Three Tier Oracle Security in London ~ Paul M. Wright

(nix, oracle, java, www, cloud ) intersect (safety, security, reliability, integrity)

Three Tier Oracle Security in London ~ Paul M. Wright RSS Feed
 

SYSDBA Backdoor

New Oracle Security/Forensics paper. http://www.oracleforensics.com/oraclesysdbabackdoor.pdf
This paper is in follow up to Oracle Passwords and OraBrute paper which described the issue of SYSDBA brute forcing in 10g. Subsequent to brute forcing a SYSDBA account an attacker will wish to maintain SYSDBA access in a covert manner such that a DBA or security auditor will not be aware that the attacker has maintained this access over time. Within Oracle databases such as 11g it is a quick and easy task to create a SYSDBA account that is hidden from SYS.USER$, DBA_USERS, V$PWFILE_USERS and GV$PWFILE_USERS so that a user with DBA privileges cannot tell that the hacker’s SYSDBA account is present in the DB. This paper examines such a SYSDBA “backdoor”, proposes defenses and appropriate forensic response with more detail in new Oracle Forensics Book..
book_cover_forensics_255.jpg

http://www.rampant-books.com/book_2007_1_oracle_forensics.htm
This issue affects all supported versions of Oracle’s RDBMS.

Leave a Reply

You must be logged in to post a comment.