Three Tier Oracle Security in London ~ Paul M. Wright

(nix, oracle, java, www, cloud ) intersect (safety, security, reliability, integrity)

Three Tier Oracle Security in London ~ Paul M. Wright RSS Feed

Reflecting back in time at Oracle security

Hello Oracle Security folks,
So what’s been happening in Oracle Security recently?
The delayed CPU has settled down and testing will begin. Some will install the PSU and some the CPU. Others will actually work out what the vulnerabilities are and manually mitigate thus reducing the risk of taking a step backwards. Revoking PUBLIC execute is safer than installing a patch methinks. I still have bugs for fixing with SecAlert, though this will be next year now… can’t rush quality patches..
My CREATE TABLE to OSDBA paper has gone down well with references from Pete, Alex and Slavik
Was thinking about buying Alexandre’s book on Oracle security . It appears to only be available in Russia and online purchases can be a little tricky in Russia due to high level of Internet fraud, or so I am told by my Russian colleague. Have also been reading Pete’s new Chapters from Expert Oracle Practices: Oracle Database Administration from the Oak Table which are available for Alpha Review at the Apress web site. The chapters are on user security and data security and provide some new insights so well worth investing in this read. The Apress titles are available on Safari but the Apress Alpha scheme allows advanced viewing..
My thoughts have been on the subject of user/data security as well. Especially with regards to identifying suspicious behaviour e.g. regex search for credit card numbers. Sentrigo HH allows regex rule writing so I have been able to write HH regex rules that alert to an attacker using various Oracle SQL regex searches for credit card numbers. Regex to catch a regex…but that is part of the SANS course so can’t detail here unfortunately.
I am also currently working on my new paper CREATE PUBLIC SYNONYM to SYSDBA and a new paper about alerting to identity change in Oracle as well as a third paper on Java Forensics which will be very pertinent.
Will preview the best bits of these subjects for the first time at the new SANS DAMS course which is written and off to the printers.
I will be at UKOUG Monday and Tuesday where I will be speaking with Pete and attending some Presentations.
Overall things are still ticking a long steadily in the world of Oracle security though I anticipate much more turbulent times in the near future as more serious new research is released…so watch this space and maybe see you on Saturday December 5th for in-depth analysis and defenses for the above.
Clocks back and good night.

Comments are closed.