and password for validation a SQL query is usedbull What I Need Any Web Browser
bull What Should I look For in SQL Injection bull HTML method
bull POST you cannot see any parameters in browserbull GET
bull Check HTML Source CodeltForm action=searchasp method=postgt ltinput type=hidden name=X value=ZgtltFormgt
bull Examples bull http wwwmywebsitecom indexaspid=10
Top Threats Effect on Database Server
Top Threats Effect on Database Server
If you get this error then the website is vulnerable to an SQL injection attack
Top Threats Effect on Database Server
bull But Wait How Can I Test SQL Injection bull Different Way Different Toolsbull Easy Way to use Single Quote in the input
bull Examples bull bull blahrsquo or 1=1mdashbull Loginblahrsquo or 1=1mdashbull bull Passwordblahrsquo or 1=1mdash
http wwwmywebsitecom indexaspid=10
Will be like thishttp wwwmywebsitecomindexaspid=blahrsquo or 1=1--
bull Another examples for single quote usage in SQL Injection bull lsquo or 1=1mdashbull ldquo or 1=1mdashbull lsquo or lsquoarsquo=lsquoabull ldquo or ldquoardquo=ldquoabull lsquo) or (lsquoarsquo=lsquoa)
bull The hacker breaks into the system by injecting malformed SQL into the query because the executed query is formed by the concatenation of a fixed string and values entered by the userbull string strQry = SELECT Count() FROM Users WHERE UserName= + txtUserText + AND
Password= + txtPasswordText +
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull If the user enter valid username and password the query strQry will be changedLike this SELECT Count() FROM Users WHERE UserName=Paul AND Password=passwordlsquo
bull But The Hacker will not leave weak code Alone and he will enter - Or 1=1 ndash
bull The New Query Will be SELECT Count() FROM Users WHERE UserName= Or 1=1 -- AND Password=
bull 1=1 is always true for every row in the table so assuming there is at least one row in the table this SQL always return nonzero count of records
Top Threats Effect on Database Server
bull Weak Audit Trail
In God I trust For everyone else I keep log files
Performance impacts
Determine what is important to be audited
Top Threats Effect on Database Server
Limited Resource
Which Mechanism Of Audit Trail I should Use
No End-To-End Auditing
Top Threats Effect on Database Server
Application
Top Threats Effect on Database Server
bull Whether database auditing is enabled or disabled Oracle will always audit certain database actions into the OS audit trail There is no way to change this behavior because it is a formal requirement of the security evaluation criteria
Documents Every DBA Should Read
bull NOTE1743401 - Audit SYS User Operations (How to Audit SYSDBA)bull NOTE5532251 - How To Set the AUDIT_SYSLOG_LEVEL Parameter bull NOTE12990331- Master Note For Oracle Database Auditingbull Note 1743401 - Audit SYS User Operationsbull note 11713141 HugeLargeExcessive Number Of Audit Records Are Being Generated In The
Databasebull Note 15097231 - Oracle Database Auditing Performance
Top Threats Effect on Database Server
bull Malwarebull is software designed to infiltrate or damage a computer system without the
owners informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile intrusive or annoying software or program code
Report From Verizon Data-ldquo69 breaches incorporated malwarerdquo
httpwwwwiredcomimages_blogsthreatlevel201203Verizon-Data-Breach-Report-2012pdf
Top Threats Effect on Database Server
bull Malware includes computer viruses worms trojan horses spyware adware most rootkits and other malicious programs In law malware is sometimes known as a computer contaminant in various legal codes
Top Threats Effect on Database Server
Most Common Ports-
Windows netstat ndashan | findstr ltport numbergtLinux netstat ndashan | grep ltport numbergt
Name Protocol Ports
Back Office UDP 31337 Or 31338Deep Throat UDP 2140 and 3150Net Bus TCP 12345 and 12346Whack-a-mole TCP 12361 and 12362Net Bus 2 Pro TCP 20034Girlfriend TCP 21544Master Paradise TCP 3129 40421 40422
40423 and 40426
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
ldquoYour Personal Data is Worth Pretty Penny But it All Depends On Who Wants itrdquo TrendMicro Average for personal Data Between 0$-1200$
If you want to know how much your Personal Data Worth Check this Website httpwwwftcomcmss2927ca86e-d29b-11e2-88ed-00144feab7dehtmlaxzz2ukFAZIUF
Introduction
SURPRISE
bull In 2012 Report from Verizon Data Indicate that 96 of Records breached are from databasebull Less Than 5 of Security Spend on Data Center (WW Security Products )
Introduction
5
95
Data Center
Why Database Security Is Important
bull Database is the most important Data Banking bull Financial Databull ClientCustomer Databull Corporateorganization Data
bull If the database stop working the company will lose moneybull If the database is getting hacked imagine what happened to the
company
bull Ensure the data is confidential and prevent any outsourcing modificationbull Secure database provide an additional benefit which is data
management become more efficient and effectivebull Access to database should be only restricted to authorized people
only unless one thing itrsquos Public Databasebull Secure Database leads to monitor activity and knows
authorized people
Why Database Security Is Important
Laws about Security
bull SOX Sarbanes Oxleybull ldquoprotect investors by improving reliability of corporaterdquo
bull PCI Payment Card industry bull Related to Credit card companies such as Visa Master card
bull GLBA Gramm Leach Bliley Act bull companies that offer consumers financial products or services like loans
bull DATA Data Accountability and Trust Actbull security policies and procedures to protect data containing personal
information
How Database are Hacked
How Database are Hacked
bull As Database Administrator you need to know Threats that can effect on your databasebull Definition of threats context of computer security refers to anything
that has the potential to cause serious harm to a computer system A threat is something that may or may not happen but has the potential to cause serious damage Threats can lead to attacks on computer systems networks and morebull Vulnerability Existence of a weakness design or implementation error
that Existence of a weakness design or implementation error that can lead to an unexpected and undesirable event compromising the security of the system
Elements Of Security
bull Confidentiality bull The concealment of information or resources
bull Authenticitybull The identification and assurance of the origin of information
bull Integritybull The trustworthiness of data or resources in terms of preventing improper and
unauthorized changes
bull Availabilitybull The ability to use the desired information or resource
Triangle of Security
Decide Before Moving The Ball
What The Hacker Do bull Gather Information
bull Active Directly Such as social engineeringbull Passive Google search Social media
bull Scanning bull use some tools for scan vulnerabilities of the system
bull Gaining Accessbull Penetration Phase continue attacking to explore deeper into the target network
bull Maintaining Accessbull Downloading Phase
bull Clearing Tracks
ldquoThe more the hacker learns about your internal operations means the more likely he will be intrude and exploit So be Securerdquo
Attack Oracle-Database Server
bull Database servers are usually hacked to get the critical informationbull Mistakes made by the web designers can reveal the databases of the
server to the hacker
bull Finding an Oracle database server on network is done using TCP port scanbull Once Oracle Database Server has been discovered First Port of call is
TNS Listener
Top Threats Effect on Database Server
bull Unused Privileges-bull When user are Granted Database access Privileges that exceed requirement
of their job these Privileges can lead to major issue if the user was know what he is doing
bull REVOKE CREATE DATABASE LINK FROM connectbull REVOKE EXECUTE ON utl_tcp FROM publicbull REVOKE EXECUTE ON utl_smtp FROM publicbull REVOKE EXECUTE ON utl_http FROM publicbull REVOKE EXECUTE ON utl_mail FROM publicbull REVOKE EXECUTE ON utl_inaddr FROM publicbull REVOKE EXECUTE ON utl_file FROM publicbull REVOKE EXECUTE ON dbms_java FROm public
Top Threats Effect on Database Server
bull httpsupportoraclecom
bull Review database user privilegesbull Note 10202866 - Script to Create View to Show All User Privs
Note 10502676 - SCRIPT Script to show table privileges for users and rolesNote 10201766 - SCRIPT Script to Generate object privilege GRANTS
bull Revoke privileges from PUBLIC where not necessarybull Note 2470931 - Be Cautious When Revoking Privileges Granted to PUBLIC
Note 2345511 - PUBLIC Is it a User a Role a User Group a Privilege Note 3902251 - Execute Privileges Are Reset For Public After Applying Patchset
bull Weak Authenticationbull Most common Default Password for Database
Username Password
Sys Manager
Sys System
Sys Oracle
System Same as sys
Apps Apps ( EBS User )
scott tiger
Top Threats Effect on Database Server
Oracle Default Password List By Pete Finniganhttpwwwpetefinnigancomdefaultdefault_password_listhtm
Voyager Beta worm
bull On 20-december 2005 an anonymous poster (kwbbwifindnotcom ) posted an variant of the Oracle Voyager Wormbull Read more About this Worm bull httpwwwred-database-securitycomadvisoryoracle_worm_voyagerhtml
bull attacks Oracle servers using default accounts and passwordbull It attempts a TCP connection to TCP Port 1521 Where oracle
connection Service listensbull If Ok Then Tries Series of Username and passwordbull Systemmanager syschange_on_install dbsnmpdbsnmp scotttiger
bull Authenticate Ok It will create table to transfer payload
bull Denial of service (DoS) -bull Common DoS techniques include buffer overflows data corruption network
flooding and resource consumptionbull It is an attack through which a person can render a system unusable or
significantly slow it down for system unusable or significantly slow it down for legitimate users by overloading its resources
bull Attackers maybull Attempt to flood a network thereby preventing legitimate network trafficbull Attempt to disrupt connections between two machines thereby Attempt to disrupt
connections between two machines thereby preventing access to a servicebull Attempt to prevent a particular individual from accessing a servicebull Attempt to disrupt service to a specific system or person
Top Threats Effect on Database Server
bull The Impact-bull Disabled networkbull Disabled organizationbull Financial lossbull Loss of goodwill
bull DoS Attack Classification-bull Smurf - Generates a large amount of ICMP echo (ping)bull Buffer Overflow Attack - The program writes more information into the bufferbull Ping of death - Send IP Packets larger than the 65536 Bytes bull Teardrop - IP Requires that packet that is too large for next Routerbull SYN Attack - Sends bogus TCP SYN requests to a victim server
Top Threats Effect on Database Server
bull Examples DoS Attack Tools -bull Jolt2bull Buboniccbull Land and LaTierrabull Targabull Blast20bull Nemesybull Panther2bull Crazy Pingerbull Some Troublebull UDP Floodbull FSMax
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull SQL Injectionbull type of security exploit in which the attacker injects Structured Query
Language (SQL) code through a web form input box to gain Structured Query Language (SQL) code through a web form input box to gain access to resources or make changes to databull Programmer use sequential commands with user inputs making it easier for
attackers to inject commandsbull Attacker can do SQL Commands through web applicationbull For Example when a user logs onto a web page by using a user name and
password for validation a SQL query is user name and password for validation a SQL query is usedbull What I Need Any Web Browser
bull What Should I look For in SQL Injection bull HTML method
bull POST you cannot see any parameters in browserbull GET
bull Check HTML Source CodeltForm action=searchasp method=postgt ltinput type=hidden name=X value=ZgtltFormgt
bull Examples bull http wwwmywebsitecom indexaspid=10
Top Threats Effect on Database Server
Top Threats Effect on Database Server
If you get this error then the website is vulnerable to an SQL injection attack
Top Threats Effect on Database Server
bull But Wait How Can I Test SQL Injection bull Different Way Different Toolsbull Easy Way to use Single Quote in the input
bull Examples bull bull blahrsquo or 1=1mdashbull Loginblahrsquo or 1=1mdashbull bull Passwordblahrsquo or 1=1mdash
http wwwmywebsitecom indexaspid=10
Will be like thishttp wwwmywebsitecomindexaspid=blahrsquo or 1=1--
bull Another examples for single quote usage in SQL Injection bull lsquo or 1=1mdashbull ldquo or 1=1mdashbull lsquo or lsquoarsquo=lsquoabull ldquo or ldquoardquo=ldquoabull lsquo) or (lsquoarsquo=lsquoa)
bull The hacker breaks into the system by injecting malformed SQL into the query because the executed query is formed by the concatenation of a fixed string and values entered by the userbull string strQry = SELECT Count() FROM Users WHERE UserName= + txtUserText + AND
Password= + txtPasswordText +
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull If the user enter valid username and password the query strQry will be changedLike this SELECT Count() FROM Users WHERE UserName=Paul AND Password=passwordlsquo
bull But The Hacker will not leave weak code Alone and he will enter - Or 1=1 ndash
bull The New Query Will be SELECT Count() FROM Users WHERE UserName= Or 1=1 -- AND Password=
bull 1=1 is always true for every row in the table so assuming there is at least one row in the table this SQL always return nonzero count of records
Top Threats Effect on Database Server
bull Weak Audit Trail
In God I trust For everyone else I keep log files
Performance impacts
Determine what is important to be audited
Top Threats Effect on Database Server
Limited Resource
Which Mechanism Of Audit Trail I should Use
No End-To-End Auditing
Top Threats Effect on Database Server
Application
Top Threats Effect on Database Server
bull Whether database auditing is enabled or disabled Oracle will always audit certain database actions into the OS audit trail There is no way to change this behavior because it is a formal requirement of the security evaluation criteria
Documents Every DBA Should Read
bull NOTE1743401 - Audit SYS User Operations (How to Audit SYSDBA)bull NOTE5532251 - How To Set the AUDIT_SYSLOG_LEVEL Parameter bull NOTE12990331- Master Note For Oracle Database Auditingbull Note 1743401 - Audit SYS User Operationsbull note 11713141 HugeLargeExcessive Number Of Audit Records Are Being Generated In The
Databasebull Note 15097231 - Oracle Database Auditing Performance
Top Threats Effect on Database Server
bull Malwarebull is software designed to infiltrate or damage a computer system without the
owners informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile intrusive or annoying software or program code
Report From Verizon Data-ldquo69 breaches incorporated malwarerdquo
httpwwwwiredcomimages_blogsthreatlevel201203Verizon-Data-Breach-Report-2012pdf
Top Threats Effect on Database Server
bull Malware includes computer viruses worms trojan horses spyware adware most rootkits and other malicious programs In law malware is sometimes known as a computer contaminant in various legal codes
Top Threats Effect on Database Server
Most Common Ports-
Windows netstat ndashan | findstr ltport numbergtLinux netstat ndashan | grep ltport numbergt
Name Protocol Ports
Back Office UDP 31337 Or 31338Deep Throat UDP 2140 and 3150Net Bus TCP 12345 and 12346Whack-a-mole TCP 12361 and 12362Net Bus 2 Pro TCP 20034Girlfriend TCP 21544Master Paradise TCP 3129 40421 40422
40423 and 40426
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
SURPRISE
bull In 2012 Report from Verizon Data Indicate that 96 of Records breached are from databasebull Less Than 5 of Security Spend on Data Center (WW Security Products )
Introduction
5
95
Data Center
Why Database Security Is Important
bull Database is the most important Data Banking bull Financial Databull ClientCustomer Databull Corporateorganization Data
bull If the database stop working the company will lose moneybull If the database is getting hacked imagine what happened to the
company
bull Ensure the data is confidential and prevent any outsourcing modificationbull Secure database provide an additional benefit which is data
management become more efficient and effectivebull Access to database should be only restricted to authorized people
only unless one thing itrsquos Public Databasebull Secure Database leads to monitor activity and knows
authorized people
Why Database Security Is Important
Laws about Security
bull SOX Sarbanes Oxleybull ldquoprotect investors by improving reliability of corporaterdquo
bull PCI Payment Card industry bull Related to Credit card companies such as Visa Master card
bull GLBA Gramm Leach Bliley Act bull companies that offer consumers financial products or services like loans
bull DATA Data Accountability and Trust Actbull security policies and procedures to protect data containing personal
information
How Database are Hacked
How Database are Hacked
bull As Database Administrator you need to know Threats that can effect on your databasebull Definition of threats context of computer security refers to anything
that has the potential to cause serious harm to a computer system A threat is something that may or may not happen but has the potential to cause serious damage Threats can lead to attacks on computer systems networks and morebull Vulnerability Existence of a weakness design or implementation error
that Existence of a weakness design or implementation error that can lead to an unexpected and undesirable event compromising the security of the system
Elements Of Security
bull Confidentiality bull The concealment of information or resources
bull Authenticitybull The identification and assurance of the origin of information
bull Integritybull The trustworthiness of data or resources in terms of preventing improper and
unauthorized changes
bull Availabilitybull The ability to use the desired information or resource
Triangle of Security
Decide Before Moving The Ball
What The Hacker Do bull Gather Information
bull Active Directly Such as social engineeringbull Passive Google search Social media
bull Scanning bull use some tools for scan vulnerabilities of the system
bull Gaining Accessbull Penetration Phase continue attacking to explore deeper into the target network
bull Maintaining Accessbull Downloading Phase
bull Clearing Tracks
ldquoThe more the hacker learns about your internal operations means the more likely he will be intrude and exploit So be Securerdquo
Attack Oracle-Database Server
bull Database servers are usually hacked to get the critical informationbull Mistakes made by the web designers can reveal the databases of the
server to the hacker
bull Finding an Oracle database server on network is done using TCP port scanbull Once Oracle Database Server has been discovered First Port of call is
TNS Listener
Top Threats Effect on Database Server
bull Unused Privileges-bull When user are Granted Database access Privileges that exceed requirement
of their job these Privileges can lead to major issue if the user was know what he is doing
bull REVOKE CREATE DATABASE LINK FROM connectbull REVOKE EXECUTE ON utl_tcp FROM publicbull REVOKE EXECUTE ON utl_smtp FROM publicbull REVOKE EXECUTE ON utl_http FROM publicbull REVOKE EXECUTE ON utl_mail FROM publicbull REVOKE EXECUTE ON utl_inaddr FROM publicbull REVOKE EXECUTE ON utl_file FROM publicbull REVOKE EXECUTE ON dbms_java FROm public
Top Threats Effect on Database Server
bull httpsupportoraclecom
bull Review database user privilegesbull Note 10202866 - Script to Create View to Show All User Privs
Note 10502676 - SCRIPT Script to show table privileges for users and rolesNote 10201766 - SCRIPT Script to Generate object privilege GRANTS
bull Revoke privileges from PUBLIC where not necessarybull Note 2470931 - Be Cautious When Revoking Privileges Granted to PUBLIC
Note 2345511 - PUBLIC Is it a User a Role a User Group a Privilege Note 3902251 - Execute Privileges Are Reset For Public After Applying Patchset
bull Weak Authenticationbull Most common Default Password for Database
Username Password
Sys Manager
Sys System
Sys Oracle
System Same as sys
Apps Apps ( EBS User )
scott tiger
Top Threats Effect on Database Server
Oracle Default Password List By Pete Finniganhttpwwwpetefinnigancomdefaultdefault_password_listhtm
Voyager Beta worm
bull On 20-december 2005 an anonymous poster (kwbbwifindnotcom ) posted an variant of the Oracle Voyager Wormbull Read more About this Worm bull httpwwwred-database-securitycomadvisoryoracle_worm_voyagerhtml
bull attacks Oracle servers using default accounts and passwordbull It attempts a TCP connection to TCP Port 1521 Where oracle
connection Service listensbull If Ok Then Tries Series of Username and passwordbull Systemmanager syschange_on_install dbsnmpdbsnmp scotttiger
bull Authenticate Ok It will create table to transfer payload
bull Denial of service (DoS) -bull Common DoS techniques include buffer overflows data corruption network
flooding and resource consumptionbull It is an attack through which a person can render a system unusable or
significantly slow it down for system unusable or significantly slow it down for legitimate users by overloading its resources
bull Attackers maybull Attempt to flood a network thereby preventing legitimate network trafficbull Attempt to disrupt connections between two machines thereby Attempt to disrupt
connections between two machines thereby preventing access to a servicebull Attempt to prevent a particular individual from accessing a servicebull Attempt to disrupt service to a specific system or person
Top Threats Effect on Database Server
bull The Impact-bull Disabled networkbull Disabled organizationbull Financial lossbull Loss of goodwill
bull DoS Attack Classification-bull Smurf - Generates a large amount of ICMP echo (ping)bull Buffer Overflow Attack - The program writes more information into the bufferbull Ping of death - Send IP Packets larger than the 65536 Bytes bull Teardrop - IP Requires that packet that is too large for next Routerbull SYN Attack - Sends bogus TCP SYN requests to a victim server
Top Threats Effect on Database Server
bull Examples DoS Attack Tools -bull Jolt2bull Buboniccbull Land and LaTierrabull Targabull Blast20bull Nemesybull Panther2bull Crazy Pingerbull Some Troublebull UDP Floodbull FSMax
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull SQL Injectionbull type of security exploit in which the attacker injects Structured Query
Language (SQL) code through a web form input box to gain Structured Query Language (SQL) code through a web form input box to gain access to resources or make changes to databull Programmer use sequential commands with user inputs making it easier for
attackers to inject commandsbull Attacker can do SQL Commands through web applicationbull For Example when a user logs onto a web page by using a user name and
password for validation a SQL query is user name and password for validation a SQL query is usedbull What I Need Any Web Browser
bull What Should I look For in SQL Injection bull HTML method
bull POST you cannot see any parameters in browserbull GET
bull Check HTML Source CodeltForm action=searchasp method=postgt ltinput type=hidden name=X value=ZgtltFormgt
bull Examples bull http wwwmywebsitecom indexaspid=10
Top Threats Effect on Database Server
Top Threats Effect on Database Server
If you get this error then the website is vulnerable to an SQL injection attack
Top Threats Effect on Database Server
bull But Wait How Can I Test SQL Injection bull Different Way Different Toolsbull Easy Way to use Single Quote in the input
bull Examples bull bull blahrsquo or 1=1mdashbull Loginblahrsquo or 1=1mdashbull bull Passwordblahrsquo or 1=1mdash
http wwwmywebsitecom indexaspid=10
Will be like thishttp wwwmywebsitecomindexaspid=blahrsquo or 1=1--
bull Another examples for single quote usage in SQL Injection bull lsquo or 1=1mdashbull ldquo or 1=1mdashbull lsquo or lsquoarsquo=lsquoabull ldquo or ldquoardquo=ldquoabull lsquo) or (lsquoarsquo=lsquoa)
bull The hacker breaks into the system by injecting malformed SQL into the query because the executed query is formed by the concatenation of a fixed string and values entered by the userbull string strQry = SELECT Count() FROM Users WHERE UserName= + txtUserText + AND
Password= + txtPasswordText +
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull If the user enter valid username and password the query strQry will be changedLike this SELECT Count() FROM Users WHERE UserName=Paul AND Password=passwordlsquo
bull But The Hacker will not leave weak code Alone and he will enter - Or 1=1 ndash
bull The New Query Will be SELECT Count() FROM Users WHERE UserName= Or 1=1 -- AND Password=
bull 1=1 is always true for every row in the table so assuming there is at least one row in the table this SQL always return nonzero count of records
Top Threats Effect on Database Server
bull Weak Audit Trail
In God I trust For everyone else I keep log files
Performance impacts
Determine what is important to be audited
Top Threats Effect on Database Server
Limited Resource
Which Mechanism Of Audit Trail I should Use
No End-To-End Auditing
Top Threats Effect on Database Server
Application
Top Threats Effect on Database Server
bull Whether database auditing is enabled or disabled Oracle will always audit certain database actions into the OS audit trail There is no way to change this behavior because it is a formal requirement of the security evaluation criteria
Documents Every DBA Should Read
bull NOTE1743401 - Audit SYS User Operations (How to Audit SYSDBA)bull NOTE5532251 - How To Set the AUDIT_SYSLOG_LEVEL Parameter bull NOTE12990331- Master Note For Oracle Database Auditingbull Note 1743401 - Audit SYS User Operationsbull note 11713141 HugeLargeExcessive Number Of Audit Records Are Being Generated In The
