SlideShare uma empresa Scribd logo

Oracle database threats - LAOUC Webinar

•Transferir como PPTX, PDF•
•
Osama Mustafa
Osama Mustafa

LAOUC Webinar , Top 10 Oracle Database Threats How to Secure Oracle Database

Tecnologia
1 de 49
Osama Mustafa Senior Oracle DBA Gurus Solutions
Overview • Introduction • Why Database security is important ? • How Database Are hacked ? • How to Protect against Database Attack ? • Conclusion • Reference • Q&A
Who Am I ? • • • • • • Certified OCP,OCE,OCS 10g,11g Oracle ACE Certified Ethical hacker / LPT Sun / Linux Certified Author Of Oracle Penetration testing book Presenter & Contributor in Oracle Community . osama.mustafa@gurussolutions.com @OsamaOracle http://osamamustafa.blogspot.com Osama Mustafa
GoogIe Search Without Oracle With Oracle
Introduction • 10 January 2014 Target data theft affected 70 million customers. • Data Theft is Becoming Major Threat. • Data Theft is Bank of gold. • 90% of companies say they've been hacked. • Most of the Target Data are Personal Stuff Such as Credit Card, Account Number, and Passwords.
Introduction Revising the Top 10 Data Loss Incidents list
Introduction “Your Personal Data is Worth Pretty Penny, But it All Depends On Who Wants it” TrendMicro Average for personal Data Between 0$-1200$ If you want to know how much your Personal Data Worth Check this Website : http://www.ft.com/cms/s/2/927ca86e-d29b-11e2-88ed00144feab7de.html#axzz2ukFAZIUF
Introduction • In 2012 Report from Verizon Data Indicate that 96% of Records breached are from database. • Less Than 5% of Security Spend on Data Center (WW Security Products ) . Data Center 5% 95%
Why Database Security Is Important • Database is the most important Data Banking : • Financial Data • Client/Customer Data • Corporate/organization Data. • If the database stop working the company will lose money. • If the database is getting hacked, imagine what happened to the company.
Why Database Security Is Important • Ensure the data is confidential, and prevent any outsourcing modification. • Secure database provide an additional benefit which is data management become more efficient and effective. • Access to database should be only restricted to authorized people only unless one thing it’s Public Database. • Secure Database leads to monitor activity and knows authorized people.
Laws about Security • SOX  Sarbanes Oxley • “protect investors by improving reliability of corporate” • PCI  Payment Card industry • Related to Credit card companies such as Visa, Master card. • GLBA  Gramm Leach Bliley Act • companies that offer consumers financial products or services like loans. • DATA  Data Accountability and Trust Act • security policies and procedures to protect data containing personal information
How Database are Hacked ?
How Database are Hacked ? • As Database Administrator you need to know Threats that can effect on your database. • Definition of threats : context of computer security, refers to anything that has the potential to cause serious harm to a computer system. A threat is something that may or may not happen, but has the potential to cause serious damage. Threats can lead to attacks on computer systems, networks and more. • Vulnerability: Existence of a weakness design or implementation error that Existence of a weakness, design, or implementation error that can lead to an unexpected and undesirable event compromising the security of the system
Elements Of Security • Confidentiality : • The concealment of information or resources. • Authenticity • The identification and assurance of the origin of information. • Integrity • The trustworthiness of data or resources in terms of preventing improper and unauthorized changes. • Availability • The ability to use the desired information or resource
Triangle of Security Decide Before Moving The Ball
What The Hacker Do ? • Gather Information • Active : Directly Such as social engineering • Passive : Google search, Social media • Scanning : • use some tools for scan vulnerabilities of the system. • Gaining Access: • Penetration Phase, continue attacking to explore deeper into the target network. • Maintaining Access • Downloading Phase • Clearing Tracks “The more the hacker learns about your internal operations means the more likely he will be intrude and exploit. So be Secure.”
Attack Oracle-Database Server • Database servers are usually hacked to get the critical information • Mistakes made by the web designers can reveal the databases of the server to the hacker • Finding an Oracle database server on network is done using TCP port scan • Once Oracle Database Server has been discovered, First Port of call is TNS Listener.
