Three Tier Oracle Security in London ~ Paul M. Wright

(nix, oracle, java, www, cloud ) intersect (safety, security, reliability, integrity)

Three Tier Oracle Security in London ~ Paul M. Wright RSS Feed

Sentrigo solves DB security problems

Having already experienced the supposed cream of Database security monitoring systems and found out that they do not work very well, I am pleased to say that this is not the case with Sentrigo Hedgehog.
Hedgehog consists of an agent that runs on the DB OS separate from the Oracle process and sends the alerts to the separate Sentrigo server.
I first noticed Sentrigo in May of 2007 when they attracted 3.5 million in venture funding. I knew that they monitored shared memory and it has become increasingly apparent that this fact has enabled Sentrigo to solve some difficult DB security problems as listed below:

1. How to monitor SSH’d and OAS (Advanced Security) sessions?
>>OAS has a salt based session key that cannot be monitored by network based systems.
Hedgehog host based solution means that monitoring is independent of the network solution.

2. How to reduce the chance of the signature being evaded?
>>Signature evasion by manipulating how the string is formed is largely solved by Hedgehog as it reads the SQL that is actually ran from the SGA.

3. How to audit an Oracle DB without drastically affecting performance?
>>Hedgehog has taken a peak of 3% CPU and an average of less than 1% CPU for me. Disk IO is hardly affected. Remember that Disk IO is the most common bottleneck on an Oracle DB.

4. How to audit Oracle DB in a way that cannot be tampered by privileged DB users?
>>The alerts are read from a separate process on the OS i.e. outside of the Oracle process and then sent to the separate Sentrigo server. This means that the alerts are protected from a privileged DB user tampering with the audit trail. This makes it useful for database forensics.

5. How to avoid the chance that a change in the Oracle binary has affected the DBA’s view of the DB.
>>Examples such as the Oracle SYSDBA Backdoor which rely on changing the Oracle binary cannot be used to misrepresent audit as the input is read from outside of the Oracle process directly from shared memory again making it valuable for forensics.

The above means that Sentrigo represents a significant advance in DB Security.
Additionally they have provided the standard version completely free of charge. I have used this myself for a while now and have found it to be a good product, in fact better than more expensive products that currently occupy this space. Don’t be scared to install it as it works!


Leave a Reply

You must be logged in to post a comment.