Databasebull Note 15097231 - Oracle Database Auditing Performance
Top Threats Effect on Database Server
bull Malwarebull is software designed to infiltrate or damage a computer system without the
owners informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile intrusive or annoying software or program code
Report From Verizon Data-ldquo69 breaches incorporated malwarerdquo
httpwwwwiredcomimages_blogsthreatlevel201203Verizon-Data-Breach-Report-2012pdf
Top Threats Effect on Database Server
bull Malware includes computer viruses worms trojan horses spyware adware most rootkits and other malicious programs In law malware is sometimes known as a computer contaminant in various legal codes
Top Threats Effect on Database Server
Most Common Ports-
Windows netstat ndashan | findstr ltport numbergtLinux netstat ndashan | grep ltport numbergt
Name Protocol Ports
Back Office UDP 31337 Or 31338Deep Throat UDP 2140 and 3150Net Bus TCP 12345 and 12346Whack-a-mole TCP 12361 and 12362Net Bus 2 Pro TCP 20034Girlfriend TCP 21544Master Paradise TCP 3129 40421 40422
40423 and 40426
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
bull In 2012 Report from Verizon Data Indicate that 96 of Records breached are from databasebull Less Than 5 of Security Spend on Data Center (WW Security Products )
Introduction
5
95
Data Center
Why Database Security Is Important
bull Database is the most important Data Banking bull Financial Databull ClientCustomer Databull Corporateorganization Data
bull If the database stop working the company will lose moneybull If the database is getting hacked imagine what happened to the
company
bull Ensure the data is confidential and prevent any outsourcing modificationbull Secure database provide an additional benefit which is data
management become more efficient and effectivebull Access to database should be only restricted to authorized people
only unless one thing itrsquos Public Databasebull Secure Database leads to monitor activity and knows
authorized people
Why Database Security Is Important
Laws about Security
bull SOX Sarbanes Oxleybull ldquoprotect investors by improving reliability of corporaterdquo
bull PCI Payment Card industry bull Related to Credit card companies such as Visa Master card
bull GLBA Gramm Leach Bliley Act bull companies that offer consumers financial products or services like loans
bull DATA Data Accountability and Trust Actbull security policies and procedures to protect data containing personal
information
How Database are Hacked
How Database are Hacked
bull As Database Administrator you need to know Threats that can effect on your databasebull Definition of threats context of computer security refers to anything
that has the potential to cause serious harm to a computer system A threat is something that may or may not happen but has the potential to cause serious damage Threats can lead to attacks on computer systems networks and morebull Vulnerability Existence of a weakness design or implementation error
that Existence of a weakness design or implementation error that can lead to an unexpected and undesirable event compromising the security of the system
Elements Of Security
bull Confidentiality bull The concealment of information or resources
bull Authenticitybull The identification and assurance of the origin of information
bull Integritybull The trustworthiness of data or resources in terms of preventing improper and
unauthorized changes
bull Availabilitybull The ability to use the desired information or resource
Triangle of Security
Decide Before Moving The Ball
What The Hacker Do bull Gather Information
bull Active Directly Such as social engineeringbull Passive Google search Social media
bull Scanning bull use some tools for scan vulnerabilities of the system
bull Gaining Accessbull Penetration Phase continue attacking to explore deeper into the target network
bull Maintaining Accessbull Downloading Phase
bull Clearing Tracks
ldquoThe more the hacker learns about your internal operations means the more likely he will be intrude and exploit So be Securerdquo
Attack Oracle-Database Server
bull Database servers are usually hacked to get the critical informationbull Mistakes made by the web designers can reveal the databases of the
server to the hacker
bull Finding an Oracle database server on network is done using TCP port scanbull Once Oracle Database Server has been discovered First Port of call is
TNS Listener
Top Threats Effect on Database Server
bull Unused Privileges-bull When user are Granted Database access Privileges that exceed requirement
of their job these Privileges can lead to major issue if the user was know what he is doing
bull REVOKE CREATE DATABASE LINK FROM connectbull REVOKE EXECUTE ON utl_tcp FROM publicbull REVOKE EXECUTE ON utl_smtp FROM publicbull REVOKE EXECUTE ON utl_http FROM publicbull REVOKE EXECUTE ON utl_mail FROM publicbull REVOKE EXECUTE ON utl_inaddr FROM publicbull REVOKE EXECUTE ON utl_file FROM publicbull REVOKE EXECUTE ON dbms_java FROm public
Top Threats Effect on Database Server
bull httpsupportoraclecom
bull Review database user privilegesbull Note 10202866 - Script to Create View to Show All User Privs
Note 10502676 - SCRIPT Script to show table privileges for users and rolesNote 10201766 - SCRIPT Script to Generate object privilege GRANTS
bull Revoke privileges from PUBLIC where not necessarybull Note 2470931 - Be Cautious When Revoking Privileges Granted to PUBLIC
Note 2345511 - PUBLIC Is it a User a Role a User Group a Privilege Note 3902251 - Execute Privileges Are Reset For Public After Applying Patchset
bull Weak Authenticationbull Most common Default Password for Database
Username Password
Sys Manager
Sys System
Sys Oracle
System Same as sys
Apps Apps ( EBS User )
scott tiger
Top Threats Effect on Database Server
Oracle Default Password List By Pete Finniganhttpwwwpetefinnigancomdefaultdefault_password_listhtm
Voyager Beta worm
bull On 20-december 2005 an anonymous poster (kwbbwifindnotcom ) posted an variant of the Oracle Voyager Wormbull Read more About this Worm bull httpwwwred-database-securitycomadvisoryoracle_worm_voyagerhtml
bull attacks Oracle servers using default accounts and passwordbull It attempts a TCP connection to TCP Port 1521 Where oracle
connection Service listensbull If Ok Then Tries Series of Username and passwordbull Systemmanager syschange_on_install dbsnmpdbsnmp scotttiger
bull Authenticate Ok It will create table to transfer payload
bull Denial of service (DoS) -bull Common DoS techniques include buffer overflows data corruption network
flooding and resource consumptionbull It is an attack through which a person can render a system unusable or
significantly slow it down for system unusable or significantly slow it down for legitimate users by overloading its resources
bull Attackers maybull Attempt to flood a network thereby preventing legitimate network trafficbull Attempt to disrupt connections between two machines thereby Attempt to disrupt
connections between two machines thereby preventing access to a servicebull Attempt to prevent a particular individual from accessing a servicebull Attempt to disrupt service to a specific system or person
Top Threats Effect on Database Server
bull The Impact-bull Disabled networkbull Disabled organizationbull Financial lossbull Loss of goodwill
bull DoS Attack Classification-bull Smurf - Generates a large amount of ICMP echo (ping)bull Buffer Overflow Attack - The program writes more information into the bufferbull Ping of death - Send IP Packets larger than the 65536 Bytes bull Teardrop - IP Requires that packet that is too large for next Routerbull SYN Attack - Sends bogus TCP SYN requests to a victim server
Top Threats Effect on Database Server
bull Examples DoS Attack Tools -bull Jolt2bull Buboniccbull Land and LaTierrabull Targabull Blast20bull Nemesybull Panther2bull Crazy Pingerbull Some Troublebull UDP Floodbull FSMax
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull SQL Injectionbull type of security exploit in which the attacker injects Structured Query
Language (SQL) code through a web form input box to gain Structured Query Language (SQL) code through a web form input box to gain access to resources or make changes to databull Programmer use sequential commands with user inputs making it easier for
attackers to inject commandsbull Attacker can do SQL Commands through web applicationbull For Example when a user logs onto a web page by using a user name and
password for validation a SQL query is user name and password for validation a SQL query is usedbull What I Need Any Web Browser
bull What Should I look For in SQL Injection bull HTML method
bull POST you cannot see any parameters in browserbull GET
bull Check HTML Source CodeltForm action=searchasp method=postgt ltinput type=hidden name=X value=ZgtltFormgt
bull Examples bull http wwwmywebsitecom indexaspid=10
Top Threats Effect on Database Server
Top Threats Effect on Database Server
If you get this error then the website is vulnerable to an SQL injection attack
Top Threats Effect on Database Server
bull But Wait How Can I Test SQL Injection bull Different Way Different Toolsbull Easy Way to use Single Quote in the input
bull Examples bull bull blahrsquo or 1=1mdashbull Loginblahrsquo or 1=1mdashbull bull Passwordblahrsquo or 1=1mdash
http wwwmywebsitecom indexaspid=10
Will be like thishttp wwwmywebsitecomindexaspid=blahrsquo or 1=1--
bull Another examples for single quote usage in SQL Injection bull lsquo or 1=1mdashbull ldquo or 1=1mdashbull lsquo or lsquoarsquo=lsquoabull ldquo or ldquoardquo=ldquoabull lsquo) or (lsquoarsquo=lsquoa)
bull The hacker breaks into the system by injecting malformed SQL into the query because the executed query is formed by the concatenation of a fixed string and values entered by the userbull string strQry = SELECT Count() FROM Users WHERE UserName= + txtUserText + AND
Password= + txtPasswordText +
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull If the user enter valid username and password the query strQry will be changedLike this SELECT Count() FROM Users WHERE UserName=Paul AND Password=passwordlsquo
bull But The Hacker will not leave weak code Alone and he will enter - Or 1=1 ndash
bull The New Query Will be SELECT Count() FROM Users WHERE UserName= Or 1=1 -- AND Password=
bull 1=1 is always true for every row in the table so assuming there is at least one row in the table this SQL always return nonzero count of records
Top Threats Effect on Database Server
bull Weak Audit Trail
In God I trust For everyone else I keep log files
Performance impacts
Determine what is important to be audited
Top Threats Effect on Database Server
Limited Resource
Which Mechanism Of Audit Trail I should Use
No End-To-End Auditing
Top Threats Effect on Database Server
Application
Top Threats Effect on Database Server
bull Whether database auditing is enabled or disabled Oracle will always audit certain database actions into the OS audit trail There is no way to change this behavior because it is a formal requirement of the security evaluation criteria
Documents Every DBA Should Read
bull NOTE1743401 - Audit SYS User Operations (How to Audit SYSDBA)bull NOTE5532251 - How To Set the AUDIT_SYSLOG_LEVEL Parameter bull NOTE12990331- Master Note For Oracle Database Auditingbull Note 1743401 - Audit SYS User Operationsbull note 11713141 HugeLargeExcessive Number Of Audit Records Are Being Generated In The
Databasebull Note 15097231 - Oracle Database Auditing Performance
Top Threats Effect on Database Server
bull Malwarebull is software designed to infiltrate or damage a computer system without the
owners informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile intrusive or annoying software or program code
Report From Verizon Data-ldquo69 breaches incorporated malwarerdquo
httpwwwwiredcomimages_blogsthreatlevel201203Verizon-Data-Breach-Report-2012pdf
Top Threats Effect on Database Server
bull Malware includes computer viruses worms trojan horses spyware adware most rootkits and other malicious programs In law malware is sometimes known as a computer contaminant in various legal codes
Top Threats Effect on Database Server
Most Common Ports-
Windows netstat ndashan | findstr ltport numbergtLinux netstat ndashan | grep ltport numbergt
Name Protocol Ports
Back Office UDP 31337 Or 31338Deep Throat UDP 2140 and 3150Net Bus TCP 12345 and 12346Whack-a-mole TCP 12361 and 12362Net Bus 2 Pro TCP 20034Girlfriend TCP 21544Master Paradise TCP 3129 40421 40422
40423 and 40426
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
Why Database Security Is Important
bull Database is the most important Data Banking bull Financial Databull ClientCustomer Databull Corporateorganization Data
bull If the database stop working the company will lose moneybull If the database is getting hacked imagine what happened to the
company
bull Ensure the data is confidential and prevent any outsourcing modificationbull Secure database provide an additional benefit which is data
management become more efficient and effectivebull Access to database should be only restricted to authorized people
only unless one thing itrsquos Public Databasebull Secure Database leads to monitor activity and knows
authorized people
Why Database Security Is Important
Laws about Security
bull SOX Sarbanes Oxleybull ldquoprotect investors by improving reliability of corporaterdquo
bull PCI Payment Card industry bull Related to Credit card companies such as Visa Master card
bull GLBA Gramm Leach Bliley Act bull companies that offer consumers financial products or services like loans
bull DATA Data Accountability and Trust Actbull security policies and procedures to protect data containing personal
information
How Database are Hacked
How Database are Hacked
bull As Database Administrator you need to know Threats that can effect on your databasebull Definition of threats context of computer security refers to anything
that has the potential to cause serious harm to a computer system A threat is something that may or may not happen but has the potential to cause serious damage Threats can lead to attacks on computer systems networks and morebull Vulnerability Existence of a weakness design or implementation error
that Existence of a weakness design or implementation error that can lead to an unexpected and undesirable event compromising the security of the system
Elements Of Security
bull Confidentiality bull The concealment of information or resources
bull Authenticitybull The identification and assurance of the origin of information
bull Integritybull The trustworthiness of data or resources in terms of preventing improper and
unauthorized changes
bull Availabilitybull The ability to use the desired information or resource
Triangle of Security
Decide Before Moving The Ball
What The Hacker Do bull Gather Information
bull Active Directly Such as social engineeringbull Passive Google search Social media
bull Scanning bull use some tools for scan vulnerabilities of the system
bull Gaining Accessbull Penetration Phase continue attacking to explore deeper into the target network
bull Maintaining Accessbull Downloading Phase
bull Clearing Tracks
ldquoThe more the hacker learns about your internal operations means the more likely he will be intrude and exploit So be Securerdquo
Attack Oracle-Database Server
bull Database servers are usually hacked to get the critical informationbull Mistakes made by the web designers can reveal the databases of the
server to the hacker
bull Finding an Oracle database server on network is done using TCP port scanbull Once Oracle Database Server has been discovered First Port of call is
TNS Listener
Top Threats Effect on Database Server
bull Unused Privileges-bull When user are Granted Database access Privileges that exceed requirement
of their job these Privileges can lead to major issue if the user was know what he is doing
bull REVOKE CREATE DATABASE LINK FROM connectbull REVOKE EXECUTE ON utl_tcp FROM publicbull REVOKE EXECUTE ON utl_smtp FROM publicbull REVOKE EXECUTE ON utl_http FROM publicbull REVOKE EXECUTE ON utl_mail FROM publicbull REVOKE EXECUTE ON utl_inaddr FROM publicbull REVOKE EXECUTE ON utl_file FROM publicbull REVOKE EXECUTE ON dbms_java FROm public
Top Threats Effect on Database Server
bull httpsupportoraclecom
bull Review database user privilegesbull Note 10202866 - Script to Create View to Show All User Privs
Note 10502676 - SCRIPT Script to show table privileges for users and rolesNote 10201766 - SCRIPT Script to Generate object privilege GRANTS
bull Revoke privileges from PUBLIC where not necessarybull Note 2470931 - Be Cautious When Revoking Privileges Granted to PUBLIC
Note 2345511 - PUBLIC Is it a User a Role a User Group a Privilege Note 3902251 - Execute Privileges Are Reset For Public After Applying Patchset
bull Weak Authenticationbull Most common Default Password for Database
Username Password
Sys Manager
Sys System
Sys Oracle
System Same as sys
Apps Apps ( EBS User )
scott tiger
Top Threats Effect on Database Server
Oracle Default Password List By Pete Finniganhttpwwwpetefinnigancomdefaultdefault_password_listhtm
Voyager Beta worm
bull On 20-december 2005 an anonymous poster (kwbbwifindnotcom ) posted an variant of the Oracle Voyager Wormbull Read more About this Worm bull httpwwwred-database-securitycomadvisoryoracle_worm_voyagerhtml
bull attacks Oracle servers using default accounts and passwordbull It attempts a TCP connection to TCP Port 1521 Where oracle
connection Service listensbull If Ok Then Tries Series of Username and passwordbull Systemmanager syschange_on_install dbsnmpdbsnmp scotttiger
bull Authenticate Ok It will create table to transfer payload
bull Denial of service (DoS) -bull Common DoS techniques include buffer overflows data corruption network
flooding and resource consumptionbull It is an attack through which a person can render a system unusable or
significantly slow it down for system unusable or significantly slow it down for legitimate users by overloading its resources
bull Attackers maybull Attempt to flood a network thereby preventing legitimate network trafficbull Attempt to disrupt connections between two machines thereby Attempt to disrupt
connections between two machines thereby preventing access to a servicebull Attempt to prevent a particular individual from accessing a servicebull Attempt to disrupt service to a specific system or person
Top Threats Effect on Database Server
bull The Impact-bull Disabled networkbull Disabled organizationbull Financial lossbull Loss of goodwill
bull DoS Attack Classification-bull Smurf - Generates a large amount of ICMP echo (ping)bull Buffer Overflow Attack - The program writes more information into the bufferbull Ping of death - Send IP Packets larger than the 65536 Bytes bull Teardrop - IP Requires that packet that is too large for next Routerbull SYN Attack - Sends bogus TCP SYN requests to a victim server
Top Threats Effect on Database Server
bull Examples DoS Attack Tools -bull Jolt2bull Buboniccbull Land and LaTierrabull Targabull Blast20bull Nemesybull Panther2bull Crazy Pingerbull Some Troublebull UDP Floodbull FSMax
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull SQL Injectionbull type of security exploit in which the attacker injects Structured Query
Language (SQL) code through a web form input box to gain Structured Query Language (SQL) code through a web form input box to gain access to resources or make changes to databull Programmer use sequential commands with user inputs making it easier for
attackers to inject commandsbull Attacker can do SQL Commands through web applicationbull For Example when a user logs onto a web page by using a user name and
password for validation a SQL query is user name and password for validation a SQL query is usedbull What I Need Any Web Browser
bull What Should I look For in SQL Injection bull HTML method
bull POST you cannot see any parameters in browserbull GET
bull Check HTML Source CodeltForm action=searchasp method=postgt ltinput type=hidden name=X value=ZgtltFormgt
bull Examples bull http wwwmywebsitecom indexaspid=10
Top Threats Effect on Database Server
Top Threats Effect on Database Server
If you get this error then the website is vulnerable to an SQL injection attack
Top Threats Effect on Database Server
bull But Wait How Can I Test SQL Injection bull Different Way Different Toolsbull Easy Way to use Single Quote in the input
bull Examples bull bull blahrsquo or 1=1mdashbull Loginblahrsquo or 1=1mdashbull bull Passwordblahrsquo or 1=1mdash
http wwwmywebsitecom indexaspid=10
Will be like thishttp wwwmywebsitecomindexaspid=blahrsquo or 1=1--
bull Another examples for single quote usage in SQL Injection bull lsquo or 1=1mdashbull ldquo or 1=1mdashbull lsquo or lsquoarsquo=lsquoabull ldquo or ldquoardquo=ldquoabull lsquo) or (lsquoarsquo=lsquoa)
bull The hacker breaks into the system by injecting malformed SQL into the query because the executed query is formed by the concatenation of a fixed string and values entered by the userbull string strQry = SELECT Count() FROM Users WHERE UserName= + txtUserText + AND
Password= + txtPasswordText +
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull If the user enter valid username and password the query strQry will be changedLike this SELECT Count() FROM Users WHERE UserName=Paul AND Password=passwordlsquo
bull But The Hacker will not leave weak code Alone and he will enter - Or 1=1 ndash
bull The New Query Will be SELECT Count() FROM Users WHERE UserName= Or 1=1 -- AND Password=
bull 1=1 is always true for every row in the table so assuming there is at least one row in the table this SQL always return nonzero count of records
Top Threats Effect on Database Server
bull Weak Audit Trail
In God I trust For everyone else I keep log files
Performance impacts
Determine what is important to be audited
Top Threats Effect on Database Server
Limited Resource
Which Mechanism Of Audit Trail I should Use
No End-To-End Auditing
Top Threats Effect on Database Server
Application
Top Threats Effect on Database Server
bull Whether database auditing is enabled or disabled Oracle will always audit certain database actions into the OS audit trail There is no way to change this behavior because it is a formal requirement of the security evaluation criteria
Documents Every DBA Should Read
bull NOTE1743401 - Audit SYS User Operations (How to Audit SYSDBA)bull NOTE5532251 - How To Set the AUDIT_SYSLOG_LEVEL Parameter bull NOTE12990331- Master Note For Oracle Database Auditingbull Note 1743401 - Audit SYS User Operationsbull note 11713141 HugeLargeExcessive Number Of Audit Records Are Being Generated In The
Databasebull Note 15097231 - Oracle Database Auditing Performance
Top Threats Effect on Database Server
bull Malwarebull is software designed to infiltrate or damage a computer system without the
owners informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile intrusive or annoying software or program code
Report From Verizon Data-ldquo69 breaches incorporated malwarerdquo
httpwwwwiredcomimages_blogsthreatlevel201203Verizon-Data-Breach-Report-2012pdf
Top Threats Effect on Database Server
bull Malware includes computer viruses worms trojan horses spyware adware most rootkits and other malicious programs In law malware is sometimes known as a computer contaminant in various legal codes
Top Threats Effect on Database Server
Most Common Ports-
Windows netstat ndashan | findstr ltport numbergtLinux netstat ndashan | grep ltport numbergt
Name Protocol Ports
Back Office UDP 31337 Or 31338Deep Throat UDP 2140 and 3150Net Bus TCP 12345 and 12346Whack-a-mole TCP 12361 and 12362Net Bus 2 Pro TCP 20034Girlfriend TCP 21544Master Paradise TCP 3129 40421 40422
40423 and 40426
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
bull Ensure the data is confidential and prevent any outsourcing modificationbull Secure database provide an additional benefit which is data
management become more efficient and effectivebull Access to database should be only restricted to authorized people
only unless one thing itrsquos Public Databasebull Secure Database leads to monitor activity and knows
authorized people
Why Database Security Is Important
Laws about Security
bull SOX Sarbanes Oxleybull ldquoprotect investors by improving reliability of corporaterdquo
bull PCI Payment Card industry bull Related to Credit card companies such as Visa Master card
bull GLBA Gramm Leach Bliley Act bull companies that offer consumers financial products or services like loans
bull DATA Data Accountability and Trust Actbull security policies and procedures to protect data containing personal
information
How Database are Hacked
How Database are Hacked
bull As Database Administrator you need to know Threats that can effect on your databasebull Definition of threats context of computer security refers to anything
that has the potential to cause serious harm to a computer system A threat is something that may or may not happen but has the potential to cause serious damage Threats can lead to attacks on computer systems networks and morebull Vulnerability Existence of a weakness design or implementation error
that Existence of a weakness design or implementation error that can lead to an unexpected and undesirable event compromising the security of the system
Elements Of Security
bull Confidentiality bull The concealment of information or resources
bull Authenticitybull The identification and assurance of the origin of information
bull Integritybull The trustworthiness of data or resources in terms of preventing improper and
unauthorized changes
bull Availabilitybull The ability to use the desired information or resource
Triangle of Security
Decide Before Moving The Ball
What The Hacker Do bull Gather Information
bull Active Directly Such as social engineeringbull Passive Google search Social media
bull Scanning bull use some tools for scan vulnerabilities of the system
bull Gaining Accessbull Penetration Phase continue attacking to explore deeper into the target network
bull Maintaining Accessbull Downloading Phase
bull Clearing Tracks