Top Threats Effect on Database Server • Unused Privileges:• When user are Granted Database access Privileges that exceed requirement of their job these Privileges can lead to major issue if the user was know what he is doing. • • • • • • • • REVOKE CREATE DATABASE LINK FROM connect; REVOKE EXECUTE ON utl_tcp FROM public; REVOKE EXECUTE ON utl_smtp FROM public; REVOKE EXECUTE ON utl_http FROM public; REVOKE EXECUTE ON utl_mail FROM public; REVOKE EXECUTE ON utl_inaddr FROM public; REVOKE EXECUTE ON utl_file FROM public; REVOKE EXECUTE ON dbms_java FROm public;
Top Threats Effect on Database Server • http://support.oracle.com • Review database user privileges • Note 1020286.6 - Script to Create View to Show All User Privs Note 1050267.6 - SCRIPT: Script to show table privileges for users and roles Note 1020176.6 - SCRIPT: Script to Generate object privilege GRANTS • Revoke privileges from PUBLIC where not necessary • Note 247093.1 - Be Cautious When Revoking Privileges Granted to PUBLIC Note 234551.1 - PUBLIC Is it a User, a Role, a User Group, a Privilege ? Note 390225.1 - Execute Privileges Are Reset For Public After Applying Patchset
Top Threats Effect on Database Server • Weak Authentication • Most common Default Password for Database Username Password Sys Manager Sys System Sys Oracle System Same as sys Apps Apps ( EBS User ) scott tiger Oracle Default Password List By Pete Finnigan http://www.petefinnigan.com/default/default_password_list.htm
Voyager Beta worm • On 20-december 2005 an anonymous poster (kwbbwi@findnot.com ) posted an variant of the Oracle Voyager Worm. • Read more About this Worm : • http://www.red-database-security.com/advisory/oracle_worm_voyager.html • attacks Oracle servers using default accounts and password • It attempts a TCP connection to TCP Port 1521 Where oracle connection Service listens. • If Ok Then Tries Series of Username and password • System/manager, sys/change_on_install , dbsnmp/dbsnmp, scott/tiger. • Authenticate Ok , It will create table to transfer payload.
Top Threats Effect on Database Server • Denial of service (DoS) :• Common DoS techniques include buffer overflows, data corruption, network flooding, and resource consumption. • It is an attack through which a person can render a system unusable or significantly slow it down for system unusable, or significantly slow it down for legitimate users, by overloading its resources. • Attackers may: • Attempt to flood a network, thereby preventing legitimate network traffic. • Attempt to disrupt connections between two machines thereby Attempt to disrupt connections between two machines, thereby preventing access to a service. • Attempt to prevent a particular individual from accessing a service. • Attempt to disrupt service to a specific system or person.
Top Threats Effect on Database Server • The Impact:• Disabled network • Disabled organization • Financial loss • Loss of goodwill • DoS Attack Classification:• • • • • Smurf :- Generates a large amount of ICMP echo (ping) Buffer Overflow Attack :- The program writes more information into the buffer. Ping of death :- Send IP Packets larger than the 65,536 Bytes. Teardrop :- IP Requires that packet that is too large for next Router. SYN Attack :- Sends bogus TCP SYN requests to a victim server.
Top Threats Effect on Database Server • Examples DoS Attack Tools :• • • • • • • • • • • Jolt2 Bubonic.c Land and LaTierra Targa Blast20 Nemesy Panther2 Crazy Pinger Some Trouble UDP Flood FSMax
Top Threats Effect on Database Server • SQL Injection • type of security exploit in which the attacker "injects" Structured Query Language (SQL) code through a web form input box to gain Structured Query Language (SQL) code through a web form input box, to gain access to resources, or make changes to data • Programmer use sequential commands with user inputs making it easier for attackers to inject commands. • Attacker can do SQL Commands through web application. • For Example when a user logs onto a web page by using a user name and password for validation a SQL query is user name and password for validation, a SQL query is used. • What I Need  Any Web Browser.