ldquoThe more the hacker learns about your internal operations means the more likely he will be intrude and exploit So be Securerdquo
Attack Oracle-Database Server
bull Database servers are usually hacked to get the critical informationbull Mistakes made by the web designers can reveal the databases of the
server to the hacker
bull Finding an Oracle database server on network is done using TCP port scanbull Once Oracle Database Server has been discovered First Port of call is
TNS Listener
Top Threats Effect on Database Server
bull Unused Privileges-bull When user are Granted Database access Privileges that exceed requirement
of their job these Privileges can lead to major issue if the user was know what he is doing
bull REVOKE CREATE DATABASE LINK FROM connectbull REVOKE EXECUTE ON utl_tcp FROM publicbull REVOKE EXECUTE ON utl_smtp FROM publicbull REVOKE EXECUTE ON utl_http FROM publicbull REVOKE EXECUTE ON utl_mail FROM publicbull REVOKE EXECUTE ON utl_inaddr FROM publicbull REVOKE EXECUTE ON utl_file FROM publicbull REVOKE EXECUTE ON dbms_java FROm public
Top Threats Effect on Database Server
bull httpsupportoraclecom
bull Review database user privilegesbull Note 10202866 - Script to Create View to Show All User Privs
Note 10502676 - SCRIPT Script to show table privileges for users and rolesNote 10201766 - SCRIPT Script to Generate object privilege GRANTS
bull Revoke privileges from PUBLIC where not necessarybull Note 2470931 - Be Cautious When Revoking Privileges Granted to PUBLIC
Note 2345511 - PUBLIC Is it a User a Role a User Group a Privilege Note 3902251 - Execute Privileges Are Reset For Public After Applying Patchset
bull Weak Authenticationbull Most common Default Password for Database
Username Password
Sys Manager
Sys System
Sys Oracle
System Same as sys
Apps Apps ( EBS User )
scott tiger
Top Threats Effect on Database Server
Oracle Default Password List By Pete Finniganhttpwwwpetefinnigancomdefaultdefault_password_listhtm
Voyager Beta worm
bull On 20-december 2005 an anonymous poster (kwbbwifindnotcom ) posted an variant of the Oracle Voyager Wormbull Read more About this Worm bull httpwwwred-database-securitycomadvisoryoracle_worm_voyagerhtml
bull attacks Oracle servers using default accounts and passwordbull It attempts a TCP connection to TCP Port 1521 Where oracle
connection Service listensbull If Ok Then Tries Series of Username and passwordbull Systemmanager syschange_on_install dbsnmpdbsnmp scotttiger
bull Authenticate Ok It will create table to transfer payload
bull Denial of service (DoS) -bull Common DoS techniques include buffer overflows data corruption network
flooding and resource consumptionbull It is an attack through which a person can render a system unusable or
significantly slow it down for system unusable or significantly slow it down for legitimate users by overloading its resources
bull Attackers maybull Attempt to flood a network thereby preventing legitimate network trafficbull Attempt to disrupt connections between two machines thereby Attempt to disrupt
connections between two machines thereby preventing access to a servicebull Attempt to prevent a particular individual from accessing a servicebull Attempt to disrupt service to a specific system or person
Top Threats Effect on Database Server
bull The Impact-bull Disabled networkbull Disabled organizationbull Financial lossbull Loss of goodwill
bull DoS Attack Classification-bull Smurf - Generates a large amount of ICMP echo (ping)bull Buffer Overflow Attack - The program writes more information into the bufferbull Ping of death - Send IP Packets larger than the 65536 Bytes bull Teardrop - IP Requires that packet that is too large for next Routerbull SYN Attack - Sends bogus TCP SYN requests to a victim server
Top Threats Effect on Database Server
bull Examples DoS Attack Tools -bull Jolt2bull Buboniccbull Land and LaTierrabull Targabull Blast20bull Nemesybull Panther2bull Crazy Pingerbull Some Troublebull UDP Floodbull FSMax
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull SQL Injectionbull type of security exploit in which the attacker injects Structured Query
Language (SQL) code through a web form input box to gain Structured Query Language (SQL) code through a web form input box to gain access to resources or make changes to databull Programmer use sequential commands with user inputs making it easier for
attackers to inject commandsbull Attacker can do SQL Commands through web applicationbull For Example when a user logs onto a web page by using a user name and
password for validation a SQL query is user name and password for validation a SQL query is usedbull What I Need Any Web Browser
bull What Should I look For in SQL Injection bull HTML method
bull POST you cannot see any parameters in browserbull GET
bull Check HTML Source CodeltForm action=searchasp method=postgt ltinput type=hidden name=X value=ZgtltFormgt
bull Examples bull http wwwmywebsitecom indexaspid=10
Top Threats Effect on Database Server
Top Threats Effect on Database Server
If you get this error then the website is vulnerable to an SQL injection attack
Top Threats Effect on Database Server
bull But Wait How Can I Test SQL Injection bull Different Way Different Toolsbull Easy Way to use Single Quote in the input
bull Examples bull bull blahrsquo or 1=1mdashbull Loginblahrsquo or 1=1mdashbull bull Passwordblahrsquo or 1=1mdash
http wwwmywebsitecom indexaspid=10
Will be like thishttp wwwmywebsitecomindexaspid=blahrsquo or 1=1--
bull Another examples for single quote usage in SQL Injection bull lsquo or 1=1mdashbull ldquo or 1=1mdashbull lsquo or lsquoarsquo=lsquoabull ldquo or ldquoardquo=ldquoabull lsquo) or (lsquoarsquo=lsquoa)
bull The hacker breaks into the system by injecting malformed SQL into the query because the executed query is formed by the concatenation of a fixed string and values entered by the userbull string strQry = SELECT Count() FROM Users WHERE UserName= + txtUserText + AND
Password= + txtPasswordText +
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull If the user enter valid username and password the query strQry will be changedLike this SELECT Count() FROM Users WHERE UserName=Paul AND Password=passwordlsquo
bull But The Hacker will not leave weak code Alone and he will enter - Or 1=1 ndash
bull The New Query Will be SELECT Count() FROM Users WHERE UserName= Or 1=1 -- AND Password=
bull 1=1 is always true for every row in the table so assuming there is at least one row in the table this SQL always return nonzero count of records
Top Threats Effect on Database Server
bull Weak Audit Trail
In God I trust For everyone else I keep log files
Performance impacts
Determine what is important to be audited
Top Threats Effect on Database Server
Limited Resource
Which Mechanism Of Audit Trail I should Use
No End-To-End Auditing
Top Threats Effect on Database Server
Application
Top Threats Effect on Database Server
bull Whether database auditing is enabled or disabled Oracle will always audit certain database actions into the OS audit trail There is no way to change this behavior because it is a formal requirement of the security evaluation criteria
Documents Every DBA Should Read
bull NOTE1743401 - Audit SYS User Operations (How to Audit SYSDBA)bull NOTE5532251 - How To Set the AUDIT_SYSLOG_LEVEL Parameter bull NOTE12990331- Master Note For Oracle Database Auditingbull Note 1743401 - Audit SYS User Operationsbull note 11713141 HugeLargeExcessive Number Of Audit Records Are Being Generated In The
Databasebull Note 15097231 - Oracle Database Auditing Performance
Top Threats Effect on Database Server
bull Malwarebull is software designed to infiltrate or damage a computer system without the
owners informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile intrusive or annoying software or program code
Report From Verizon Data-ldquo69 breaches incorporated malwarerdquo
httpwwwwiredcomimages_blogsthreatlevel201203Verizon-Data-Breach-Report-2012pdf
Top Threats Effect on Database Server
bull Malware includes computer viruses worms trojan horses spyware adware most rootkits and other malicious programs In law malware is sometimes known as a computer contaminant in various legal codes
Top Threats Effect on Database Server
Most Common Ports-
Windows netstat ndashan | findstr ltport numbergtLinux netstat ndashan | grep ltport numbergt
Name Protocol Ports
Back Office UDP 31337 Or 31338Deep Throat UDP 2140 and 3150Net Bus TCP 12345 and 12346Whack-a-mole TCP 12361 and 12362Net Bus 2 Pro TCP 20034Girlfriend TCP 21544Master Paradise TCP 3129 40421 40422
40423 and 40426
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
Laws about Security
bull SOX Sarbanes Oxleybull ldquoprotect investors by improving reliability of corporaterdquo
bull PCI Payment Card industry bull Related to Credit card companies such as Visa Master card
bull GLBA Gramm Leach Bliley Act bull companies that offer consumers financial products or services like loans
bull DATA Data Accountability and Trust Actbull security policies and procedures to protect data containing personal
information
How Database are Hacked
How Database are Hacked
bull As Database Administrator you need to know Threats that can effect on your databasebull Definition of threats context of computer security refers to anything
that has the potential to cause serious harm to a computer system A threat is something that may or may not happen but has the potential to cause serious damage Threats can lead to attacks on computer systems networks and morebull Vulnerability Existence of a weakness design or implementation error
that Existence of a weakness design or implementation error that can lead to an unexpected and undesirable event compromising the security of the system
Elements Of Security
bull Confidentiality bull The concealment of information or resources
bull Authenticitybull The identification and assurance of the origin of information
bull Integritybull The trustworthiness of data or resources in terms of preventing improper and
unauthorized changes
bull Availabilitybull The ability to use the desired information or resource
Triangle of Security
Decide Before Moving The Ball
What The Hacker Do bull Gather Information
bull Active Directly Such as social engineeringbull Passive Google search Social media
bull Scanning bull use some tools for scan vulnerabilities of the system
bull Gaining Accessbull Penetration Phase continue attacking to explore deeper into the target network
bull Maintaining Accessbull Downloading Phase
bull Clearing Tracks
ldquoThe more the hacker learns about your internal operations means the more likely he will be intrude and exploit So be Securerdquo
Attack Oracle-Database Server
bull Database servers are usually hacked to get the critical informationbull Mistakes made by the web designers can reveal the databases of the
server to the hacker
bull Finding an Oracle database server on network is done using TCP port scanbull Once Oracle Database Server has been discovered First Port of call is
TNS Listener
Top Threats Effect on Database Server
bull Unused Privileges-bull When user are Granted Database access Privileges that exceed requirement
of their job these Privileges can lead to major issue if the user was know what he is doing
bull REVOKE CREATE DATABASE LINK FROM connectbull REVOKE EXECUTE ON utl_tcp FROM publicbull REVOKE EXECUTE ON utl_smtp FROM publicbull REVOKE EXECUTE ON utl_http FROM publicbull REVOKE EXECUTE ON utl_mail FROM publicbull REVOKE EXECUTE ON utl_inaddr FROM publicbull REVOKE EXECUTE ON utl_file FROM publicbull REVOKE EXECUTE ON dbms_java FROm public
Top Threats Effect on Database Server
bull httpsupportoraclecom
bull Review database user privilegesbull Note 10202866 - Script to Create View to Show All User Privs
Note 10502676 - SCRIPT Script to show table privileges for users and rolesNote 10201766 - SCRIPT Script to Generate object privilege GRANTS
bull Revoke privileges from PUBLIC where not necessarybull Note 2470931 - Be Cautious When Revoking Privileges Granted to PUBLIC
Note 2345511 - PUBLIC Is it a User a Role a User Group a Privilege Note 3902251 - Execute Privileges Are Reset For Public After Applying Patchset
bull Weak Authenticationbull Most common Default Password for Database
Username Password
Sys Manager
Sys System
Sys Oracle
System Same as sys
Apps Apps ( EBS User )
scott tiger
Top Threats Effect on Database Server
Oracle Default Password List By Pete Finniganhttpwwwpetefinnigancomdefaultdefault_password_listhtm
Voyager Beta worm
bull On 20-december 2005 an anonymous poster (kwbbwifindnotcom ) posted an variant of the Oracle Voyager Wormbull Read more About this Worm bull httpwwwred-database-securitycomadvisoryoracle_worm_voyagerhtml
bull attacks Oracle servers using default accounts and passwordbull It attempts a TCP connection to TCP Port 1521 Where oracle
connection Service listensbull If Ok Then Tries Series of Username and passwordbull Systemmanager syschange_on_install dbsnmpdbsnmp scotttiger
bull Authenticate Ok It will create table to transfer payload
bull Denial of service (DoS) -bull Common DoS techniques include buffer overflows data corruption network
flooding and resource consumptionbull It is an attack through which a person can render a system unusable or
significantly slow it down for system unusable or significantly slow it down for legitimate users by overloading its resources
bull Attackers maybull Attempt to flood a network thereby preventing legitimate network trafficbull Attempt to disrupt connections between two machines thereby Attempt to disrupt
connections between two machines thereby preventing access to a servicebull Attempt to prevent a particular individual from accessing a servicebull Attempt to disrupt service to a specific system or person
Top Threats Effect on Database Server
bull The Impact-bull Disabled networkbull Disabled organizationbull Financial lossbull Loss of goodwill
bull DoS Attack Classification-bull Smurf - Generates a large amount of ICMP echo (ping)bull Buffer Overflow Attack - The program writes more information into the bufferbull Ping of death - Send IP Packets larger than the 65536 Bytes bull Teardrop - IP Requires that packet that is too large for next Routerbull SYN Attack - Sends bogus TCP SYN requests to a victim server
Top Threats Effect on Database Server
bull Examples DoS Attack Tools -bull Jolt2bull Buboniccbull Land and LaTierrabull Targabull Blast20bull Nemesybull Panther2bull Crazy Pingerbull Some Troublebull UDP Floodbull FSMax
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull SQL Injectionbull type of security exploit in which the attacker injects Structured Query
Language (SQL) code through a web form input box to gain Structured Query Language (SQL) code through a web form input box to gain access to resources or make changes to databull Programmer use sequential commands with user inputs making it easier for
attackers to inject commandsbull Attacker can do SQL Commands through web applicationbull For Example when a user logs onto a web page by using a user name and
password for validation a SQL query is user name and password for validation a SQL query is usedbull What I Need Any Web Browser
bull What Should I look For in SQL Injection bull HTML method
bull POST you cannot see any parameters in browserbull GET
bull Check HTML Source CodeltForm action=searchasp method=postgt ltinput type=hidden name=X value=ZgtltFormgt
bull Examples bull http wwwmywebsitecom indexaspid=10
Top Threats Effect on Database Server
Top Threats Effect on Database Server
If you get this error then the website is vulnerable to an SQL injection attack
Top Threats Effect on Database Server
bull But Wait How Can I Test SQL Injection bull Different Way Different Toolsbull Easy Way to use Single Quote in the input
bull Examples bull bull blahrsquo or 1=1mdashbull Loginblahrsquo or 1=1mdashbull bull Passwordblahrsquo or 1=1mdash
http wwwmywebsitecom indexaspid=10
Will be like thishttp wwwmywebsitecomindexaspid=blahrsquo or 1=1--
bull Another examples for single quote usage in SQL Injection bull lsquo or 1=1mdashbull ldquo or 1=1mdashbull lsquo or lsquoarsquo=lsquoabull ldquo or ldquoardquo=ldquoabull lsquo) or (lsquoarsquo=lsquoa)
bull The hacker breaks into the system by injecting malformed SQL into the query because the executed query is formed by the concatenation of a fixed string and values entered by the userbull string strQry = SELECT Count() FROM Users WHERE UserName= + txtUserText + AND
Password= + txtPasswordText +
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull If the user enter valid username and password the query strQry will be changedLike this SELECT Count() FROM Users WHERE UserName=Paul AND Password=passwordlsquo
bull But The Hacker will not leave weak code Alone and he will enter - Or 1=1 ndash
bull The New Query Will be SELECT Count() FROM Users WHERE UserName= Or 1=1 -- AND Password=
bull 1=1 is always true for every row in the table so assuming there is at least one row in the table this SQL always return nonzero count of records
Top Threats Effect on Database Server
bull Weak Audit Trail
In God I trust For everyone else I keep log files
Performance impacts
Determine what is important to be audited
Top Threats Effect on Database Server
Limited Resource
Which Mechanism Of Audit Trail I should Use
No End-To-End Auditing
Top Threats Effect on Database Server
Application
Top Threats Effect on Database Server
bull Whether database auditing is enabled or disabled Oracle will always audit certain database actions into the OS audit trail There is no way to change this behavior because it is a formal requirement of the security evaluation criteria
Documents Every DBA Should Read
bull NOTE1743401 - Audit SYS User Operations (How to Audit SYSDBA)bull NOTE5532251 - How To Set the AUDIT_SYSLOG_LEVEL Parameter bull NOTE12990331- Master Note For Oracle Database Auditingbull Note 1743401 - Audit SYS User Operationsbull note 11713141 HugeLargeExcessive Number Of Audit Records Are Being Generated In The
Databasebull Note 15097231 - Oracle Database Auditing Performance
Top Threats Effect on Database Server
bull Malwarebull is software designed to infiltrate or damage a computer system without the
owners informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile intrusive or annoying software or program code
Report From Verizon Data-ldquo69 breaches incorporated malwarerdquo
httpwwwwiredcomimages_blogsthreatlevel201203Verizon-Data-Breach-Report-2012pdf
Top Threats Effect on Database Server
bull Malware includes computer viruses worms trojan horses spyware adware most rootkits and other malicious programs In law malware is sometimes known as a computer contaminant in various legal codes
Top Threats Effect on Database Server
Most Common Ports-
Windows netstat ndashan | findstr ltport numbergtLinux netstat ndashan | grep ltport numbergt
Name Protocol Ports
Back Office UDP 31337 Or 31338Deep Throat UDP 2140 and 3150Net Bus TCP 12345 and 12346Whack-a-mole TCP 12361 and 12362Net Bus 2 Pro TCP 20034Girlfriend TCP 21544Master Paradise TCP 3129 40421 40422
40423 and 40426
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
How Database are Hacked
How Database are Hacked
bull As Database Administrator you need to know Threats that can effect on your databasebull Definition of threats context of computer security refers to anything
that has the potential to cause serious harm to a computer system A threat is something that may or may not happen but has the potential to cause serious damage Threats can lead to attacks on computer systems networks and morebull Vulnerability Existence of a weakness design or implementation error
that Existence of a weakness design or implementation error that can lead to an unexpected and undesirable event compromising the security of the system
Elements Of Security
bull Confidentiality bull The concealment of information or resources
bull Authenticitybull The identification and assurance of the origin of information
bull Integritybull The trustworthiness of data or resources in terms of preventing improper and
unauthorized changes
bull Availabilitybull The ability to use the desired information or resource
Triangle of Security
Decide Before Moving The Ball
What The Hacker Do bull Gather Information
bull Active Directly Such as social engineeringbull Passive Google search Social media
bull Scanning bull use some tools for scan vulnerabilities of the system
bull Gaining Accessbull Penetration Phase continue attacking to explore deeper into the target network
bull Maintaining Accessbull Downloading Phase
bull Clearing Tracks
ldquoThe more the hacker learns about your internal operations means the more likely he will be intrude and exploit So be Securerdquo
Attack Oracle-Database Server
bull Database servers are usually hacked to get the critical informationbull Mistakes made by the web designers can reveal the databases of the
server to the hacker
bull Finding an Oracle database server on network is done using TCP port scanbull Once Oracle Database Server has been discovered First Port of call is
TNS Listener
Top Threats Effect on Database Server
bull Unused Privileges-bull When user are Granted Database access Privileges that exceed requirement
of their job these Privileges can lead to major issue if the user was know what he is doing
bull REVOKE CREATE DATABASE LINK FROM connectbull REVOKE EXECUTE ON utl_tcp FROM publicbull REVOKE EXECUTE ON utl_smtp FROM publicbull REVOKE EXECUTE ON utl_http FROM publicbull REVOKE EXECUTE ON utl_mail FROM publicbull REVOKE EXECUTE ON utl_inaddr FROM publicbull REVOKE EXECUTE ON utl_file FROM publicbull REVOKE EXECUTE ON dbms_java FROm public
Top Threats Effect on Database Server
bull httpsupportoraclecom
bull Review database user privilegesbull Note 10202866 - Script to Create View to Show All User Privs
Note 10502676 - SCRIPT Script to show table privileges for users and rolesNote 10201766 - SCRIPT Script to Generate object privilege GRANTS
bull Revoke privileges from PUBLIC where not necessarybull Note 2470931 - Be Cautious When Revoking Privileges Granted to PUBLIC
Note 2345511 - PUBLIC Is it a User a Role a User Group a Privilege Note 3902251 - Execute Privileges Are Reset For Public After Applying Patchset
bull Weak Authenticationbull Most common Default Password for Database
Username Password
Sys Manager
Sys System
Sys Oracle
System Same as sys
Apps Apps ( EBS User )
scott tiger
Top Threats Effect on Database Server
Oracle Default Password List By Pete Finniganhttpwwwpetefinnigancomdefaultdefault_password_listhtm
Voyager Beta worm
bull On 20-december 2005 an anonymous poster (kwbbwifindnotcom ) posted an variant of the Oracle Voyager Wormbull Read more About this Worm bull httpwwwred-database-securitycomadvisoryoracle_worm_voyagerhtml
bull attacks Oracle servers using default accounts and passwordbull It attempts a TCP connection to TCP Port 1521 Where oracle
connection Service listensbull If Ok Then Tries Series of Username and passwordbull Systemmanager syschange_on_install dbsnmpdbsnmp scotttiger
bull Authenticate Ok It will create table to transfer payload
bull Denial of service (DoS) -bull Common DoS techniques include buffer overflows data corruption network
flooding and resource consumptionbull It is an attack through which a person can render a system unusable or
significantly slow it down for system unusable or significantly slow it down for legitimate users by overloading its resources
bull Attackers maybull Attempt to flood a network thereby preventing legitimate network trafficbull Attempt to disrupt connections between two machines thereby Attempt to disrupt
connections between two machines thereby preventing access to a servicebull Attempt to prevent a particular individual from accessing a servicebull Attempt to disrupt service to a specific system or person
Top Threats Effect on Database Server
bull The Impact-bull Disabled networkbull Disabled organizationbull Financial lossbull Loss of goodwill
bull DoS Attack Classification-bull Smurf - Generates a large amount of ICMP echo (ping)bull Buffer Overflow Attack - The program writes more information into the bufferbull Ping of death - Send IP Packets larger than the 65536 Bytes bull Teardrop - IP Requires that packet that is too large for next Routerbull SYN Attack - Sends bogus TCP SYN requests to a victim server
Top Threats Effect on Database Server
bull Examples DoS Attack Tools -bull Jolt2bull Buboniccbull Land and LaTierrabull Targabull Blast20bull Nemesybull Panther2bull Crazy Pingerbull Some Troublebull UDP Floodbull FSMax
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull SQL Injectionbull type of security exploit in which the attacker injects Structured Query
Language (SQL) code through a web form input box to gain Structured Query Language (SQL) code through a web form input box to gain access to resources or make changes to databull Programmer use sequential commands with user inputs making it easier for
attackers to inject commandsbull Attacker can do SQL Commands through web applicationbull For Example when a user logs onto a web page by using a user name and
password for validation a SQL query is user name and password for validation a SQL query is usedbull What I Need Any Web Browser
bull What Should I look For in SQL Injection bull HTML method
bull POST you cannot see any parameters in browserbull GET
bull Check HTML Source CodeltForm action=searchasp method=postgt ltinput type=hidden name=X value=ZgtltFormgt
bull Examples bull http wwwmywebsitecom indexaspid=10
Top Threats Effect on Database Server
Top Threats Effect on Database Server
If you get this error then the website is vulnerable to an SQL injection attack
Top Threats Effect on Database Server
bull But Wait How Can I Test SQL Injection bull Different Way Different Toolsbull Easy Way to use Single Quote in the input
bull Examples bull bull blahrsquo or 1=1mdashbull Loginblahrsquo or 1=1mdashbull bull Passwordblahrsquo or 1=1mdash
http wwwmywebsitecom indexaspid=10
Will be like thishttp wwwmywebsitecomindexaspid=blahrsquo or 1=1--
bull Another examples for single quote usage in SQL Injection bull lsquo or 1=1mdashbull ldquo or 1=1mdashbull lsquo or lsquoarsquo=lsquoabull ldquo or ldquoardquo=ldquoabull lsquo) or (lsquoarsquo=lsquoa)
bull The hacker breaks into the system by injecting malformed SQL into the query because the executed query is formed by the concatenation of a fixed string and values entered by the userbull string strQry = SELECT Count() FROM Users WHERE UserName= + txtUserText + AND
Password= + txtPasswordText +
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull If the user enter valid username and password the query strQry will be changedLike this SELECT Count() FROM Users WHERE UserName=Paul AND Password=passwordlsquo
bull But The Hacker will not leave weak code Alone and he will enter - Or 1=1 ndash
bull The New Query Will be SELECT Count() FROM Users WHERE UserName= Or 1=1 -- AND Password=
bull 1=1 is always true for every row in the table so assuming there is at least one row in the table this SQL always return nonzero count of records
Top Threats Effect on Database Server
bull Weak Audit Trail
In God I trust For everyone else I keep log files
Performance impacts
Determine what is important to be audited
Top Threats Effect on Database Server
Limited Resource
Which Mechanism Of Audit Trail I should Use
No End-To-End Auditing
Top Threats Effect on Database Server
Application
Top Threats Effect on Database Server
bull Whether database auditing is enabled or disabled Oracle will always audit certain database actions into the OS audit trail There is no way to change this behavior because it is a formal requirement of the security evaluation criteria
Documents Every DBA Should Read
bull NOTE1743401 - Audit SYS User Operations (How to Audit SYSDBA)bull NOTE5532251 - How To Set the AUDIT_SYSLOG_LEVEL Parameter bull NOTE12990331- Master Note For Oracle Database Auditingbull Note 1743401 - Audit SYS User Operationsbull note 11713141 HugeLargeExcessive Number Of Audit Records Are Being Generated In The
Databasebull Note 15097231 - Oracle Database Auditing Performance
Top Threats Effect on Database Server
bull Malwarebull is software designed to infiltrate or damage a computer system without the
owners informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile intrusive or annoying software or program code
Report From Verizon Data-ldquo69 breaches incorporated malwarerdquo
httpwwwwiredcomimages_blogsthreatlevel201203Verizon-Data-Breach-Report-2012pdf
Top Threats Effect on Database Server
bull Malware includes computer viruses worms trojan horses spyware adware most rootkits and other malicious programs In law malware is sometimes known as a computer contaminant in various legal codes
Top Threats Effect on Database Server
Most Common Ports-
Windows netstat ndashan | findstr ltport numbergtLinux netstat ndashan | grep ltport numbergt
Name Protocol Ports
Back Office UDP 31337 Or 31338Deep Throat UDP 2140 and 3150Net Bus TCP 12345 and 12346Whack-a-mole TCP 12361 and 12362Net Bus 2 Pro TCP 20034Girlfriend TCP 21544Master Paradise TCP 3129 40421 40422
40423 and 40426
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
How Database are Hacked
bull As Database Administrator you need to know Threats that can effect on your databasebull Definition of threats context of computer security refers to anything
that has the potential to cause serious harm to a computer system A threat is something that may or may not happen but has the potential to cause serious damage Threats can lead to attacks on computer systems networks and morebull Vulnerability Existence of a weakness design or implementation error
that Existence of a weakness design or implementation error that can lead to an unexpected and undesirable event compromising the security of the system
Elements Of Security
bull Confidentiality bull The concealment of information or resources
bull Authenticitybull The identification and assurance of the origin of information
bull Integritybull The trustworthiness of data or resources in terms of preventing improper and
unauthorized changes
bull Availabilitybull The ability to use the desired information or resource
Triangle of Security
Decide Before Moving The Ball
What The Hacker Do bull Gather Information
bull Active Directly Such as social engineeringbull Passive Google search Social media
bull Scanning bull use some tools for scan vulnerabilities of the system
bull Gaining Accessbull Penetration Phase continue attacking to explore deeper into the target network
bull Maintaining Accessbull Downloading Phase
bull Clearing Tracks
ldquoThe more the hacker learns about your internal operations means the more likely he will be intrude and exploit So be Securerdquo
Attack Oracle-Database Server
bull Database servers are usually hacked to get the critical informationbull Mistakes made by the web designers can reveal the databases of the
server to the hacker
bull Finding an Oracle database server on network is done using TCP port scanbull Once Oracle Database Server has been discovered First Port of call is
TNS Listener
Top Threats Effect on Database Server
bull Unused Privileges-bull When user are Granted Database access Privileges that exceed requirement
of their job these Privileges can lead to major issue if the user was know what he is doing
bull REVOKE CREATE DATABASE LINK FROM connectbull REVOKE EXECUTE ON utl_tcp FROM publicbull REVOKE EXECUTE ON utl_smtp FROM publicbull REVOKE EXECUTE ON utl_http FROM publicbull REVOKE EXECUTE ON utl_mail FROM publicbull REVOKE EXECUTE ON utl_inaddr FROM publicbull REVOKE EXECUTE ON utl_file FROM publicbull REVOKE EXECUTE ON dbms_java FROm public
Top Threats Effect on Database Server
bull httpsupportoraclecom
bull Review database user privilegesbull Note 10202866 - Script to Create View to Show All User Privs
Note 10502676 - SCRIPT Script to show table privileges for users and rolesNote 10201766 - SCRIPT Script to Generate object privilege GRANTS
bull Revoke privileges from PUBLIC where not necessarybull Note 2470931 - Be Cautious When Revoking Privileges Granted to PUBLIC
Note 2345511 - PUBLIC Is it a User a Role a User Group a Privilege Note 3902251 - Execute Privileges Are Reset For Public After Applying Patchset
bull Weak Authenticationbull Most common Default Password for Database
Username Password
Sys Manager
Sys System
Sys Oracle
System Same as sys
Apps Apps ( EBS User )
scott tiger
Top Threats Effect on Database Server
Oracle Default Password List By Pete Finniganhttpwwwpetefinnigancomdefaultdefault_password_listhtm
Voyager Beta worm
bull On 20-december 2005 an anonymous poster (kwbbwifindnotcom ) posted an variant of the Oracle Voyager Wormbull Read more About this Worm bull httpwwwred-database-securitycomadvisoryoracle_worm_voyagerhtml
bull attacks Oracle servers using default accounts and passwordbull It attempts a TCP connection to TCP Port 1521 Where oracle
connection Service listensbull If Ok Then Tries Series of Username and passwordbull Systemmanager syschange_on_install dbsnmpdbsnmp scotttiger
bull Authenticate Ok It will create table to transfer payload
bull Denial of service (DoS) -bull Common DoS techniques include buffer overflows data corruption network
flooding and resource consumptionbull It is an attack through which a person can render a system unusable or
significantly slow it down for system unusable or significantly slow it down for legitimate users by overloading its resources
bull Attackers maybull Attempt to flood a network thereby preventing legitimate network trafficbull Attempt to disrupt connections between two machines thereby Attempt to disrupt
connections between two machines thereby preventing access to a servicebull Attempt to prevent a particular individual from accessing a servicebull Attempt to disrupt service to a specific system or person
Top Threats Effect on Database Server
bull The Impact-bull Disabled networkbull Disabled organizationbull Financial lossbull Loss of goodwill
bull DoS Attack Classification-bull Smurf - Generates a large amount of ICMP echo (ping)bull Buffer Overflow Attack - The program writes more information into the bufferbull Ping of death - Send IP Packets larger than the 65536 Bytes bull Teardrop - IP Requires that packet that is too large for next Routerbull SYN Attack - Sends bogus TCP SYN requests to a victim server
Top Threats Effect on Database Server
bull Examples DoS Attack Tools -bull Jolt2bull Buboniccbull Land and LaTierrabull Targabull Blast20bull Nemesybull Panther2bull Crazy Pingerbull Some Troublebull UDP Floodbull FSMax
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull SQL Injectionbull type of security exploit in which the attacker injects Structured Query
Language (SQL) code through a web form input box to gain Structured Query Language (SQL) code through a web form input box to gain access to resources or make changes to databull Programmer use sequential commands with user inputs making it easier for
attackers to inject commandsbull Attacker can do SQL Commands through web applicationbull For Example when a user logs onto a web page by using a user name and
password for validation a SQL query is user name and password for validation a SQL query is usedbull What I Need Any Web Browser
bull What Should I look For in SQL Injection bull HTML method
bull POST you cannot see any parameters in browserbull GET
bull Check HTML Source CodeltForm action=searchasp method=postgt ltinput type=hidden name=X value=ZgtltFormgt
bull Examples bull http wwwmywebsitecom indexaspid=10
Top Threats Effect on Database Server
Top Threats Effect on Database Server
If you get this error then the website is vulnerable to an SQL injection attack
Top Threats Effect on Database Server
bull But Wait How Can I Test SQL Injection bull Different Way Different Toolsbull Easy Way to use Single Quote in the input
bull Examples bull bull blahrsquo or 1=1mdashbull Loginblahrsquo or 1=1mdashbull bull Passwordblahrsquo or 1=1mdash
http wwwmywebsitecom indexaspid=10
Will be like thishttp wwwmywebsitecomindexaspid=blahrsquo or 1=1--
bull Another examples for single quote usage in SQL Injection bull lsquo or 1=1mdashbull ldquo or 1=1mdashbull lsquo or lsquoarsquo=lsquoabull ldquo or ldquoardquo=ldquoabull lsquo) or (lsquoarsquo=lsquoa)
bull The hacker breaks into the system by injecting malformed SQL into the query because the executed query is formed by the concatenation of a fixed string and values entered by the userbull string strQry = SELECT Count() FROM Users WHERE UserName= + txtUserText + AND
Password= + txtPasswordText +
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull If the user enter valid username and password the query strQry will be changedLike this SELECT Count() FROM Users WHERE UserName=Paul AND Password=passwordlsquo
bull But The Hacker will not leave weak code Alone and he will enter - Or 1=1 ndash
bull The New Query Will be SELECT Count() FROM Users WHERE UserName= Or 1=1 -- AND Password=
bull 1=1 is always true for every row in the table so assuming there is at least one row in the table this SQL always return nonzero count of records
Top Threats Effect on Database Server
bull Weak Audit Trail
In God I trust For everyone else I keep log files
Performance impacts
Determine what is important to be audited
Top Threats Effect on Database Server
Limited Resource
Which Mechanism Of Audit Trail I should Use
No End-To-End Auditing
Top Threats Effect on Database Server
Application
Top Threats Effect on Database Server
bull Whether database auditing is enabled or disabled Oracle will always audit certain database actions into the OS audit trail There is no way to change this behavior because it is a formal requirement of the security evaluation criteria
Documents Every DBA Should Read
bull NOTE1743401 - Audit SYS User Operations (How to Audit SYSDBA)bull NOTE5532251 - How To Set the AUDIT_SYSLOG_LEVEL Parameter bull NOTE12990331- Master Note For Oracle Database Auditingbull Note 1743401 - Audit SYS User Operationsbull note 11713141 HugeLargeExcessive Number Of Audit Records Are Being Generated In The
Databasebull Note 15097231 - Oracle Database Auditing Performance
Top Threats Effect on Database Server
bull Malwarebull is software designed to infiltrate or damage a computer system without the
owners informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile intrusive or annoying software or program code
Report From Verizon Data-ldquo69 breaches incorporated malwarerdquo
httpwwwwiredcomimages_blogsthreatlevel201203Verizon-Data-Breach-Report-2012pdf
Top Threats Effect on Database Server
bull Malware includes computer viruses worms trojan horses spyware adware most rootkits and other malicious programs In law malware is sometimes known as a computer contaminant in various legal codes
Top Threats Effect on Database Server
Most Common Ports-
Windows netstat ndashan | findstr ltport numbergtLinux netstat ndashan | grep ltport numbergt
Name Protocol Ports
Back Office UDP 31337 Or 31338Deep Throat UDP 2140 and 3150Net Bus TCP 12345 and 12346Whack-a-mole TCP 12361 and 12362Net Bus 2 Pro TCP 20034Girlfriend TCP 21544Master Paradise TCP 3129 40421 40422
40423 and 40426
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
Elements Of Security
bull Confidentiality bull The concealment of information or resources
bull Authenticitybull The identification and assurance of the origin of information
bull Integritybull The trustworthiness of data or resources in terms of preventing improper and
unauthorized changes
bull Availabilitybull The ability to use the desired information or resource
Triangle of Security
Decide Before Moving The Ball
What The Hacker Do bull Gather Information
bull Active Directly Such as social engineeringbull Passive Google search Social media
bull Scanning bull use some tools for scan vulnerabilities of the system
bull Gaining Accessbull Penetration Phase continue attacking to explore deeper into the target network
bull Maintaining Accessbull Downloading Phase
bull Clearing Tracks
ldquoThe more the hacker learns about your internal operations means the more likely he will be intrude and exploit So be Securerdquo
Attack Oracle-Database Server
bull Database servers are usually hacked to get the critical informationbull Mistakes made by the web designers can reveal the databases of the
server to the hacker
bull Finding an Oracle database server on network is done using TCP port scanbull Once Oracle Database Server has been discovered First Port of call is
TNS Listener
Top Threats Effect on Database Server
bull Unused Privileges-bull When user are Granted Database access Privileges that exceed requirement
of their job these Privileges can lead to major issue if the user was know what he is doing
bull REVOKE CREATE DATABASE LINK FROM connectbull REVOKE EXECUTE ON utl_tcp FROM publicbull REVOKE EXECUTE ON utl_smtp FROM publicbull REVOKE EXECUTE ON utl_http FROM publicbull REVOKE EXECUTE ON utl_mail FROM publicbull REVOKE EXECUTE ON utl_inaddr FROM publicbull REVOKE EXECUTE ON utl_file FROM publicbull REVOKE EXECUTE ON dbms_java FROm public
Top Threats Effect on Database Server
bull httpsupportoraclecom
bull Review database user privilegesbull Note 10202866 - Script to Create View to Show All User Privs
Note 10502676 - SCRIPT Script to show table privileges for users and rolesNote 10201766 - SCRIPT Script to Generate object privilege GRANTS
bull Revoke privileges from PUBLIC where not necessarybull Note 2470931 - Be Cautious When Revoking Privileges Granted to PUBLIC
Note 2345511 - PUBLIC Is it a User a Role a User Group a Privilege Note 3902251 - Execute Privileges Are Reset For Public After Applying Patchset
bull Weak Authenticationbull Most common Default Password for Database
Username Password
Sys Manager
Sys System
Sys Oracle
System Same as sys
Apps Apps ( EBS User )
scott tiger
Top Threats Effect on Database Server
Oracle Default Password List By Pete Finniganhttpwwwpetefinnigancomdefaultdefault_password_listhtm
Voyager Beta worm
bull On 20-december 2005 an anonymous poster (kwbbwifindnotcom ) posted an variant of the Oracle Voyager Wormbull Read more About this Worm bull httpwwwred-database-securitycomadvisoryoracle_worm_voyagerhtml
bull attacks Oracle servers using default accounts and passwordbull It attempts a TCP connection to TCP Port 1521 Where oracle
connection Service listensbull If Ok Then Tries Series of Username and passwordbull Systemmanager syschange_on_install dbsnmpdbsnmp scotttiger
bull Authenticate Ok It will create table to transfer payload
bull Denial of service (DoS) -bull Common DoS techniques include buffer overflows data corruption network
flooding and resource consumptionbull It is an attack through which a person can render a system unusable or
significantly slow it down for system unusable or significantly slow it down for legitimate users by overloading its resources
bull Attackers maybull Attempt to flood a network thereby preventing legitimate network trafficbull Attempt to disrupt connections between two machines thereby Attempt to disrupt
connections between two machines thereby preventing access to a servicebull Attempt to prevent a particular individual from accessing a servicebull Attempt to disrupt service to a specific system or person
Top Threats Effect on Database Server
bull The Impact-bull Disabled networkbull Disabled organizationbull Financial lossbull Loss of goodwill
bull DoS Attack Classification-bull Smurf - Generates a large amount of ICMP echo (ping)bull Buffer Overflow Attack - The program writes more information into the bufferbull Ping of death - Send IP Packets larger than the 65536 Bytes bull Teardrop - IP Requires that packet that is too large for next Routerbull SYN Attack - Sends bogus TCP SYN requests to a victim server
Top Threats Effect on Database Server
bull Examples DoS Attack Tools -bull Jolt2bull Buboniccbull Land and LaTierrabull Targabull Blast20bull Nemesybull Panther2bull Crazy Pingerbull Some Troublebull UDP Floodbull FSMax
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull SQL Injectionbull type of security exploit in which the attacker injects Structured Query
Language (SQL) code through a web form input box to gain Structured Query Language (SQL) code through a web form input box to gain access to resources or make changes to databull Programmer use sequential commands with user inputs making it easier for
attackers to inject commandsbull Attacker can do SQL Commands through web applicationbull For Example when a user logs onto a web page by using a user name and
password for validation a SQL query is user name and password for validation a SQL query is usedbull What I Need Any Web Browser
bull What Should I look For in SQL Injection bull HTML method
bull POST you cannot see any parameters in browserbull GET
bull Check HTML Source CodeltForm action=searchasp method=postgt ltinput type=hidden name=X value=ZgtltFormgt
bull Examples bull http wwwmywebsitecom indexaspid=10
Top Threats Effect on Database Server
Top Threats Effect on Database Server
If you get this error then the website is vulnerable to an SQL injection attack
Top Threats Effect on Database Server
bull But Wait How Can I Test SQL Injection bull Different Way Different Toolsbull Easy Way to use Single Quote in the input
bull Examples bull bull blahrsquo or 1=1mdashbull Loginblahrsquo or 1=1mdashbull bull Passwordblahrsquo or 1=1mdash
http wwwmywebsitecom indexaspid=10
Will be like thishttp wwwmywebsitecomindexaspid=blahrsquo or 1=1--
bull Another examples for single quote usage in SQL Injection bull lsquo or 1=1mdashbull ldquo or 1=1mdashbull lsquo or lsquoarsquo=lsquoabull ldquo or ldquoardquo=ldquoabull lsquo) or (lsquoarsquo=lsquoa)
bull The hacker breaks into the system by injecting malformed SQL into the query because the executed query is formed by the concatenation of a fixed string and values entered by the userbull string strQry = SELECT Count() FROM Users WHERE UserName= + txtUserText + AND
Password= + txtPasswordText +
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull If the user enter valid username and password the query strQry will be changedLike this SELECT Count() FROM Users WHERE UserName=Paul AND Password=passwordlsquo
bull But The Hacker will not leave weak code Alone and he will enter - Or 1=1 ndash
bull The New Query Will be SELECT Count() FROM Users WHERE UserName= Or 1=1 -- AND Password=
bull 1=1 is always true for every row in the table so assuming there is at least one row in the table this SQL always return nonzero count of records
Top Threats Effect on Database Server
bull Weak Audit Trail
In God I trust For everyone else I keep log files
Performance impacts
Determine what is important to be audited
Top Threats Effect on Database Server
Limited Resource
Which Mechanism Of Audit Trail I should Use
No End-To-End Auditing
Top Threats Effect on Database Server
Application
Top Threats Effect on Database Server
bull Whether database auditing is enabled or disabled Oracle will always audit certain database actions into the OS audit trail There is no way to change this behavior because it is a formal requirement of the security evaluation criteria
Documents Every DBA Should Read
bull NOTE1743401 - Audit SYS User Operations (How to Audit SYSDBA)bull NOTE5532251 - How To Set the AUDIT_SYSLOG_LEVEL Parameter bull NOTE12990331- Master Note For Oracle Database Auditingbull Note 1743401 - Audit SYS User Operationsbull note 11713141 HugeLargeExcessive Number Of Audit Records Are Being Generated In The
Databasebull Note 15097231 - Oracle Database Auditing Performance
Top Threats Effect on Database Server
bull Malwarebull is software designed to infiltrate or damage a computer system without the
owners informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile intrusive or annoying software or program code
Report From Verizon Data-ldquo69 breaches incorporated malwarerdquo
httpwwwwiredcomimages_blogsthreatlevel201203Verizon-Data-Breach-Report-2012pdf
Top Threats Effect on Database Server
bull Malware includes computer viruses worms trojan horses spyware adware most rootkits and other malicious programs In law malware is sometimes known as a computer contaminant in various legal codes
Top Threats Effect on Database Server
Most Common Ports-
Windows netstat ndashan | findstr ltport numbergtLinux netstat ndashan | grep ltport numbergt
Name Protocol Ports
Back Office UDP 31337 Or 31338Deep Throat UDP 2140 and 3150Net Bus TCP 12345 and 12346Whack-a-mole TCP 12361 and 12362Net Bus 2 Pro TCP 20034Girlfriend TCP 21544Master Paradise TCP 3129 40421 40422
40423 and 40426
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
Triangle of Security
Decide Before Moving The Ball
What The Hacker Do bull Gather Information
bull Active Directly Such as social engineeringbull Passive Google search Social media
bull Scanning bull use some tools for scan vulnerabilities of the system
bull Gaining Accessbull Penetration Phase continue attacking to explore deeper into the target network
bull Maintaining Accessbull Downloading Phase
bull Clearing Tracks
ldquoThe more the hacker learns about your internal operations means the more likely he will be intrude and exploit So be Securerdquo
Attack Oracle-Database Server
bull Database servers are usually hacked to get the critical informationbull Mistakes made by the web designers can reveal the databases of the
server to the hacker
bull Finding an Oracle database server on network is done using TCP port scanbull Once Oracle Database Server has been discovered First Port of call is
TNS Listener
Top Threats Effect on Database Server
bull Unused Privileges-bull When user are Granted Database access Privileges that exceed requirement
of their job these Privileges can lead to major issue if the user was know what he is doing
bull REVOKE CREATE DATABASE LINK FROM connectbull REVOKE EXECUTE ON utl_tcp FROM publicbull REVOKE EXECUTE ON utl_smtp FROM publicbull REVOKE EXECUTE ON utl_http FROM publicbull REVOKE EXECUTE ON utl_mail FROM publicbull REVOKE EXECUTE ON utl_inaddr FROM publicbull REVOKE EXECUTE ON utl_file FROM publicbull REVOKE EXECUTE ON dbms_java FROm public
Top Threats Effect on Database Server
bull httpsupportoraclecom
bull Review database user privilegesbull Note 10202866 - Script to Create View to Show All User Privs
Note 10502676 - SCRIPT Script to show table privileges for users and rolesNote 10201766 - SCRIPT Script to Generate object privilege GRANTS
bull Revoke privileges from PUBLIC where not necessarybull Note 2470931 - Be Cautious When Revoking Privileges Granted to PUBLIC
Note 2345511 - PUBLIC Is it a User a Role a User Group a Privilege Note 3902251 - Execute Privileges Are Reset For Public After Applying Patchset
bull Weak Authenticationbull Most common Default Password for Database
Username Password
Sys Manager
Sys System
Sys Oracle
System Same as sys
Apps Apps ( EBS User )
scott tiger
Top Threats Effect on Database Server
Oracle Default Password List By Pete Finniganhttpwwwpetefinnigancomdefaultdefault_password_listhtm
Voyager Beta worm
bull On 20-december 2005 an anonymous poster (kwbbwifindnotcom ) posted an variant of the Oracle Voyager Wormbull Read more About this Worm bull httpwwwred-database-securitycomadvisoryoracle_worm_voyagerhtml
bull attacks Oracle servers using default accounts and passwordbull It attempts a TCP connection to TCP Port 1521 Where oracle
connection Service listensbull If Ok Then Tries Series of Username and passwordbull Systemmanager syschange_on_install dbsnmpdbsnmp scotttiger
bull Authenticate Ok It will create table to transfer payload
bull Denial of service (DoS) -bull Common DoS techniques include buffer overflows data corruption network
flooding and resource consumptionbull It is an attack through which a person can render a system unusable or
significantly slow it down for system unusable or significantly slow it down for legitimate users by overloading its resources
bull Attackers maybull Attempt to flood a network thereby preventing legitimate network trafficbull Attempt to disrupt connections between two machines thereby Attempt to disrupt
connections between two machines thereby preventing access to a servicebull Attempt to prevent a particular individual from accessing a servicebull Attempt to disrupt service to a specific system or person
Top Threats Effect on Database Server
bull The Impact-bull Disabled networkbull Disabled organizationbull Financial lossbull Loss of goodwill
bull DoS Attack Classification-bull Smurf - Generates a large amount of ICMP echo (ping)bull Buffer Overflow Attack - The program writes more information into the bufferbull Ping of death - Send IP Packets larger than the 65536 Bytes bull Teardrop - IP Requires that packet that is too large for next Routerbull SYN Attack - Sends bogus TCP SYN requests to a victim server
Top Threats Effect on Database Server
bull Examples DoS Attack Tools -bull Jolt2bull Buboniccbull Land and LaTierrabull Targabull Blast20bull Nemesybull Panther2bull Crazy Pingerbull Some Troublebull UDP Floodbull FSMax
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull SQL Injectionbull type of security exploit in which the attacker injects Structured Query
Language (SQL) code through a web form input box to gain Structured Query Language (SQL) code through a web form input box to gain access to resources or make changes to databull Programmer use sequential commands with user inputs making it easier for
attackers to inject commandsbull Attacker can do SQL Commands through web applicationbull For Example when a user logs onto a web page by using a user name and
password for validation a SQL query is user name and password for validation a SQL query is usedbull What I Need Any Web Browser
bull What Should I look For in SQL Injection bull HTML method
bull POST you cannot see any parameters in browserbull GET
bull Check HTML Source CodeltForm action=searchasp method=postgt ltinput type=hidden name=X value=ZgtltFormgt
bull Examples bull http wwwmywebsitecom indexaspid=10
Top Threats Effect on Database Server
Top Threats Effect on Database Server
If you get this error then the website is vulnerable to an SQL injection attack
Top Threats Effect on Database Server
bull But Wait How Can I Test SQL Injection bull Different Way Different Toolsbull Easy Way to use Single Quote in the input
bull Examples bull bull blahrsquo or 1=1mdashbull Loginblahrsquo or 1=1mdashbull bull Passwordblahrsquo or 1=1mdash
http wwwmywebsitecom indexaspid=10
Will be like thishttp wwwmywebsitecomindexaspid=blahrsquo or 1=1--
bull Another examples for single quote usage in SQL Injection bull lsquo or 1=1mdashbull ldquo or 1=1mdashbull lsquo or lsquoarsquo=lsquoabull ldquo or ldquoardquo=ldquoabull lsquo) or (lsquoarsquo=lsquoa)
bull The hacker breaks into the system by injecting malformed SQL into the query because the executed query is formed by the concatenation of a fixed string and values entered by the userbull string strQry = SELECT Count() FROM Users WHERE UserName= + txtUserText + AND
Password= + txtPasswordText +
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull If the user enter valid username and password the query strQry will be changedLike this SELECT Count() FROM Users WHERE UserName=Paul AND Password=passwordlsquo
bull But The Hacker will not leave weak code Alone and he will enter - Or 1=1 ndash
bull The New Query Will be SELECT Count() FROM Users WHERE UserName= Or 1=1 -- AND Password=
bull 1=1 is always true for every row in the table so assuming there is at least one row in the table this SQL always return nonzero count of records
Top Threats Effect on Database Server
bull Weak Audit Trail
In God I trust For everyone else I keep log files
Performance impacts
Determine what is important to be audited
Top Threats Effect on Database Server
Limited Resource
Which Mechanism Of Audit Trail I should Use
No End-To-End Auditing
Top Threats Effect on Database Server
Application
Top Threats Effect on Database Server
bull Whether database auditing is enabled or disabled Oracle will always audit certain database actions into the OS audit trail There is no way to change this behavior because it is a formal requirement of the security evaluation criteria
Documents Every DBA Should Read
bull NOTE1743401 - Audit SYS User Operations (How to Audit SYSDBA)bull NOTE5532251 - How To Set the AUDIT_SYSLOG_LEVEL Parameter bull NOTE12990331- Master Note For Oracle Database Auditingbull Note 1743401 - Audit SYS User Operationsbull note 11713141 HugeLargeExcessive Number Of Audit Records Are Being Generated In The
Databasebull Note 15097231 - Oracle Database Auditing Performance
Top Threats Effect on Database Server
bull Malwarebull is software designed to infiltrate or damage a computer system without the
owners informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile intrusive or annoying software or program code
Report From Verizon Data-ldquo69 breaches incorporated malwarerdquo
httpwwwwiredcomimages_blogsthreatlevel201203Verizon-Data-Breach-Report-2012pdf
Top Threats Effect on Database Server
bull Malware includes computer viruses worms trojan horses spyware adware most rootkits and other malicious programs In law malware is sometimes known as a computer contaminant in various legal codes
Top Threats Effect on Database Server
Most Common Ports-
Windows netstat ndashan | findstr ltport numbergtLinux netstat ndashan | grep ltport numbergt
Name Protocol Ports
Back Office UDP 31337 Or 31338Deep Throat UDP 2140 and 3150Net Bus TCP 12345 and 12346Whack-a-mole TCP 12361 and 12362Net Bus 2 Pro TCP 20034Girlfriend TCP 21544Master Paradise TCP 3129 40421 40422
40423 and 40426
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
What The Hacker Do bull Gather Information
bull Active Directly Such as social engineeringbull Passive Google search Social media
bull Scanning bull use some tools for scan vulnerabilities of the system
bull Gaining Accessbull Penetration Phase continue attacking to explore deeper into the target network
bull Maintaining Accessbull Downloading Phase
bull Clearing Tracks
ldquoThe more the hacker learns about your internal operations means the more likely he will be intrude and exploit So be Securerdquo
Attack Oracle-Database Server
bull Database servers are usually hacked to get the critical informationbull Mistakes made by the web designers can reveal the databases of the
server to the hacker
bull Finding an Oracle database server on network is done using TCP port scanbull Once Oracle Database Server has been discovered First Port of call is
TNS Listener
Top Threats Effect on Database Server
bull Unused Privileges-bull When user are Granted Database access Privileges that exceed requirement
of their job these Privileges can lead to major issue if the user was know what he is doing
bull REVOKE CREATE DATABASE LINK FROM connectbull REVOKE EXECUTE ON utl_tcp FROM publicbull REVOKE EXECUTE ON utl_smtp FROM publicbull REVOKE EXECUTE ON utl_http FROM publicbull REVOKE EXECUTE ON utl_mail FROM publicbull REVOKE EXECUTE ON utl_inaddr FROM publicbull REVOKE EXECUTE ON utl_file FROM publicbull REVOKE EXECUTE ON dbms_java FROm public
Top Threats Effect on Database Server
bull httpsupportoraclecom
bull Review database user privilegesbull Note 10202866 - Script to Create View to Show All User Privs
Note 10502676 - SCRIPT Script to show table privileges for users and rolesNote 10201766 - SCRIPT Script to Generate object privilege GRANTS
bull Revoke privileges from PUBLIC where not necessarybull Note 2470931 - Be Cautious When Revoking Privileges Granted to PUBLIC
Note 2345511 - PUBLIC Is it a User a Role a User Group a Privilege Note 3902251 - Execute Privileges Are Reset For Public After Applying Patchset
bull Weak Authenticationbull Most common Default Password for Database
Username Password
Sys Manager
Sys System
Sys Oracle
System Same as sys
Apps Apps ( EBS User )
scott tiger
Top Threats Effect on Database Server
Oracle Default Password List By Pete Finniganhttpwwwpetefinnigancomdefaultdefault_password_listhtm
Voyager Beta worm
bull On 20-december 2005 an anonymous poster (kwbbwifindnotcom ) posted an variant of the Oracle Voyager Wormbull Read more About this Worm bull httpwwwred-database-securitycomadvisoryoracle_worm_voyagerhtml
bull attacks Oracle servers using default accounts and passwordbull It attempts a TCP connection to TCP Port 1521 Where oracle
connection Service listensbull If Ok Then Tries Series of Username and passwordbull Systemmanager syschange_on_install dbsnmpdbsnmp scotttiger
bull Authenticate Ok It will create table to transfer payload
bull Denial of service (DoS) -bull Common DoS techniques include buffer overflows data corruption network
flooding and resource consumptionbull It is an attack through which a person can render a system unusable or
significantly slow it down for system unusable or significantly slow it down for legitimate users by overloading its resources
bull Attackers maybull Attempt to flood a network thereby preventing legitimate network trafficbull Attempt to disrupt connections between two machines thereby Attempt to disrupt
connections between two machines thereby preventing access to a servicebull Attempt to prevent a particular individual from accessing a servicebull Attempt to disrupt service to a specific system or person
Top Threats Effect on Database Server
bull The Impact-bull Disabled networkbull Disabled organizationbull Financial lossbull Loss of goodwill
bull DoS Attack Classification-bull Smurf - Generates a large amount of ICMP echo (ping)bull Buffer Overflow Attack - The program writes more information into the bufferbull Ping of death - Send IP Packets larger than the 65536 Bytes bull Teardrop - IP Requires that packet that is too large for next Routerbull SYN Attack - Sends bogus TCP SYN requests to a victim server
Top Threats Effect on Database Server
bull Examples DoS Attack Tools -bull Jolt2bull Buboniccbull Land and LaTierrabull Targabull Blast20bull Nemesybull Panther2bull Crazy Pingerbull Some Troublebull UDP Floodbull FSMax
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull SQL Injectionbull type of security exploit in which the attacker injects Structured Query
Language (SQL) code through a web form input box to gain Structured Query Language (SQL) code through a web form input box to gain access to resources or make changes to databull Programmer use sequential commands with user inputs making it easier for
attackers to inject commandsbull Attacker can do SQL Commands through web applicationbull For Example when a user logs onto a web page by using a user name and
password for validation a SQL query is user name and password for validation a SQL query is usedbull What I Need Any Web Browser
bull What Should I look For in SQL Injection bull HTML method
bull POST you cannot see any parameters in browserbull GET
bull Check HTML Source CodeltForm action=searchasp method=postgt ltinput type=hidden name=X value=ZgtltFormgt
bull Examples bull http wwwmywebsitecom indexaspid=10
Top Threats Effect on Database Server
Top Threats Effect on Database Server
If you get this error then the website is vulnerable to an SQL injection attack
Top Threats Effect on Database Server
bull But Wait How Can I Test SQL Injection bull Different Way Different Toolsbull Easy Way to use Single Quote in the input
bull Examples bull bull blahrsquo or 1=1mdashbull Loginblahrsquo or 1=1mdashbull bull Passwordblahrsquo or 1=1mdash
http wwwmywebsitecom indexaspid=10
Will be like thishttp wwwmywebsitecomindexaspid=blahrsquo or 1=1--
bull Another examples for single quote usage in SQL Injection bull lsquo or 1=1mdashbull ldquo or 1=1mdashbull lsquo or lsquoarsquo=lsquoabull ldquo or ldquoardquo=ldquoabull lsquo) or (lsquoarsquo=lsquoa)
bull The hacker breaks into the system by injecting malformed SQL into the query because the executed query is formed by the concatenation of a fixed string and values entered by the userbull string strQry = SELECT Count() FROM Users WHERE UserName= + txtUserText + AND
Password= + txtPasswordText +
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull If the user enter valid username and password the query strQry will be changedLike this SELECT Count() FROM Users WHERE UserName=Paul AND Password=passwordlsquo
bull But The Hacker will not leave weak code Alone and he will enter - Or 1=1 ndash
bull The New Query Will be SELECT Count() FROM Users WHERE UserName= Or 1=1 -- AND Password=
bull 1=1 is always true for every row in the table so assuming there is at least one row in the table this SQL always return nonzero count of records
Top Threats Effect on Database Server
bull Weak Audit Trail
In God I trust For everyone else I keep log files
Performance impacts
Determine what is important to be audited
Top Threats Effect on Database Server
Limited Resource
Which Mechanism Of Audit Trail I should Use
No End-To-End Auditing
Top Threats Effect on Database Server
Application
Top Threats Effect on Database Server
bull Whether database auditing is enabled or disabled Oracle will always audit certain database actions into the OS audit trail There is no way to change this behavior because it is a formal requirement of the security evaluation criteria
Documents Every DBA Should Read
bull NOTE1743401 - Audit SYS User Operations (How to Audit SYSDBA)bull NOTE5532251 - How To Set the AUDIT_SYSLOG_LEVEL Parameter bull NOTE12990331- Master Note For Oracle Database Auditingbull Note 1743401 - Audit SYS User Operationsbull note 11713141 HugeLargeExcessive Number Of Audit Records Are Being Generated In The
Databasebull Note 15097231 - Oracle Database Auditing Performance
Top Threats Effect on Database Server
bull Malwarebull is software designed to infiltrate or damage a computer system without the
owners informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile intrusive or annoying software or program code
Report From Verizon Data-ldquo69 breaches incorporated malwarerdquo
httpwwwwiredcomimages_blogsthreatlevel201203Verizon-Data-Breach-Report-2012pdf
Top Threats Effect on Database Server
bull Malware includes computer viruses worms trojan horses spyware adware most rootkits and other malicious programs In law malware is sometimes known as a computer contaminant in various legal codes
Top Threats Effect on Database Server
Most Common Ports-
Windows netstat ndashan | findstr ltport numbergtLinux netstat ndashan | grep ltport numbergt
Name Protocol Ports
Back Office UDP 31337 Or 31338Deep Throat UDP 2140 and 3150Net Bus TCP 12345 and 12346Whack-a-mole TCP 12361 and 12362Net Bus 2 Pro TCP 20034Girlfriend TCP 21544Master Paradise TCP 3129 40421 40422
40423 and 40426
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
Attack Oracle-Database Server
bull Database servers are usually hacked to get the critical informationbull Mistakes made by the web designers can reveal the databases of the
server to the hacker
bull Finding an Oracle database server on network is done using TCP port scanbull Once Oracle Database Server has been discovered First Port of call is
TNS Listener
Top Threats Effect on Database Server
bull Unused Privileges-bull When user are Granted Database access Privileges that exceed requirement
of their job these Privileges can lead to major issue if the user was know what he is doing
bull REVOKE CREATE DATABASE LINK FROM connectbull REVOKE EXECUTE ON utl_tcp FROM publicbull REVOKE EXECUTE ON utl_smtp FROM publicbull REVOKE EXECUTE ON utl_http FROM publicbull REVOKE EXECUTE ON utl_mail FROM publicbull REVOKE EXECUTE ON utl_inaddr FROM publicbull REVOKE EXECUTE ON utl_file FROM publicbull REVOKE EXECUTE ON dbms_java FROm public
Top Threats Effect on Database Server
bull httpsupportoraclecom
bull Review database user privilegesbull Note 10202866 - Script to Create View to Show All User Privs
Note 10502676 - SCRIPT Script to show table privileges for users and rolesNote 10201766 - SCRIPT Script to Generate object privilege GRANTS
bull Revoke privileges from PUBLIC where not necessarybull Note 2470931 - Be Cautious When Revoking Privileges Granted to PUBLIC
Note 2345511 - PUBLIC Is it a User a Role a User Group a Privilege Note 3902251 - Execute Privileges Are Reset For Public After Applying Patchset
bull Weak Authenticationbull Most common Default Password for Database
Username Password
Sys Manager
Sys System
Sys Oracle
System Same as sys
Apps Apps ( EBS User )
scott tiger
Top Threats Effect on Database Server
Oracle Default Password List By Pete Finniganhttpwwwpetefinnigancomdefaultdefault_password_listhtm
Voyager Beta worm
bull On 20-december 2005 an anonymous poster (kwbbwifindnotcom ) posted an variant of the Oracle Voyager Wormbull Read more About this Worm bull httpwwwred-database-securitycomadvisoryoracle_worm_voyagerhtml
bull attacks Oracle servers using default accounts and passwordbull It attempts a TCP connection to TCP Port 1521 Where oracle
connection Service listensbull If Ok Then Tries Series of Username and passwordbull Systemmanager syschange_on_install dbsnmpdbsnmp scotttiger
bull Authenticate Ok It will create table to transfer payload
bull Denial of service (DoS) -bull Common DoS techniques include buffer overflows data corruption network
flooding and resource consumptionbull It is an attack through which a person can render a system unusable or
significantly slow it down for system unusable or significantly slow it down for legitimate users by overloading its resources
bull Attackers maybull Attempt to flood a network thereby preventing legitimate network trafficbull Attempt to disrupt connections between two machines thereby Attempt to disrupt
connections between two machines thereby preventing access to a servicebull Attempt to prevent a particular individual from accessing a servicebull Attempt to disrupt service to a specific system or person
Top Threats Effect on Database Server
bull The Impact-bull Disabled networkbull Disabled organizationbull Financial lossbull Loss of goodwill
bull DoS Attack Classification-bull Smurf - Generates a large amount of ICMP echo (ping)bull Buffer Overflow Attack - The program writes more information into the bufferbull Ping of death - Send IP Packets larger than the 65536 Bytes bull Teardrop - IP Requires that packet that is too large for next Routerbull SYN Attack - Sends bogus TCP SYN requests to a victim server
Top Threats Effect on Database Server
bull Examples DoS Attack Tools -bull Jolt2bull Buboniccbull Land and LaTierrabull Targabull Blast20bull Nemesybull Panther2bull Crazy Pingerbull Some Troublebull UDP Floodbull FSMax
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull SQL Injectionbull type of security exploit in which the attacker injects Structured Query
Language (SQL) code through a web form input box to gain Structured Query Language (SQL) code through a web form input box to gain access to resources or make changes to databull Programmer use sequential commands with user inputs making it easier for
attackers to inject commandsbull Attacker can do SQL Commands through web applicationbull For Example when a user logs onto a web page by using a user name and
password for validation a SQL query is user name and password for validation a SQL query is usedbull What I Need Any Web Browser
bull What Should I look For in SQL Injection bull HTML method
bull POST you cannot see any parameters in browserbull GET
bull Check HTML Source CodeltForm action=searchasp method=postgt ltinput type=hidden name=X value=ZgtltFormgt
bull Examples bull http wwwmywebsitecom indexaspid=10
Top Threats Effect on Database Server
Top Threats Effect on Database Server
If you get this error then the website is vulnerable to an SQL injection attack
Top Threats Effect on Database Server
bull But Wait How Can I Test SQL Injection bull Different Way Different Toolsbull Easy Way to use Single Quote in the input
bull Examples bull bull blahrsquo or 1=1mdashbull Loginblahrsquo or 1=1mdashbull bull Passwordblahrsquo or 1=1mdash
http wwwmywebsitecom indexaspid=10
Will be like thishttp wwwmywebsitecomindexaspid=blahrsquo or 1=1--
bull Another examples for single quote usage in SQL Injection bull lsquo or 1=1mdashbull ldquo or 1=1mdashbull lsquo or lsquoarsquo=lsquoabull ldquo or ldquoardquo=ldquoabull lsquo) or (lsquoarsquo=lsquoa)
bull The hacker breaks into the system by injecting malformed SQL into the query because the executed query is formed by the concatenation of a fixed string and values entered by the userbull string strQry = SELECT Count() FROM Users WHERE UserName= + txtUserText + AND
Password= + txtPasswordText +
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull If the user enter valid username and password the query strQry will be changedLike this SELECT Count() FROM Users WHERE UserName=Paul AND Password=passwordlsquo
bull But The Hacker will not leave weak code Alone and he will enter - Or 1=1 ndash
bull The New Query Will be SELECT Count() FROM Users WHERE UserName= Or 1=1 -- AND Password=
bull 1=1 is always true for every row in the table so assuming there is at least one row in the table this SQL always return nonzero count of records
Top Threats Effect on Database Server
bull Weak Audit Trail
In God I trust For everyone else I keep log files
Performance impacts
Determine what is important to be audited
Top Threats Effect on Database Server
Limited Resource
Which Mechanism Of Audit Trail I should Use
No End-To-End Auditing
Top Threats Effect on Database Server
Application
Top Threats Effect on Database Server
bull Whether database auditing is enabled or disabled Oracle will always audit certain database actions into the OS audit trail There is no way to change this behavior because it is a formal requirement of the security evaluation criteria
Documents Every DBA Should Read
bull NOTE1743401 - Audit SYS User Operations (How to Audit SYSDBA)bull NOTE5532251 - How To Set the AUDIT_SYSLOG_LEVEL Parameter bull NOTE12990331- Master Note For Oracle Database Auditingbull Note 1743401 - Audit SYS User Operationsbull note 11713141 HugeLargeExcessive Number Of Audit Records Are Being Generated In The
Databasebull Note 15097231 - Oracle Database Auditing Performance
Top Threats Effect on Database Server
bull Malwarebull is software designed to infiltrate or damage a computer system without the
owners informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile intrusive or annoying software or program code
Report From Verizon Data-ldquo69 breaches incorporated malwarerdquo
httpwwwwiredcomimages_blogsthreatlevel201203Verizon-Data-Breach-Report-2012pdf
Top Threats Effect on Database Server
bull Malware includes computer viruses worms trojan horses spyware adware most rootkits and other malicious programs In law malware is sometimes known as a computer contaminant in various legal codes
Top Threats Effect on Database Server
Most Common Ports-
Windows netstat ndashan | findstr ltport numbergtLinux netstat ndashan | grep ltport numbergt
Name Protocol Ports
Back Office UDP 31337 Or 31338Deep Throat UDP 2140 and 3150Net Bus TCP 12345 and 12346Whack-a-mole TCP 12361 and 12362Net Bus 2 Pro TCP 20034Girlfriend TCP 21544Master Paradise TCP 3129 40421 40422
40423 and 40426
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
Top Threats Effect on Database Server
bull Unused Privileges-bull When user are Granted Database access Privileges that exceed requirement
of their job these Privileges can lead to major issue if the user was know what he is doing
bull REVOKE CREATE DATABASE LINK FROM connectbull REVOKE EXECUTE ON utl_tcp FROM publicbull REVOKE EXECUTE ON utl_smtp FROM publicbull REVOKE EXECUTE ON utl_http FROM publicbull REVOKE EXECUTE ON utl_mail FROM publicbull REVOKE EXECUTE ON utl_inaddr FROM publicbull REVOKE EXECUTE ON utl_file FROM publicbull REVOKE EXECUTE ON dbms_java FROm public
Top Threats Effect on Database Server
bull httpsupportoraclecom
bull Review database user privilegesbull Note 10202866 - Script to Create View to Show All User Privs
Note 10502676 - SCRIPT Script to show table privileges for users and rolesNote 10201766 - SCRIPT Script to Generate object privilege GRANTS
bull Revoke privileges from PUBLIC where not necessarybull Note 2470931 - Be Cautious When Revoking Privileges Granted to PUBLIC
Note 2345511 - PUBLIC Is it a User a Role a User Group a Privilege Note 3902251 - Execute Privileges Are Reset For Public After Applying Patchset
bull Weak Authenticationbull Most common Default Password for Database
Username Password
Sys Manager
Sys System
Sys Oracle
System Same as sys
Apps Apps ( EBS User )
scott tiger
Top Threats Effect on Database Server
Oracle Default Password List By Pete Finniganhttpwwwpetefinnigancomdefaultdefault_password_listhtm
Voyager Beta worm
bull On 20-december 2005 an anonymous poster (kwbbwifindnotcom ) posted an variant of the Oracle Voyager Wormbull Read more About this Worm bull httpwwwred-database-securitycomadvisoryoracle_worm_voyagerhtml
bull attacks Oracle servers using default accounts and passwordbull It attempts a TCP connection to TCP Port 1521 Where oracle
connection Service listensbull If Ok Then Tries Series of Username and passwordbull Systemmanager syschange_on_install dbsnmpdbsnmp scotttiger
bull Authenticate Ok It will create table to transfer payload
bull Denial of service (DoS) -bull Common DoS techniques include buffer overflows data corruption network
flooding and resource consumptionbull It is an attack through which a person can render a system unusable or
significantly slow it down for system unusable or significantly slow it down for legitimate users by overloading its resources
bull Attackers maybull Attempt to flood a network thereby preventing legitimate network trafficbull Attempt to disrupt connections between two machines thereby Attempt to disrupt
connections between two machines thereby preventing access to a servicebull Attempt to prevent a particular individual from accessing a servicebull Attempt to disrupt service to a specific system or person
Top Threats Effect on Database Server
bull The Impact-bull Disabled networkbull Disabled organizationbull Financial lossbull Loss of goodwill
bull DoS Attack Classification-bull Smurf - Generates a large amount of ICMP echo (ping)bull Buffer Overflow Attack - The program writes more information into the bufferbull Ping of death - Send IP Packets larger than the 65536 Bytes bull Teardrop - IP Requires that packet that is too large for next Routerbull SYN Attack - Sends bogus TCP SYN requests to a victim server
Top Threats Effect on Database Server
bull Examples DoS Attack Tools -bull Jolt2bull Buboniccbull Land and LaTierrabull Targabull Blast20bull Nemesybull Panther2bull Crazy Pingerbull Some Troublebull UDP Floodbull FSMax
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull SQL Injectionbull type of security exploit in which the attacker injects Structured Query
Language (SQL) code through a web form input box to gain Structured Query Language (SQL) code through a web form input box to gain access to resources or make changes to databull Programmer use sequential commands with user inputs making it easier for
attackers to inject commandsbull Attacker can do SQL Commands through web applicationbull For Example when a user logs onto a web page by using a user name and
password for validation a SQL query is user name and password for validation a SQL query is usedbull What I Need Any Web Browser
bull What Should I look For in SQL Injection bull HTML method
bull POST you cannot see any parameters in browserbull GET
bull Check HTML Source CodeltForm action=searchasp method=postgt ltinput type=hidden name=X value=ZgtltFormgt
bull Examples bull http wwwmywebsitecom indexaspid=10
Top Threats Effect on Database Server
Top Threats Effect on Database Server
If you get this error then the website is vulnerable to an SQL injection attack
Top Threats Effect on Database Server
bull But Wait How Can I Test SQL Injection bull Different Way Different Toolsbull Easy Way to use Single Quote in the input
bull Examples bull bull blahrsquo or 1=1mdashbull Loginblahrsquo or 1=1mdashbull bull Passwordblahrsquo or 1=1mdash
http wwwmywebsitecom indexaspid=10
Will be like thishttp wwwmywebsitecomindexaspid=blahrsquo or 1=1--
bull Another examples for single quote usage in SQL Injection bull lsquo or 1=1mdashbull ldquo or 1=1mdashbull lsquo or lsquoarsquo=lsquoabull ldquo or ldquoardquo=ldquoabull lsquo) or (lsquoarsquo=lsquoa)
bull The hacker breaks into the system by injecting malformed SQL into the query because the executed query is formed by the concatenation of a fixed string and values entered by the userbull string strQry = SELECT Count() FROM Users WHERE UserName= + txtUserText + AND
Password= + txtPasswordText +
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull If the user enter valid username and password the query strQry will be changedLike this SELECT Count() FROM Users WHERE UserName=Paul AND Password=passwordlsquo
bull But The Hacker will not leave weak code Alone and he will enter - Or 1=1 ndash
bull The New Query Will be SELECT Count() FROM Users WHERE UserName= Or 1=1 -- AND Password=
bull 1=1 is always true for every row in the table so assuming there is at least one row in the table this SQL always return nonzero count of records
Top Threats Effect on Database Server
bull Weak Audit Trail
In God I trust For everyone else I keep log files
Performance impacts
Determine what is important to be audited
Top Threats Effect on Database Server
Limited Resource
Which Mechanism Of Audit Trail I should Use
No End-To-End Auditing
Top Threats Effect on Database Server
Application
Top Threats Effect on Database Server
bull Whether database auditing is enabled or disabled Oracle will always audit certain database actions into the OS audit trail There is no way to change this behavior because it is a formal requirement of the security evaluation criteria
Documents Every DBA Should Read
bull NOTE1743401 - Audit SYS User Operations (How to Audit SYSDBA)bull NOTE5532251 - How To Set the AUDIT_SYSLOG_LEVEL Parameter bull NOTE12990331- Master Note For Oracle Database Auditingbull Note 1743401 - Audit SYS User Operationsbull note 11713141 HugeLargeExcessive Number Of Audit Records Are Being Generated In The
Databasebull Note 15097231 - Oracle Database Auditing Performance
Top Threats Effect on Database Server
bull Malwarebull is software designed to infiltrate or damage a computer system without the
owners informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile intrusive or annoying software or program code
Report From Verizon Data-ldquo69 breaches incorporated malwarerdquo
httpwwwwiredcomimages_blogsthreatlevel201203Verizon-Data-Breach-Report-2012pdf
Top Threats Effect on Database Server
bull Malware includes computer viruses worms trojan horses spyware adware most rootkits and other malicious programs In law malware is sometimes known as a computer contaminant in various legal codes
Top Threats Effect on Database Server
Most Common Ports-
Windows netstat ndashan | findstr ltport numbergtLinux netstat ndashan | grep ltport numbergt
Name Protocol Ports
Back Office UDP 31337 Or 31338Deep Throat UDP 2140 and 3150Net Bus TCP 12345 and 12346Whack-a-mole TCP 12361 and 12362Net Bus 2 Pro TCP 20034Girlfriend TCP 21544Master Paradise TCP 3129 40421 40422
40423 and 40426
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
Top Threats Effect on Database Server
bull httpsupportoraclecom
bull Review database user privilegesbull Note 10202866 - Script to Create View to Show All User Privs
Note 10502676 - SCRIPT Script to show table privileges for users and rolesNote 10201766 - SCRIPT Script to Generate object privilege GRANTS
bull Revoke privileges from PUBLIC where not necessarybull Note 2470931 - Be Cautious When Revoking Privileges Granted to PUBLIC
Note 2345511 - PUBLIC Is it a User a Role a User Group a Privilege Note 3902251 - Execute Privileges Are Reset For Public After Applying Patchset
bull Weak Authenticationbull Most common Default Password for Database
Username Password
Sys Manager
Sys System
Sys Oracle
System Same as sys
Apps Apps ( EBS User )
scott tiger
Top Threats Effect on Database Server
Oracle Default Password List By Pete Finniganhttpwwwpetefinnigancomdefaultdefault_password_listhtm
Voyager Beta worm
bull On 20-december 2005 an anonymous poster (kwbbwifindnotcom ) posted an variant of the Oracle Voyager Wormbull Read more About this Worm bull httpwwwred-database-securitycomadvisoryoracle_worm_voyagerhtml
bull attacks Oracle servers using default accounts and passwordbull It attempts a TCP connection to TCP Port 1521 Where oracle
connection Service listensbull If Ok Then Tries Series of Username and passwordbull Systemmanager syschange_on_install dbsnmpdbsnmp scotttiger
bull Authenticate Ok It will create table to transfer payload
bull Denial of service (DoS) -bull Common DoS techniques include buffer overflows data corruption network
flooding and resource consumptionbull It is an attack through which a person can render a system unusable or
significantly slow it down for system unusable or significantly slow it down for legitimate users by overloading its resources
bull Attackers maybull Attempt to flood a network thereby preventing legitimate network trafficbull Attempt to disrupt connections between two machines thereby Attempt to disrupt
connections between two machines thereby preventing access to a servicebull Attempt to prevent a particular individual from accessing a servicebull Attempt to disrupt service to a specific system or person
Top Threats Effect on Database Server
bull The Impact-bull Disabled networkbull Disabled organizationbull Financial lossbull Loss of goodwill
bull DoS Attack Classification-bull Smurf - Generates a large amount of ICMP echo (ping)bull Buffer Overflow Attack - The program writes more information into the bufferbull Ping of death - Send IP Packets larger than the 65536 Bytes bull Teardrop - IP Requires that packet that is too large for next Routerbull SYN Attack - Sends bogus TCP SYN requests to a victim server
Top Threats Effect on Database Server
bull Examples DoS Attack Tools -bull Jolt2bull Buboniccbull Land and LaTierrabull Targabull Blast20bull Nemesybull Panther2bull Crazy Pingerbull Some Troublebull UDP Floodbull FSMax
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull SQL Injectionbull type of security exploit in which the attacker injects Structured Query
Language (SQL) code through a web form input box to gain Structured Query Language (SQL) code through a web form input box to gain access to resources or make changes to databull Programmer use sequential commands with user inputs making it easier for
attackers to inject commandsbull Attacker can do SQL Commands through web applicationbull For Example when a user logs onto a web page by using a user name and
password for validation a SQL query is user name and password for validation a SQL query is usedbull What I Need Any Web Browser
bull What Should I look For in SQL Injection bull HTML method
bull POST you cannot see any parameters in browserbull GET
bull Check HTML Source CodeltForm action=searchasp method=postgt ltinput type=hidden name=X value=ZgtltFormgt
bull Examples bull http wwwmywebsitecom indexaspid=10
Top Threats Effect on Database Server
Top Threats Effect on Database Server
If you get this error then the website is vulnerable to an SQL injection attack
Top Threats Effect on Database Server
bull But Wait How Can I Test SQL Injection bull Different Way Different Toolsbull Easy Way to use Single Quote in the input
bull Examples bull bull blahrsquo or 1=1mdashbull Loginblahrsquo or 1=1mdashbull bull Passwordblahrsquo or 1=1mdash
http wwwmywebsitecom indexaspid=10
Will be like thishttp wwwmywebsitecomindexaspid=blahrsquo or 1=1--
bull Another examples for single quote usage in SQL Injection bull lsquo or 1=1mdashbull ldquo or 1=1mdashbull lsquo or lsquoarsquo=lsquoabull ldquo or ldquoardquo=ldquoabull lsquo) or (lsquoarsquo=lsquoa)
bull The hacker breaks into the system by injecting malformed SQL into the query because the executed query is formed by the concatenation of a fixed string and values entered by the userbull string strQry = SELECT Count() FROM Users WHERE UserName= + txtUserText + AND
Password= + txtPasswordText +
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull If the user enter valid username and password the query strQry will be changedLike this SELECT Count() FROM Users WHERE UserName=Paul AND Password=passwordlsquo
bull But The Hacker will not leave weak code Alone and he will enter - Or 1=1 ndash
bull The New Query Will be SELECT Count() FROM Users WHERE UserName= Or 1=1 -- AND Password=
bull 1=1 is always true for every row in the table so assuming there is at least one row in the table this SQL always return nonzero count of records
Top Threats Effect on Database Server
bull Weak Audit Trail
In God I trust For everyone else I keep log files
Performance impacts
Determine what is important to be audited
Top Threats Effect on Database Server
Limited Resource
Which Mechanism Of Audit Trail I should Use
No End-To-End Auditing
Top Threats Effect on Database Server
Application
Top Threats Effect on Database Server
bull Whether database auditing is enabled or disabled Oracle will always audit certain database actions into the OS audit trail There is no way to change this behavior because it is a formal requirement of the security evaluation criteria
Documents Every DBA Should Read
bull NOTE1743401 - Audit SYS User Operations (How to Audit SYSDBA)bull NOTE5532251 - How To Set the AUDIT_SYSLOG_LEVEL Parameter bull NOTE12990331- Master Note For Oracle Database Auditingbull Note 1743401 - Audit SYS User Operationsbull note 11713141 HugeLargeExcessive Number Of Audit Records Are Being Generated In The
Databasebull Note 15097231 - Oracle Database Auditing Performance
Top Threats Effect on Database Server
bull Malwarebull is software designed to infiltrate or damage a computer system without the
owners informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile intrusive or annoying software or program code
Report From Verizon Data-ldquo69 breaches incorporated malwarerdquo
httpwwwwiredcomimages_blogsthreatlevel201203Verizon-Data-Breach-Report-2012pdf
Top Threats Effect on Database Server
bull Malware includes computer viruses worms trojan horses spyware adware most rootkits and other malicious programs In law malware is sometimes known as a computer contaminant in various legal codes
Top Threats Effect on Database Server
Most Common Ports-
Windows netstat ndashan | findstr ltport numbergtLinux netstat ndashan | grep ltport numbergt
Name Protocol Ports
Back Office UDP 31337 Or 31338Deep Throat UDP 2140 and 3150Net Bus TCP 12345 and 12346Whack-a-mole TCP 12361 and 12362Net Bus 2 Pro TCP 20034Girlfriend TCP 21544Master Paradise TCP 3129 40421 40422
40423 and 40426
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
bull Weak Authenticationbull Most common Default Password for Database
Username Password
Sys Manager
Sys System
Sys Oracle
System Same as sys
Apps Apps ( EBS User )
scott tiger
Top Threats Effect on Database Server
Oracle Default Password List By Pete Finniganhttpwwwpetefinnigancomdefaultdefault_password_listhtm
Voyager Beta worm
bull On 20-december 2005 an anonymous poster (kwbbwifindnotcom ) posted an variant of the Oracle Voyager Wormbull Read more About this Worm bull httpwwwred-database-securitycomadvisoryoracle_worm_voyagerhtml
bull attacks Oracle servers using default accounts and passwordbull It attempts a TCP connection to TCP Port 1521 Where oracle
connection Service listensbull If Ok Then Tries Series of Username and passwordbull Systemmanager syschange_on_install dbsnmpdbsnmp scotttiger
bull Authenticate Ok It will create table to transfer payload
bull Denial of service (DoS) -bull Common DoS techniques include buffer overflows data corruption network
flooding and resource consumptionbull It is an attack through which a person can render a system unusable or
significantly slow it down for system unusable or significantly slow it down for legitimate users by overloading its resources
bull Attackers maybull Attempt to flood a network thereby preventing legitimate network trafficbull Attempt to disrupt connections between two machines thereby Attempt to disrupt
connections between two machines thereby preventing access to a servicebull Attempt to prevent a particular individual from accessing a servicebull Attempt to disrupt service to a specific system or person
Top Threats Effect on Database Server
bull The Impact-bull Disabled networkbull Disabled organizationbull Financial lossbull Loss of goodwill
bull DoS Attack Classification-bull Smurf - Generates a large amount of ICMP echo (ping)bull Buffer Overflow Attack - The program writes more information into the bufferbull Ping of death - Send IP Packets larger than the 65536 Bytes bull Teardrop - IP Requires that packet that is too large for next Routerbull SYN Attack - Sends bogus TCP SYN requests to a victim server
Top Threats Effect on Database Server
bull Examples DoS Attack Tools -bull Jolt2bull Buboniccbull Land and LaTierrabull Targabull Blast20bull Nemesybull Panther2bull Crazy Pingerbull Some Troublebull UDP Floodbull FSMax
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull SQL Injectionbull type of security exploit in which the attacker injects Structured Query
Language (SQL) code through a web form input box to gain Structured Query Language (SQL) code through a web form input box to gain access to resources or make changes to databull Programmer use sequential commands with user inputs making it easier for
attackers to inject commandsbull Attacker can do SQL Commands through web applicationbull For Example when a user logs onto a web page by using a user name and
password for validation a SQL query is user name and password for validation a SQL query is usedbull What I Need Any Web Browser
bull What Should I look For in SQL Injection bull HTML method
bull POST you cannot see any parameters in browserbull GET
bull Check HTML Source CodeltForm action=searchasp method=postgt ltinput type=hidden name=X value=ZgtltFormgt
bull Examples bull http wwwmywebsitecom indexaspid=10
Top Threats Effect on Database Server
Top Threats Effect on Database Server
If you get this error then the website is vulnerable to an SQL injection attack
Top Threats Effect on Database Server
bull But Wait How Can I Test SQL Injection bull Different Way Different Toolsbull Easy Way to use Single Quote in the input
bull Examples bull bull blahrsquo or 1=1mdashbull Loginblahrsquo or 1=1mdashbull bull Passwordblahrsquo or 1=1mdash
http wwwmywebsitecom indexaspid=10
Will be like thishttp wwwmywebsitecomindexaspid=blahrsquo or 1=1--
bull Another examples for single quote usage in SQL Injection bull lsquo or 1=1mdashbull ldquo or 1=1mdashbull lsquo or lsquoarsquo=lsquoabull ldquo or ldquoardquo=ldquoabull lsquo) or (lsquoarsquo=lsquoa)
bull The hacker breaks into the system by injecting malformed SQL into the query because the executed query is formed by the concatenation of a fixed string and values entered by the userbull string strQry = SELECT Count() FROM Users WHERE UserName= + txtUserText + AND
Password= + txtPasswordText +
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull If the user enter valid username and password the query strQry will be changedLike this SELECT Count() FROM Users WHERE UserName=Paul AND Password=passwordlsquo
bull But The Hacker will not leave weak code Alone and he will enter - Or 1=1 ndash
bull The New Query Will be SELECT Count() FROM Users WHERE UserName= Or 1=1 -- AND Password=
bull 1=1 is always true for every row in the table so assuming there is at least one row in the table this SQL always return nonzero count of records
Top Threats Effect on Database Server
bull Weak Audit Trail
In God I trust For everyone else I keep log files
Performance impacts
Determine what is important to be audited
Top Threats Effect on Database Server
Limited Resource
Which Mechanism Of Audit Trail I should Use
No End-To-End Auditing
Top Threats Effect on Database Server
Application
Top Threats Effect on Database Server
bull Whether database auditing is enabled or disabled Oracle will always audit certain database actions into the OS audit trail There is no way to change this behavior because it is a formal requirement of the security evaluation criteria
Documents Every DBA Should Read
bull NOTE1743401 - Audit SYS User Operations (How to Audit SYSDBA)bull NOTE5532251 - How To Set the AUDIT_SYSLOG_LEVEL Parameter bull NOTE12990331- Master Note For Oracle Database Auditingbull Note 1743401 - Audit SYS User Operationsbull note 11713141 HugeLargeExcessive Number Of Audit Records Are Being Generated In The
Databasebull Note 15097231 - Oracle Database Auditing Performance
Top Threats Effect on Database Server
bull Malwarebull is software designed to infiltrate or damage a computer system without the
owners informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile intrusive or annoying software or program code
Report From Verizon Data-ldquo69 breaches incorporated malwarerdquo
httpwwwwiredcomimages_blogsthreatlevel201203Verizon-Data-Breach-Report-2012pdf
Top Threats Effect on Database Server
bull Malware includes computer viruses worms trojan horses spyware adware most rootkits and other malicious programs In law malware is sometimes known as a computer contaminant in various legal codes
Top Threats Effect on Database Server
Most Common Ports-
Windows netstat ndashan | findstr ltport numbergtLinux netstat ndashan | grep ltport numbergt
Name Protocol Ports
Back Office UDP 31337 Or 31338Deep Throat UDP 2140 and 3150Net Bus TCP 12345 and 12346Whack-a-mole TCP 12361 and 12362Net Bus 2 Pro TCP 20034Girlfriend TCP 21544Master Paradise TCP 3129 40421 40422
40423 and 40426
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
Voyager Beta worm
bull On 20-december 2005 an anonymous poster (kwbbwifindnotcom ) posted an variant of the Oracle Voyager Wormbull Read more About this Worm bull httpwwwred-database-securitycomadvisoryoracle_worm_voyagerhtml
bull attacks Oracle servers using default accounts and passwordbull It attempts a TCP connection to TCP Port 1521 Where oracle
connection Service listensbull If Ok Then Tries Series of Username and passwordbull Systemmanager syschange_on_install dbsnmpdbsnmp scotttiger
bull Authenticate Ok It will create table to transfer payload
bull Denial of service (DoS) -bull Common DoS techniques include buffer overflows data corruption network
flooding and resource consumptionbull It is an attack through which a person can render a system unusable or
significantly slow it down for system unusable or significantly slow it down for legitimate users by overloading its resources
bull Attackers maybull Attempt to flood a network thereby preventing legitimate network trafficbull Attempt to disrupt connections between two machines thereby Attempt to disrupt
connections between two machines thereby preventing access to a servicebull Attempt to prevent a particular individual from accessing a servicebull Attempt to disrupt service to a specific system or person
Top Threats Effect on Database Server
bull The Impact-bull Disabled networkbull Disabled organizationbull Financial lossbull Loss of goodwill
bull DoS Attack Classification-bull Smurf - Generates a large amount of ICMP echo (ping)bull Buffer Overflow Attack - The program writes more information into the bufferbull Ping of death - Send IP Packets larger than the 65536 Bytes bull Teardrop - IP Requires that packet that is too large for next Routerbull SYN Attack - Sends bogus TCP SYN requests to a victim server
Top Threats Effect on Database Server
bull Examples DoS Attack Tools -bull Jolt2bull Buboniccbull Land and LaTierrabull Targabull Blast20bull Nemesybull Panther2bull Crazy Pingerbull Some Troublebull UDP Floodbull FSMax
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull SQL Injectionbull type of security exploit in which the attacker injects Structured Query
Language (SQL) code through a web form input box to gain Structured Query Language (SQL) code through a web form input box to gain access to resources or make changes to databull Programmer use sequential commands with user inputs making it easier for
attackers to inject commandsbull Attacker can do SQL Commands through web applicationbull For Example when a user logs onto a web page by using a user name and
password for validation a SQL query is user name and password for validation a SQL query is usedbull What I Need Any Web Browser
bull What Should I look For in SQL Injection bull HTML method
bull POST you cannot see any parameters in browserbull GET
bull Check HTML Source CodeltForm action=searchasp method=postgt ltinput type=hidden name=X value=ZgtltFormgt
bull Examples bull http wwwmywebsitecom indexaspid=10
Top Threats Effect on Database Server
Top Threats Effect on Database Server
If you get this error then the website is vulnerable to an SQL injection attack
Top Threats Effect on Database Server
bull But Wait How Can I Test SQL Injection bull Different Way Different Toolsbull Easy Way to use Single Quote in the input
bull Examples bull bull blahrsquo or 1=1mdashbull Loginblahrsquo or 1=1mdashbull bull Passwordblahrsquo or 1=1mdash
http wwwmywebsitecom indexaspid=10
Will be like thishttp wwwmywebsitecomindexaspid=blahrsquo or 1=1--
bull Another examples for single quote usage in SQL Injection bull lsquo or 1=1mdashbull ldquo or 1=1mdashbull lsquo or lsquoarsquo=lsquoabull ldquo or ldquoardquo=ldquoabull lsquo) or (lsquoarsquo=lsquoa)
bull The hacker breaks into the system by injecting malformed SQL into the query because the executed query is formed by the concatenation of a fixed string and values entered by the userbull string strQry = SELECT Count() FROM Users WHERE UserName= + txtUserText + AND
Password= + txtPasswordText +
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull If the user enter valid username and password the query strQry will be changedLike this SELECT Count() FROM Users WHERE UserName=Paul AND Password=passwordlsquo
bull But The Hacker will not leave weak code Alone and he will enter - Or 1=1 ndash
bull The New Query Will be SELECT Count() FROM Users WHERE UserName= Or 1=1 -- AND Password=
bull 1=1 is always true for every row in the table so assuming there is at least one row in the table this SQL always return nonzero count of records
Top Threats Effect on Database Server
bull Weak Audit Trail
In God I trust For everyone else I keep log files
Performance impacts
Determine what is important to be audited
Top Threats Effect on Database Server
Limited Resource
Which Mechanism Of Audit Trail I should Use
No End-To-End Auditing
Top Threats Effect on Database Server
Application
Top Threats Effect on Database Server
bull Whether database auditing is enabled or disabled Oracle will always audit certain database actions into the OS audit trail There is no way to change this behavior because it is a formal requirement of the security evaluation criteria
Documents Every DBA Should Read
bull NOTE1743401 - Audit SYS User Operations (How to Audit SYSDBA)bull NOTE5532251 - How To Set the AUDIT_SYSLOG_LEVEL Parameter bull NOTE12990331- Master Note For Oracle Database Auditingbull Note 1743401 - Audit SYS User Operationsbull note 11713141 HugeLargeExcessive Number Of Audit Records Are Being Generated In The
Databasebull Note 15097231 - Oracle Database Auditing Performance
Top Threats Effect on Database Server
bull Malwarebull is software designed to infiltrate or damage a computer system without the
owners informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile intrusive or annoying software or program code
Report From Verizon Data-ldquo69 breaches incorporated malwarerdquo
httpwwwwiredcomimages_blogsthreatlevel201203Verizon-Data-Breach-Report-2012pdf
Top Threats Effect on Database Server
bull Malware includes computer viruses worms trojan horses spyware adware most rootkits and other malicious programs In law malware is sometimes known as a computer contaminant in various legal codes
Top Threats Effect on Database Server
Most Common Ports-
Windows netstat ndashan | findstr ltport numbergtLinux netstat ndashan | grep ltport numbergt
Name Protocol Ports
Back Office UDP 31337 Or 31338Deep Throat UDP 2140 and 3150Net Bus TCP 12345 and 12346Whack-a-mole TCP 12361 and 12362Net Bus 2 Pro TCP 20034Girlfriend TCP 21544Master Paradise TCP 3129 40421 40422
40423 and 40426
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
bull Denial of service (DoS) -bull Common DoS techniques include buffer overflows data corruption network
flooding and resource consumptionbull It is an attack through which a person can render a system unusable or
significantly slow it down for system unusable or significantly slow it down for legitimate users by overloading its resources
bull Attackers maybull Attempt to flood a network thereby preventing legitimate network trafficbull Attempt to disrupt connections between two machines thereby Attempt to disrupt
connections between two machines thereby preventing access to a servicebull Attempt to prevent a particular individual from accessing a servicebull Attempt to disrupt service to a specific system or person
Top Threats Effect on Database Server
bull The Impact-bull Disabled networkbull Disabled organizationbull Financial lossbull Loss of goodwill
bull DoS Attack Classification-bull Smurf - Generates a large amount of ICMP echo (ping)bull Buffer Overflow Attack - The program writes more information into the bufferbull Ping of death - Send IP Packets larger than the 65536 Bytes bull Teardrop - IP Requires that packet that is too large for next Routerbull SYN Attack - Sends bogus TCP SYN requests to a victim server
Top Threats Effect on Database Server
bull Examples DoS Attack Tools -bull Jolt2bull Buboniccbull Land and LaTierrabull Targabull Blast20bull Nemesybull Panther2bull Crazy Pingerbull Some Troublebull UDP Floodbull FSMax
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull SQL Injectionbull type of security exploit in which the attacker injects Structured Query
Language (SQL) code through a web form input box to gain Structured Query Language (SQL) code through a web form input box to gain access to resources or make changes to databull Programmer use sequential commands with user inputs making it easier for
attackers to inject commandsbull Attacker can do SQL Commands through web applicationbull For Example when a user logs onto a web page by using a user name and
password for validation a SQL query is user name and password for validation a SQL query is usedbull What I Need Any Web Browser
bull What Should I look For in SQL Injection bull HTML method
bull POST you cannot see any parameters in browserbull GET
bull Check HTML Source CodeltForm action=searchasp method=postgt ltinput type=hidden name=X value=ZgtltFormgt
bull Examples bull http wwwmywebsitecom indexaspid=10
Top Threats Effect on Database Server
Top Threats Effect on Database Server
If you get this error then the website is vulnerable to an SQL injection attack
Top Threats Effect on Database Server
bull But Wait How Can I Test SQL Injection bull Different Way Different Toolsbull Easy Way to use Single Quote in the input
bull Examples bull bull blahrsquo or 1=1mdashbull Loginblahrsquo or 1=1mdashbull bull Passwordblahrsquo or 1=1mdash
http wwwmywebsitecom indexaspid=10
Will be like thishttp wwwmywebsitecomindexaspid=blahrsquo or 1=1--
bull Another examples for single quote usage in SQL Injection bull lsquo or 1=1mdashbull ldquo or 1=1mdashbull lsquo or lsquoarsquo=lsquoabull ldquo or ldquoardquo=ldquoabull lsquo) or (lsquoarsquo=lsquoa)
bull The hacker breaks into the system by injecting malformed SQL into the query because the executed query is formed by the concatenation of a fixed string and values entered by the userbull string strQry = SELECT Count() FROM Users WHERE UserName= + txtUserText + AND
Password= + txtPasswordText +
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull If the user enter valid username and password the query strQry will be changedLike this SELECT Count() FROM Users WHERE UserName=Paul AND Password=passwordlsquo
bull But The Hacker will not leave weak code Alone and he will enter - Or 1=1 ndash
bull The New Query Will be SELECT Count() FROM Users WHERE UserName= Or 1=1 -- AND Password=
bull 1=1 is always true for every row in the table so assuming there is at least one row in the table this SQL always return nonzero count of records
Top Threats Effect on Database Server
bull Weak Audit Trail
In God I trust For everyone else I keep log files
Performance impacts
Determine what is important to be audited
Top Threats Effect on Database Server
Limited Resource
Which Mechanism Of Audit Trail I should Use
No End-To-End Auditing
Top Threats Effect on Database Server
Application
Top Threats Effect on Database Server
bull Whether database auditing is enabled or disabled Oracle will always audit certain database actions into the OS audit trail There is no way to change this behavior because it is a formal requirement of the security evaluation criteria
Documents Every DBA Should Read
bull NOTE1743401 - Audit SYS User Operations (How to Audit SYSDBA)bull NOTE5532251 - How To Set the AUDIT_SYSLOG_LEVEL Parameter bull NOTE12990331- Master Note For Oracle Database Auditingbull Note 1743401 - Audit SYS User Operationsbull note 11713141 HugeLargeExcessive Number Of Audit Records Are Being Generated In The
Databasebull Note 15097231 - Oracle Database Auditing Performance
Top Threats Effect on Database Server
bull Malwarebull is software designed to infiltrate or damage a computer system without the
owners informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile intrusive or annoying software or program code
Report From Verizon Data-ldquo69 breaches incorporated malwarerdquo
httpwwwwiredcomimages_blogsthreatlevel201203Verizon-Data-Breach-Report-2012pdf
Top Threats Effect on Database Server
bull Malware includes computer viruses worms trojan horses spyware adware most rootkits and other malicious programs In law malware is sometimes known as a computer contaminant in various legal codes
Top Threats Effect on Database Server
Most Common Ports-
Windows netstat ndashan | findstr ltport numbergtLinux netstat ndashan | grep ltport numbergt
Name Protocol Ports
Back Office UDP 31337 Or 31338Deep Throat UDP 2140 and 3150Net Bus TCP 12345 and 12346Whack-a-mole TCP 12361 and 12362Net Bus 2 Pro TCP 20034Girlfriend TCP 21544Master Paradise TCP 3129 40421 40422
40423 and 40426
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
bull The Impact-bull Disabled networkbull Disabled organizationbull Financial lossbull Loss of goodwill
bull DoS Attack Classification-bull Smurf - Generates a large amount of ICMP echo (ping)bull Buffer Overflow Attack - The program writes more information into the bufferbull Ping of death - Send IP Packets larger than the 65536 Bytes bull Teardrop - IP Requires that packet that is too large for next Routerbull SYN Attack - Sends bogus TCP SYN requests to a victim server
Top Threats Effect on Database Server
bull Examples DoS Attack Tools -bull Jolt2bull Buboniccbull Land and LaTierrabull Targabull Blast20bull Nemesybull Panther2bull Crazy Pingerbull Some Troublebull UDP Floodbull FSMax
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull SQL Injectionbull type of security exploit in which the attacker injects Structured Query
Language (SQL) code through a web form input box to gain Structured Query Language (SQL) code through a web form input box to gain access to resources or make changes to databull Programmer use sequential commands with user inputs making it easier for
attackers to inject commandsbull Attacker can do SQL Commands through web applicationbull For Example when a user logs onto a web page by using a user name and
password for validation a SQL query is user name and password for validation a SQL query is usedbull What I Need Any Web Browser
bull What Should I look For in SQL Injection bull HTML method
bull POST you cannot see any parameters in browserbull GET
bull Check HTML Source CodeltForm action=searchasp method=postgt ltinput type=hidden name=X value=ZgtltFormgt
bull Examples bull http wwwmywebsitecom indexaspid=10
Top Threats Effect on Database Server
Top Threats Effect on Database Server
If you get this error then the website is vulnerable to an SQL injection attack
Top Threats Effect on Database Server
bull But Wait How Can I Test SQL Injection bull Different Way Different Toolsbull Easy Way to use Single Quote in the input
bull Examples bull bull blahrsquo or 1=1mdashbull Loginblahrsquo or 1=1mdashbull bull Passwordblahrsquo or 1=1mdash
http wwwmywebsitecom indexaspid=10
Will be like thishttp wwwmywebsitecomindexaspid=blahrsquo or 1=1--
bull Another examples for single quote usage in SQL Injection bull lsquo or 1=1mdashbull ldquo or 1=1mdashbull lsquo or lsquoarsquo=lsquoabull ldquo or ldquoardquo=ldquoabull lsquo) or (lsquoarsquo=lsquoa)
bull The hacker breaks into the system by injecting malformed SQL into the query because the executed query is formed by the concatenation of a fixed string and values entered by the userbull string strQry = SELECT Count() FROM Users WHERE UserName= + txtUserText + AND
Password= + txtPasswordText +
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull If the user enter valid username and password the query strQry will be changedLike this SELECT Count() FROM Users WHERE UserName=Paul AND Password=passwordlsquo
bull But The Hacker will not leave weak code Alone and he will enter - Or 1=1 ndash
bull The New Query Will be SELECT Count() FROM Users WHERE UserName= Or 1=1 -- AND Password=
bull 1=1 is always true for every row in the table so assuming there is at least one row in the table this SQL always return nonzero count of records
Top Threats Effect on Database Server
bull Weak Audit Trail
In God I trust For everyone else I keep log files
Performance impacts
Determine what is important to be audited
Top Threats Effect on Database Server
Limited Resource
Which Mechanism Of Audit Trail I should Use
No End-To-End Auditing
Top Threats Effect on Database Server
Application
Top Threats Effect on Database Server
bull Whether database auditing is enabled or disabled Oracle will always audit certain database actions into the OS audit trail There is no way to change this behavior because it is a formal requirement of the security evaluation criteria
Documents Every DBA Should Read
bull NOTE1743401 - Audit SYS User Operations (How to Audit SYSDBA)bull NOTE5532251 - How To Set the AUDIT_SYSLOG_LEVEL Parameter bull NOTE12990331- Master Note For Oracle Database Auditingbull Note 1743401 - Audit SYS User Operationsbull note 11713141 HugeLargeExcessive Number Of Audit Records Are Being Generated In The
Databasebull Note 15097231 - Oracle Database Auditing Performance
Top Threats Effect on Database Server
bull Malwarebull is software designed to infiltrate or damage a computer system without the
owners informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile intrusive or annoying software or program code
Report From Verizon Data-ldquo69 breaches incorporated malwarerdquo
httpwwwwiredcomimages_blogsthreatlevel201203Verizon-Data-Breach-Report-2012pdf
Top Threats Effect on Database Server
bull Malware includes computer viruses worms trojan horses spyware adware most rootkits and other malicious programs In law malware is sometimes known as a computer contaminant in various legal codes
Top Threats Effect on Database Server
Most Common Ports-
Windows netstat ndashan | findstr ltport numbergtLinux netstat ndashan | grep ltport numbergt
Name Protocol Ports
Back Office UDP 31337 Or 31338Deep Throat UDP 2140 and 3150Net Bus TCP 12345 and 12346Whack-a-mole TCP 12361 and 12362Net Bus 2 Pro TCP 20034Girlfriend TCP 21544Master Paradise TCP 3129 40421 40422
40423 and 40426
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
bull Examples DoS Attack Tools -bull Jolt2bull Buboniccbull Land and LaTierrabull Targabull Blast20bull Nemesybull Panther2bull Crazy Pingerbull Some Troublebull UDP Floodbull FSMax
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull SQL Injectionbull type of security exploit in which the attacker injects Structured Query
Language (SQL) code through a web form input box to gain Structured Query Language (SQL) code through a web form input box to gain access to resources or make changes to databull Programmer use sequential commands with user inputs making it easier for
attackers to inject commandsbull Attacker can do SQL Commands through web applicationbull For Example when a user logs onto a web page by using a user name and
password for validation a SQL query is user name and password for validation a SQL query is usedbull What I Need Any Web Browser
bull What Should I look For in SQL Injection bull HTML method
bull POST you cannot see any parameters in browserbull GET
bull Check HTML Source CodeltForm action=searchasp method=postgt ltinput type=hidden name=X value=ZgtltFormgt
bull Examples bull http wwwmywebsitecom indexaspid=10
Top Threats Effect on Database Server
Top Threats Effect on Database Server
If you get this error then the website is vulnerable to an SQL injection attack
Top Threats Effect on Database Server
bull But Wait How Can I Test SQL Injection bull Different Way Different Toolsbull Easy Way to use Single Quote in the input
bull Examples bull bull blahrsquo or 1=1mdashbull Loginblahrsquo or 1=1mdashbull bull Passwordblahrsquo or 1=1mdash
http wwwmywebsitecom indexaspid=10
Will be like thishttp wwwmywebsitecomindexaspid=blahrsquo or 1=1--
bull Another examples for single quote usage in SQL Injection bull lsquo or 1=1mdashbull ldquo or 1=1mdashbull lsquo or lsquoarsquo=lsquoabull ldquo or ldquoardquo=ldquoabull lsquo) or (lsquoarsquo=lsquoa)
bull The hacker breaks into the system by injecting malformed SQL into the query because the executed query is formed by the concatenation of a fixed string and values entered by the userbull string strQry = SELECT Count() FROM Users WHERE UserName= + txtUserText + AND
Password= + txtPasswordText +
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull If the user enter valid username and password the query strQry will be changedLike this SELECT Count() FROM Users WHERE UserName=Paul AND Password=passwordlsquo
bull But The Hacker will not leave weak code Alone and he will enter - Or 1=1 ndash
bull The New Query Will be SELECT Count() FROM Users WHERE UserName= Or 1=1 -- AND Password=
bull 1=1 is always true for every row in the table so assuming there is at least one row in the table this SQL always return nonzero count of records
Top Threats Effect on Database Server
bull Weak Audit Trail
In God I trust For everyone else I keep log files
Performance impacts
Determine what is important to be audited
Top Threats Effect on Database Server
Limited Resource
Which Mechanism Of Audit Trail I should Use
No End-To-End Auditing
Top Threats Effect on Database Server
Application
Top Threats Effect on Database Server
bull Whether database auditing is enabled or disabled Oracle will always audit certain database actions into the OS audit trail There is no way to change this behavior because it is a formal requirement of the security evaluation criteria
Documents Every DBA Should Read
bull NOTE1743401 - Audit SYS User Operations (How to Audit SYSDBA)bull NOTE5532251 - How To Set the AUDIT_SYSLOG_LEVEL Parameter bull NOTE12990331- Master Note For Oracle Database Auditingbull Note 1743401 - Audit SYS User Operationsbull note 11713141 HugeLargeExcessive Number Of Audit Records Are Being Generated In The
Databasebull Note 15097231 - Oracle Database Auditing Performance
Top Threats Effect on Database Server
bull Malwarebull is software designed to infiltrate or damage a computer system without the
owners informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile intrusive or annoying software or program code
Report From Verizon Data-ldquo69 breaches incorporated malwarerdquo
httpwwwwiredcomimages_blogsthreatlevel201203Verizon-Data-Breach-Report-2012pdf
Top Threats Effect on Database Server
bull Malware includes computer viruses worms trojan horses spyware adware most rootkits and other malicious programs In law malware is sometimes known as a computer contaminant in various legal codes
Top Threats Effect on Database Server
Most Common Ports-
Windows netstat ndashan | findstr ltport numbergtLinux netstat ndashan | grep ltport numbergt
Name Protocol Ports
Back Office UDP 31337 Or 31338Deep Throat UDP 2140 and 3150Net Bus TCP 12345 and 12346Whack-a-mole TCP 12361 and 12362Net Bus 2 Pro TCP 20034Girlfriend TCP 21544Master Paradise TCP 3129 40421 40422
40423 and 40426
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
Top Threats Effect on Database Server
bull SQL Injectionbull type of security exploit in which the attacker injects Structured Query
Language (SQL) code through a web form input box to gain Structured Query Language (SQL) code through a web form input box to gain access to resources or make changes to databull Programmer use sequential commands with user inputs making it easier for
attackers to inject commandsbull Attacker can do SQL Commands through web applicationbull For Example when a user logs onto a web page by using a user name and
password for validation a SQL query is user name and password for validation a SQL query is usedbull What I Need Any Web Browser
bull What Should I look For in SQL Injection bull HTML method
bull POST you cannot see any parameters in browserbull GET
bull Check HTML Source CodeltForm action=searchasp method=postgt ltinput type=hidden name=X value=ZgtltFormgt
bull Examples bull http wwwmywebsitecom indexaspid=10
Top Threats Effect on Database Server
Top Threats Effect on Database Server
If you get this error then the website is vulnerable to an SQL injection attack
Top Threats Effect on Database Server
bull But Wait How Can I Test SQL Injection bull Different Way Different Toolsbull Easy Way to use Single Quote in the input
bull Examples bull bull blahrsquo or 1=1mdashbull Loginblahrsquo or 1=1mdashbull bull Passwordblahrsquo or 1=1mdash
http wwwmywebsitecom indexaspid=10
Will be like thishttp wwwmywebsitecomindexaspid=blahrsquo or 1=1--
bull Another examples for single quote usage in SQL Injection bull lsquo or 1=1mdashbull ldquo or 1=1mdashbull lsquo or lsquoarsquo=lsquoabull ldquo or ldquoardquo=ldquoabull lsquo) or (lsquoarsquo=lsquoa)
bull The hacker breaks into the system by injecting malformed SQL into the query because the executed query is formed by the concatenation of a fixed string and values entered by the userbull string strQry = SELECT Count() FROM Users WHERE UserName= + txtUserText + AND
Password= + txtPasswordText +
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull If the user enter valid username and password the query strQry will be changedLike this SELECT Count() FROM Users WHERE UserName=Paul AND Password=passwordlsquo
bull But The Hacker will not leave weak code Alone and he will enter - Or 1=1 ndash
bull The New Query Will be SELECT Count() FROM Users WHERE UserName= Or 1=1 -- AND Password=
bull 1=1 is always true for every row in the table so assuming there is at least one row in the table this SQL always return nonzero count of records
Top Threats Effect on Database Server
bull Weak Audit Trail
In God I trust For everyone else I keep log files
Performance impacts
Determine what is important to be audited
Top Threats Effect on Database Server
Limited Resource
Which Mechanism Of Audit Trail I should Use
No End-To-End Auditing
Top Threats Effect on Database Server
Application
Top Threats Effect on Database Server
bull Whether database auditing is enabled or disabled Oracle will always audit certain database actions into the OS audit trail There is no way to change this behavior because it is a formal requirement of the security evaluation criteria
Documents Every DBA Should Read
bull NOTE1743401 - Audit SYS User Operations (How to Audit SYSDBA)bull NOTE5532251 - How To Set the AUDIT_SYSLOG_LEVEL Parameter bull NOTE12990331- Master Note For Oracle Database Auditingbull Note 1743401 - Audit SYS User Operationsbull note 11713141 HugeLargeExcessive Number Of Audit Records Are Being Generated In The
Databasebull Note 15097231 - Oracle Database Auditing Performance
Top Threats Effect on Database Server
bull Malwarebull is software designed to infiltrate or damage a computer system without the
owners informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile intrusive or annoying software or program code
Report From Verizon Data-ldquo69 breaches incorporated malwarerdquo
httpwwwwiredcomimages_blogsthreatlevel201203Verizon-Data-Breach-Report-2012pdf
Top Threats Effect on Database Server
bull Malware includes computer viruses worms trojan horses spyware adware most rootkits and other malicious programs In law malware is sometimes known as a computer contaminant in various legal codes
Top Threats Effect on Database Server
Most Common Ports-
Windows netstat ndashan | findstr ltport numbergtLinux netstat ndashan | grep ltport numbergt
Name Protocol Ports
Back Office UDP 31337 Or 31338Deep Throat UDP 2140 and 3150Net Bus TCP 12345 and 12346Whack-a-mole TCP 12361 and 12362Net Bus 2 Pro TCP 20034Girlfriend TCP 21544Master Paradise TCP 3129 40421 40422
40423 and 40426
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
bull What Should I look For in SQL Injection bull HTML method
bull POST you cannot see any parameters in browserbull GET
bull Check HTML Source CodeltForm action=searchasp method=postgt ltinput type=hidden name=X value=ZgtltFormgt
bull Examples bull http wwwmywebsitecom indexaspid=10
Top Threats Effect on Database Server
Top Threats Effect on Database Server
If you get this error then the website is vulnerable to an SQL injection attack
Top Threats Effect on Database Server
bull But Wait How Can I Test SQL Injection bull Different Way Different Toolsbull Easy Way to use Single Quote in the input
bull Examples bull bull blahrsquo or 1=1mdashbull Loginblahrsquo or 1=1mdashbull bull Passwordblahrsquo or 1=1mdash
http wwwmywebsitecom indexaspid=10
Will be like thishttp wwwmywebsitecomindexaspid=blahrsquo or 1=1--
bull Another examples for single quote usage in SQL Injection bull lsquo or 1=1mdashbull ldquo or 1=1mdashbull lsquo or lsquoarsquo=lsquoabull ldquo or ldquoardquo=ldquoabull lsquo) or (lsquoarsquo=lsquoa)
bull The hacker breaks into the system by injecting malformed SQL into the query because the executed query is formed by the concatenation of a fixed string and values entered by the userbull string strQry = SELECT Count() FROM Users WHERE UserName= + txtUserText + AND
Password= + txtPasswordText +
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull If the user enter valid username and password the query strQry will be changedLike this SELECT Count() FROM Users WHERE UserName=Paul AND Password=passwordlsquo
bull But The Hacker will not leave weak code Alone and he will enter - Or 1=1 ndash
bull The New Query Will be SELECT Count() FROM Users WHERE UserName= Or 1=1 -- AND Password=
bull 1=1 is always true for every row in the table so assuming there is at least one row in the table this SQL always return nonzero count of records
Top Threats Effect on Database Server
bull Weak Audit Trail
In God I trust For everyone else I keep log files
Performance impacts
Determine what is important to be audited
Top Threats Effect on Database Server
Limited Resource
Which Mechanism Of Audit Trail I should Use
No End-To-End Auditing
Top Threats Effect on Database Server
Application
Top Threats Effect on Database Server
bull Whether database auditing is enabled or disabled Oracle will always audit certain database actions into the OS audit trail There is no way to change this behavior because it is a formal requirement of the security evaluation criteria
Documents Every DBA Should Read
bull NOTE1743401 - Audit SYS User Operations (How to Audit SYSDBA)bull NOTE5532251 - How To Set the AUDIT_SYSLOG_LEVEL Parameter bull NOTE12990331- Master Note For Oracle Database Auditingbull Note 1743401 - Audit SYS User Operationsbull note 11713141 HugeLargeExcessive Number Of Audit Records Are Being Generated In The
Databasebull Note 15097231 - Oracle Database Auditing Performance
Top Threats Effect on Database Server
bull Malwarebull is software designed to infiltrate or damage a computer system without the
owners informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile intrusive or annoying software or program code
Report From Verizon Data-ldquo69 breaches incorporated malwarerdquo
httpwwwwiredcomimages_blogsthreatlevel201203Verizon-Data-Breach-Report-2012pdf
Top Threats Effect on Database Server
bull Malware includes computer viruses worms trojan horses spyware adware most rootkits and other malicious programs In law malware is sometimes known as a computer contaminant in various legal codes
Top Threats Effect on Database Server
Most Common Ports-
Windows netstat ndashan | findstr ltport numbergtLinux netstat ndashan | grep ltport numbergt
Name Protocol Ports
Back Office UDP 31337 Or 31338Deep Throat UDP 2140 and 3150Net Bus TCP 12345 and 12346Whack-a-mole TCP 12361 and 12362Net Bus 2 Pro TCP 20034Girlfriend TCP 21544Master Paradise TCP 3129 40421 40422
40423 and 40426
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
Top Threats Effect on Database Server
If you get this error then the website is vulnerable to an SQL injection attack
Top Threats Effect on Database Server
bull But Wait How Can I Test SQL Injection bull Different Way Different Toolsbull Easy Way to use Single Quote in the input
bull Examples bull bull blahrsquo or 1=1mdashbull Loginblahrsquo or 1=1mdashbull bull Passwordblahrsquo or 1=1mdash
http wwwmywebsitecom indexaspid=10
Will be like thishttp wwwmywebsitecomindexaspid=blahrsquo or 1=1--
bull Another examples for single quote usage in SQL Injection bull lsquo or 1=1mdashbull ldquo or 1=1mdashbull lsquo or lsquoarsquo=lsquoabull ldquo or ldquoardquo=ldquoabull lsquo) or (lsquoarsquo=lsquoa)
bull The hacker breaks into the system by injecting malformed SQL into the query because the executed query is formed by the concatenation of a fixed string and values entered by the userbull string strQry = SELECT Count() FROM Users WHERE UserName= + txtUserText + AND
Password= + txtPasswordText +
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull If the user enter valid username and password the query strQry will be changedLike this SELECT Count() FROM Users WHERE UserName=Paul AND Password=passwordlsquo
bull But The Hacker will not leave weak code Alone and he will enter - Or 1=1 ndash
bull The New Query Will be SELECT Count() FROM Users WHERE UserName= Or 1=1 -- AND Password=
bull 1=1 is always true for every row in the table so assuming there is at least one row in the table this SQL always return nonzero count of records
Top Threats Effect on Database Server
bull Weak Audit Trail
In God I trust For everyone else I keep log files
Performance impacts
Determine what is important to be audited
Top Threats Effect on Database Server
Limited Resource
Which Mechanism Of Audit Trail I should Use
No End-To-End Auditing
Top Threats Effect on Database Server
Application
Top Threats Effect on Database Server
bull Whether database auditing is enabled or disabled Oracle will always audit certain database actions into the OS audit trail There is no way to change this behavior because it is a formal requirement of the security evaluation criteria
Documents Every DBA Should Read
bull NOTE1743401 - Audit SYS User Operations (How to Audit SYSDBA)bull NOTE5532251 - How To Set the AUDIT_SYSLOG_LEVEL Parameter bull NOTE12990331- Master Note For Oracle Database Auditingbull Note 1743401 - Audit SYS User Operationsbull note 11713141 HugeLargeExcessive Number Of Audit Records Are Being Generated In The
Databasebull Note 15097231 - Oracle Database Auditing Performance
Top Threats Effect on Database Server
bull Malwarebull is software designed to infiltrate or damage a computer system without the
owners informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile intrusive or annoying software or program code
Report From Verizon Data-ldquo69 breaches incorporated malwarerdquo
httpwwwwiredcomimages_blogsthreatlevel201203Verizon-Data-Breach-Report-2012pdf
Top Threats Effect on Database Server
bull Malware includes computer viruses worms trojan horses spyware adware most rootkits and other malicious programs In law malware is sometimes known as a computer contaminant in various legal codes
Top Threats Effect on Database Server
Most Common Ports-
Windows netstat ndashan | findstr ltport numbergtLinux netstat ndashan | grep ltport numbergt
Name Protocol Ports
Back Office UDP 31337 Or 31338Deep Throat UDP 2140 and 3150Net Bus TCP 12345 and 12346Whack-a-mole TCP 12361 and 12362Net Bus 2 Pro TCP 20034Girlfriend TCP 21544Master Paradise TCP 3129 40421 40422
40423 and 40426
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
Top Threats Effect on Database Server
bull But Wait How Can I Test SQL Injection bull Different Way Different Toolsbull Easy Way to use Single Quote in the input
bull Examples bull bull blahrsquo or 1=1mdashbull Loginblahrsquo or 1=1mdashbull bull Passwordblahrsquo or 1=1mdash
http wwwmywebsitecom indexaspid=10
Will be like thishttp wwwmywebsitecomindexaspid=blahrsquo or 1=1--
bull Another examples for single quote usage in SQL Injection bull lsquo or 1=1mdashbull ldquo or 1=1mdashbull lsquo or lsquoarsquo=lsquoabull ldquo or ldquoardquo=ldquoabull lsquo) or (lsquoarsquo=lsquoa)
bull The hacker breaks into the system by injecting malformed SQL into the query because the executed query is formed by the concatenation of a fixed string and values entered by the userbull string strQry = SELECT Count() FROM Users WHERE UserName= + txtUserText + AND
Password= + txtPasswordText +
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull If the user enter valid username and password the query strQry will be changedLike this SELECT Count() FROM Users WHERE UserName=Paul AND Password=passwordlsquo
bull But The Hacker will not leave weak code Alone and he will enter - Or 1=1 ndash
bull The New Query Will be SELECT Count() FROM Users WHERE UserName= Or 1=1 -- AND Password=
bull 1=1 is always true for every row in the table so assuming there is at least one row in the table this SQL always return nonzero count of records
Top Threats Effect on Database Server
bull Weak Audit Trail
In God I trust For everyone else I keep log files
Performance impacts
Determine what is important to be audited
Top Threats Effect on Database Server
Limited Resource
Which Mechanism Of Audit Trail I should Use
No End-To-End Auditing
Top Threats Effect on Database Server
Application
Top Threats Effect on Database Server
bull Whether database auditing is enabled or disabled Oracle will always audit certain database actions into the OS audit trail There is no way to change this behavior because it is a formal requirement of the security evaluation criteria
Documents Every DBA Should Read
bull NOTE1743401 - Audit SYS User Operations (How to Audit SYSDBA)bull NOTE5532251 - How To Set the AUDIT_SYSLOG_LEVEL Parameter bull NOTE12990331- Master Note For Oracle Database Auditingbull Note 1743401 - Audit SYS User Operationsbull note 11713141 HugeLargeExcessive Number Of Audit Records Are Being Generated In The
Databasebull Note 15097231 - Oracle Database Auditing Performance
Top Threats Effect on Database Server
bull Malwarebull is software designed to infiltrate or damage a computer system without the
owners informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile intrusive or annoying software or program code
Report From Verizon Data-ldquo69 breaches incorporated malwarerdquo
httpwwwwiredcomimages_blogsthreatlevel201203Verizon-Data-Breach-Report-2012pdf
Top Threats Effect on Database Server
bull Malware includes computer viruses worms trojan horses spyware adware most rootkits and other malicious programs In law malware is sometimes known as a computer contaminant in various legal codes
Top Threats Effect on Database Server
Most Common Ports-
Windows netstat ndashan | findstr ltport numbergtLinux netstat ndashan | grep ltport numbergt
Name Protocol Ports
Back Office UDP 31337 Or 31338Deep Throat UDP 2140 and 3150Net Bus TCP 12345 and 12346Whack-a-mole TCP 12361 and 12362Net Bus 2 Pro TCP 20034Girlfriend TCP 21544Master Paradise TCP 3129 40421 40422
40423 and 40426
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
bull Another examples for single quote usage in SQL Injection bull lsquo or 1=1mdashbull ldquo or 1=1mdashbull lsquo or lsquoarsquo=lsquoabull ldquo or ldquoardquo=ldquoabull lsquo) or (lsquoarsquo=lsquoa)
bull The hacker breaks into the system by injecting malformed SQL into the query because the executed query is formed by the concatenation of a fixed string and values entered by the userbull string strQry = SELECT Count() FROM Users WHERE UserName= + txtUserText + AND
Password= + txtPasswordText +
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull If the user enter valid username and password the query strQry will be changedLike this SELECT Count() FROM Users WHERE UserName=Paul AND Password=passwordlsquo
bull But The Hacker will not leave weak code Alone and he will enter - Or 1=1 ndash
bull The New Query Will be SELECT Count() FROM Users WHERE UserName= Or 1=1 -- AND Password=
bull 1=1 is always true for every row in the table so assuming there is at least one row in the table this SQL always return nonzero count of records
Top Threats Effect on Database Server
bull Weak Audit Trail
In God I trust For everyone else I keep log files
Performance impacts
Determine what is important to be audited
Top Threats Effect on Database Server
Limited Resource
Which Mechanism Of Audit Trail I should Use
No End-To-End Auditing
Top Threats Effect on Database Server
Application
Top Threats Effect on Database Server
bull Whether database auditing is enabled or disabled Oracle will always audit certain database actions into the OS audit trail There is no way to change this behavior because it is a formal requirement of the security evaluation criteria
Documents Every DBA Should Read
bull NOTE1743401 - Audit SYS User Operations (How to Audit SYSDBA)bull NOTE5532251 - How To Set the AUDIT_SYSLOG_LEVEL Parameter bull NOTE12990331- Master Note For Oracle Database Auditingbull Note 1743401 - Audit SYS User Operationsbull note 11713141 HugeLargeExcessive Number Of Audit Records Are Being Generated In The
Databasebull Note 15097231 - Oracle Database Auditing Performance
Top Threats Effect on Database Server
bull Malwarebull is software designed to infiltrate or damage a computer system without the
owners informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile intrusive or annoying software or program code
Report From Verizon Data-ldquo69 breaches incorporated malwarerdquo
httpwwwwiredcomimages_blogsthreatlevel201203Verizon-Data-Breach-Report-2012pdf
Top Threats Effect on Database Server
bull Malware includes computer viruses worms trojan horses spyware adware most rootkits and other malicious programs In law malware is sometimes known as a computer contaminant in various legal codes
Top Threats Effect on Database Server
Most Common Ports-
Windows netstat ndashan | findstr ltport numbergtLinux netstat ndashan | grep ltport numbergt
Name Protocol Ports
Back Office UDP 31337 Or 31338Deep Throat UDP 2140 and 3150Net Bus TCP 12345 and 12346Whack-a-mole TCP 12361 and 12362Net Bus 2 Pro TCP 20034Girlfriend TCP 21544Master Paradise TCP 3129 40421 40422
40423 and 40426
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
Top Threats Effect on Database Server
bull If the user enter valid username and password the query strQry will be changedLike this SELECT Count() FROM Users WHERE UserName=Paul AND Password=passwordlsquo
bull But The Hacker will not leave weak code Alone and he will enter - Or 1=1 ndash
bull The New Query Will be SELECT Count() FROM Users WHERE UserName= Or 1=1 -- AND Password=
bull 1=1 is always true for every row in the table so assuming there is at least one row in the table this SQL always return nonzero count of records
Top Threats Effect on Database Server
bull Weak Audit Trail
In God I trust For everyone else I keep log files
Performance impacts
Determine what is important to be audited
Top Threats Effect on Database Server
Limited Resource
Which Mechanism Of Audit Trail I should Use
No End-To-End Auditing
Top Threats Effect on Database Server
Application
Top Threats Effect on Database Server
bull Whether database auditing is enabled or disabled Oracle will always audit certain database actions into the OS audit trail There is no way to change this behavior because it is a formal requirement of the security evaluation criteria
Documents Every DBA Should Read
bull NOTE1743401 - Audit SYS User Operations (How to Audit SYSDBA)bull NOTE5532251 - How To Set the AUDIT_SYSLOG_LEVEL Parameter bull NOTE12990331- Master Note For Oracle Database Auditingbull Note 1743401 - Audit SYS User Operationsbull note 11713141 HugeLargeExcessive Number Of Audit Records Are Being Generated In The
Databasebull Note 15097231 - Oracle Database Auditing Performance
Top Threats Effect on Database Server
bull Malwarebull is software designed to infiltrate or damage a computer system without the
owners informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile intrusive or annoying software or program code
Report From Verizon Data-ldquo69 breaches incorporated malwarerdquo
httpwwwwiredcomimages_blogsthreatlevel201203Verizon-Data-Breach-Report-2012pdf
Top Threats Effect on Database Server
bull Malware includes computer viruses worms trojan horses spyware adware most rootkits and other malicious programs In law malware is sometimes known as a computer contaminant in various legal codes
Top Threats Effect on Database Server
Most Common Ports-
Windows netstat ndashan | findstr ltport numbergtLinux netstat ndashan | grep ltport numbergt
Name Protocol Ports
Back Office UDP 31337 Or 31338Deep Throat UDP 2140 and 3150Net Bus TCP 12345 and 12346Whack-a-mole TCP 12361 and 12362Net Bus 2 Pro TCP 20034Girlfriend TCP 21544Master Paradise TCP 3129 40421 40422
40423 and 40426
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
Top Threats Effect on Database Server
bull Weak Audit Trail
In God I trust For everyone else I keep log files
Performance impacts
Determine what is important to be audited
Top Threats Effect on Database Server
Limited Resource
Which Mechanism Of Audit Trail I should Use
No End-To-End Auditing
Top Threats Effect on Database Server
Application
Top Threats Effect on Database Server
bull Whether database auditing is enabled or disabled Oracle will always audit certain database actions into the OS audit trail There is no way to change this behavior because it is a formal requirement of the security evaluation criteria
Documents Every DBA Should Read
bull NOTE1743401 - Audit SYS User Operations (How to Audit SYSDBA)bull NOTE5532251 - How To Set the AUDIT_SYSLOG_LEVEL Parameter bull NOTE12990331- Master Note For Oracle Database Auditingbull Note 1743401 - Audit SYS User Operationsbull note 11713141 HugeLargeExcessive Number Of Audit Records Are Being Generated In The
Databasebull Note 15097231 - Oracle Database Auditing Performance
Top Threats Effect on Database Server
bull Malwarebull is software designed to infiltrate or damage a computer system without the
owners informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile intrusive or annoying software or program code
Report From Verizon Data-ldquo69 breaches incorporated malwarerdquo
httpwwwwiredcomimages_blogsthreatlevel201203Verizon-Data-Breach-Report-2012pdf
Top Threats Effect on Database Server
bull Malware includes computer viruses worms trojan horses spyware adware most rootkits and other malicious programs In law malware is sometimes known as a computer contaminant in various legal codes
Top Threats Effect on Database Server
Most Common Ports-
Windows netstat ndashan | findstr ltport numbergtLinux netstat ndashan | grep ltport numbergt
Name Protocol Ports
Back Office UDP 31337 Or 31338Deep Throat UDP 2140 and 3150Net Bus TCP 12345 and 12346Whack-a-mole TCP 12361 and 12362Net Bus 2 Pro TCP 20034Girlfriend TCP 21544Master Paradise TCP 3129 40421 40422
40423 and 40426
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
Performance impacts
Determine what is important to be audited
Top Threats Effect on Database Server
Limited Resource
Which Mechanism Of Audit Trail I should Use
No End-To-End Auditing
Top Threats Effect on Database Server
Application
Top Threats Effect on Database Server
bull Whether database auditing is enabled or disabled Oracle will always audit certain database actions into the OS audit trail There is no way to change this behavior because it is a formal requirement of the security evaluation criteria
Documents Every DBA Should Read
bull NOTE1743401 - Audit SYS User Operations (How to Audit SYSDBA)bull NOTE5532251 - How To Set the AUDIT_SYSLOG_LEVEL Parameter bull NOTE12990331- Master Note For Oracle Database Auditingbull Note 1743401 - Audit SYS User Operationsbull note 11713141 HugeLargeExcessive Number Of Audit Records Are Being Generated In The
Databasebull Note 15097231 - Oracle Database Auditing Performance
Top Threats Effect on Database Server
bull Malwarebull is software designed to infiltrate or damage a computer system without the
owners informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile intrusive or annoying software or program code
Report From Verizon Data-ldquo69 breaches incorporated malwarerdquo
httpwwwwiredcomimages_blogsthreatlevel201203Verizon-Data-Breach-Report-2012pdf
Top Threats Effect on Database Server
bull Malware includes computer viruses worms trojan horses spyware adware most rootkits and other malicious programs In law malware is sometimes known as a computer contaminant in various legal codes
Top Threats Effect on Database Server
Most Common Ports-
Windows netstat ndashan | findstr ltport numbergtLinux netstat ndashan | grep ltport numbergt
Name Protocol Ports
Back Office UDP 31337 Or 31338Deep Throat UDP 2140 and 3150Net Bus TCP 12345 and 12346Whack-a-mole TCP 12361 and 12362Net Bus 2 Pro TCP 20034Girlfriend TCP 21544Master Paradise TCP 3129 40421 40422
40423 and 40426
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
Top Threats Effect on Database Server
Application
Top Threats Effect on Database Server
bull Whether database auditing is enabled or disabled Oracle will always audit certain database actions into the OS audit trail There is no way to change this behavior because it is a formal requirement of the security evaluation criteria
Documents Every DBA Should Read
bull NOTE1743401 - Audit SYS User Operations (How to Audit SYSDBA)bull NOTE5532251 - How To Set the AUDIT_SYSLOG_LEVEL Parameter bull NOTE12990331- Master Note For Oracle Database Auditingbull Note 1743401 - Audit SYS User Operationsbull note 11713141 HugeLargeExcessive Number Of Audit Records Are Being Generated In The
Databasebull Note 15097231 - Oracle Database Auditing Performance
Top Threats Effect on Database Server
bull Malwarebull is software designed to infiltrate or damage a computer system without the
owners informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile intrusive or annoying software or program code
Report From Verizon Data-ldquo69 breaches incorporated malwarerdquo
httpwwwwiredcomimages_blogsthreatlevel201203Verizon-Data-Breach-Report-2012pdf
Top Threats Effect on Database Server
bull Malware includes computer viruses worms trojan horses spyware adware most rootkits and other malicious programs In law malware is sometimes known as a computer contaminant in various legal codes
Top Threats Effect on Database Server
Most Common Ports-
Windows netstat ndashan | findstr ltport numbergtLinux netstat ndashan | grep ltport numbergt
Name Protocol Ports
Back Office UDP 31337 Or 31338Deep Throat UDP 2140 and 3150Net Bus TCP 12345 and 12346Whack-a-mole TCP 12361 and 12362Net Bus 2 Pro TCP 20034Girlfriend TCP 21544Master Paradise TCP 3129 40421 40422
40423 and 40426
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
Top Threats Effect on Database Server
bull Whether database auditing is enabled or disabled Oracle will always audit certain database actions into the OS audit trail There is no way to change this behavior because it is a formal requirement of the security evaluation criteria
Documents Every DBA Should Read
bull NOTE1743401 - Audit SYS User Operations (How to Audit SYSDBA)bull NOTE5532251 - How To Set the AUDIT_SYSLOG_LEVEL Parameter bull NOTE12990331- Master Note For Oracle Database Auditingbull Note 1743401 - Audit SYS User Operationsbull note 11713141 HugeLargeExcessive Number Of Audit Records Are Being Generated In The
Databasebull Note 15097231 - Oracle Database Auditing Performance
Top Threats Effect on Database Server
bull Malwarebull is software designed to infiltrate or damage a computer system without the
owners informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile intrusive or annoying software or program code
Report From Verizon Data-ldquo69 breaches incorporated malwarerdquo
httpwwwwiredcomimages_blogsthreatlevel201203Verizon-Data-Breach-Report-2012pdf
Top Threats Effect on Database Server
bull Malware includes computer viruses worms trojan horses spyware adware most rootkits and other malicious programs In law malware is sometimes known as a computer contaminant in various legal codes
Top Threats Effect on Database Server
Most Common Ports-
Windows netstat ndashan | findstr ltport numbergtLinux netstat ndashan | grep ltport numbergt
Name Protocol Ports
Back Office UDP 31337 Or 31338Deep Throat UDP 2140 and 3150Net Bus TCP 12345 and 12346Whack-a-mole TCP 12361 and 12362Net Bus 2 Pro TCP 20034Girlfriend TCP 21544Master Paradise TCP 3129 40421 40422
40423 and 40426
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
Top Threats Effect on Database Server
bull Malwarebull is software designed to infiltrate or damage a computer system without the
owners informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile intrusive or annoying software or program code
Report From Verizon Data-ldquo69 breaches incorporated malwarerdquo
httpwwwwiredcomimages_blogsthreatlevel201203Verizon-Data-Breach-Report-2012pdf
Top Threats Effect on Database Server
bull Malware includes computer viruses worms trojan horses spyware adware most rootkits and other malicious programs In law malware is sometimes known as a computer contaminant in various legal codes
Top Threats Effect on Database Server
Most Common Ports-
Windows netstat ndashan | findstr ltport numbergtLinux netstat ndashan | grep ltport numbergt
Name Protocol Ports
Back Office UDP 31337 Or 31338Deep Throat UDP 2140 and 3150Net Bus TCP 12345 and 12346Whack-a-mole TCP 12361 and 12362Net Bus 2 Pro TCP 20034Girlfriend TCP 21544Master Paradise TCP 3129 40421 40422
40423 and 40426
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
Top Threats Effect on Database Server
bull Malware includes computer viruses worms trojan horses spyware adware most rootkits and other malicious programs In law malware is sometimes known as a computer contaminant in various legal codes
Top Threats Effect on Database Server
Most Common Ports-
Windows netstat ndashan | findstr ltport numbergtLinux netstat ndashan | grep ltport numbergt
Name Protocol Ports
Back Office UDP 31337 Or 31338Deep Throat UDP 2140 and 3150Net Bus TCP 12345 and 12346Whack-a-mole TCP 12361 and 12362Net Bus 2 Pro TCP 20034Girlfriend TCP 21544Master Paradise TCP 3129 40421 40422
40423 and 40426
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
Top Threats Effect on Database Server
Most Common Ports-
Windows netstat ndashan | findstr ltport numbergtLinux netstat ndashan | grep ltport numbergt
Name Protocol Ports
Back Office UDP 31337 Or 31338Deep Throat UDP 2140 and 3150Net Bus TCP 12345 and 12346Whack-a-mole TCP 12361 and 12362Net Bus 2 Pro TCP 20034Girlfriend TCP 21544Master Paradise TCP 3129 40421 40422
40423 and 40426
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
Top Threats Effect on Database Server
bull StorageBackup Media Exposure
bull When data is saved to tape you want to be confident that data will be accessible decades from now as well as tomorrow
bull Backup database storage media is often completely unprotected from attack As a result several high profile security breaches have involved theft of database backup tapes and hard disks
bull Always Remember Company Data Means Money to another Person
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
Top Threats Effect on Database Server
bull Unpatched Database bull Oracle Provide Something Called Critical Patch Updatesbull Critical Patch Updates are collections of security fixes for Oracle products
bull They are released on the Tuesday closest to the 17th day of January April July and October The next four dates arebull 17th day of Januarybull 15 April 2014bull 15 July 2014bull 14 October 2014bull 20 January 2015
httpwwworaclecomtechnetworktopicssecurityalerts-086861html
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
Top Threats Effect on Database Server
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
Top Threats Effect on Database Server
bull Another Thing should be follow and Monitored which is bull Security Alerts
bull Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
Top Threats Effect on Database Server
bull Unsecure Sensitive Data-
bull Who has access to company data
bull Dose the company meet requirement
bull What Will make the Hacker Rich
bull What Could damage the reputation of the organization
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
Top Threats Effect on Database Server
bull Limited EducationTrained end users-
bull Humans are the weakest link in the information securitybull The errors committed by the human elements of an organization remain a major contributor to
data loss incidents worldwide
bull What do we want to accomplish by making users aware of security
bull Encourage safe usage habits and discourage unsafe behaviorbull Change user perceptions of information securitybull Inform users about how to recognize and react to potential threatsbull Educate users about information security techniques they can use
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
Top Threats Effect on Database Server
bull Challenges-bull Delivering a desired message to the end-userbull Motivating users to take a personal interest in information securitybull Giving end user security awareness a higher priority within organizationsbull No Budget in the company for Security Awareness
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
How to Secure Database
bull What Should I Do to Secure Database bull Set a good password policy
bull No password reusebull Strong passwords
bull Keep up to date with security patchesbull Check Firewall level
bull Trusted Connection Only bull Block Unused Ports
bull Encryptionbull network level
bull SSLbull File Level Such as Backupbull Database Such As Sensitive Data
bull Monitor Databasebull Periodically check for users with database administration privileges
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
How to Secure Database
bull audit your web applicationsbull Misconfigurations
bull Log as much as possiblebull Failed loginsbull Permissions errors
bull Your Data is your money protect itbull Train IT staff on database securitybull Always Ask For Professional Services
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-
Thanks For LAOUC
OsamaOracle
osamamustafagurussolutionscom
httposamamustafablogspotcom
Osama Mustafa
- Slide 1
- Overview
- Who Am I
- GoogIe Search
- Introduction
- Introduction (2)
- Introduction (3)
- Slide 8
- Slide 9
- Why Database Security Is Important
- Why Database Security Is Important (2)
- Laws about Security
- How Database are Hacked
- How Database are Hacked (2)
- Elements Of Security
- Triangle of Security
- What The Hacker Do
- Attack Oracle-Database Server
- Top Threats Effect on Database Server
- Top Threats Effect on Database Server (2)
- Slide 21
- Voyager Beta worm
- Slide 23
- Slide 24
- Slide 25
- Slide 26
- Slide 27
- Slide 28
- Slide 29
- Slide 30
- Slide 31
- Slide 32
- Slide 33
- Slide 34
- Slide 35
- Slide 36
- Slide 37
- Slide 38
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Slide 48
- Slide 49
-