Top Threats Effect on Database Server • What Should I look For in SQL Injection ? • HTML method • POST  you cannot see any parameters in browser. • GET • Check HTML Source Code. <Form action=search.asp method=post> <input type=hidden name=X value=Z> </Form> • Examples • http:// www.mywebsite.com /index.asp?id=10
Top Threats Effect on Database Server If you get this error, then the website is vulnerable to an SQL injection attack
Top Threats Effect on Database Server • But Wait How Can I Test SQL Injection !!! • Different Way, Different Tools • Easy Way to use Single Quote in the input • Examples : • • blah’ or 1=1— • Login:blah’ or 1=1— • • Password:blah’ or 1=1— http:// www.mywebsite.com /index.asp?id=10 Will be like this http:// www.mywebsite.com/index.asp?id=blah’ or 1=1--
Top Threats Effect on Database Server • Another examples for single quote usage in SQL Injection : • ‘ or 1=1— • “ or 1=1— • ‘ or ‘a’=‘a • “ or “a”=“a • ‘) or (‘a’=‘a) • The hacker breaks into the system by injecting malformed SQL into the query because the executed query is formed by the concatenation of a fixed string and values entered by the user: • string strQry = "SELECT Count(*) FROM Users WHERE UserName='" + txtUser.Text + "' AND Password='" + txtPassword.Text + "'";
Top Threats Effect on Database Server • If the user enter valid username and password the query strQry will be changed Like this : SELECT Count(*) FROM Users WHERE UserName='Paul' AND Password='password‘ • But The Hacker will not leave weak code Alone and he will enter :' Or 1=1 – • The New Query Will be SELECT Count(*) FROM Users WHERE UserName='' Or 1=1 --' AND Password='' • 1=1 is always true for every row in the table, so assuming there is at least one row in the table this SQL always return nonzero count of records.
Top Threats Effect on Database Server • Weak Audit Trail
Top Threats Effect on Database Server Performance impacts. Determine what is important to be audited. Limited Resource. Which Mechanism Of Audit Trail I should Use ? No End-To-End Auditing
Top Threats Effect on Database Server
Top Threats Effect on Database Server • Whether database auditing is enabled or disabled, Oracle will always audit certain database actions into the OS audit trail. There is no way to change this behavior because it is a formal requirement of the security evaluation criteria. Documents Every DBA Should Read • • • • • NOTE:174340.1 - Audit SYS User Operations (How to Audit SYSDBA) NOTE:553225.1 - How To Set the AUDIT_SYSLOG_LEVEL Parameter? NOTE:1299033.1- Master Note For Oracle Database Auditing Note 174340.1 - Audit SYS User Operations note 1171314.1 Huge/Large/Excessive Number Of Audit Records Are Being Generated In The Database • Note 1509723.1 - Oracle Database Auditing Performance
Top Threats Effect on Database Server • Malware • is software designed to infiltrate or damage a computer system without the owner's informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. Report From Verizon Data:“69% breaches incorporated malware” http://www.wired.com/images_blogs/threatlevel/2012/03/Verizon-DataBreach-Report-2012.pdf
Top Threats Effect on Database Server • Malware includes computer viruses, worms, trojan horses, spyware, adware, most rootkits, and other malicious programs. In law, malware is sometimes known as a computer contaminant, in various legal codes.
Top Threats Effect on Database Server Most Common Ports:Name Protocol Ports Back Office UDP 31337 Or 31338 Deep Throat UDP 2140 and 3150 Net Bus TCP 12345 and 12346 Whack-a-mole TCP 12361 and 12362 Net Bus 2 Pro TCP 20034 Girlfriend TCP 21544 Master Paradise TCP 3129, 40421, 40422, 40423 and 40426 Windows : netstat –an | findstr <port number> Linux : netstat –an | grep <port number>
Top Threats Effect on Database Server • Storage/Backup Media Exposure • When data is saved to tape, you want to be confident that data will be accessible decades from now, as well as tomorrow. • Backup database storage media is often completely unprotected from attack. As a result, several high profile security breaches have involved theft of database backup tapes and hard disks. • Always Remember Company Data Means Money to another Person.
Top Threats Effect on Database Server • Unpatched Database • Oracle Provide Something Called Critical Patch Updates. • Critical Patch Updates are collections of security fixes for Oracle products. • They are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are: • • • • • 17th day of January. 15 April 2014 15 July 2014 14 October 2014 20 January 2015 http://www.oracle.com/technetwork/topics/security/alerts-086861.html
Top Threats Effect on Database Server
Top Threats Effect on Database Server • Another Thing should be follow and Monitored which is : • Security Alerts • Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server • Unsecure Sensitive Data:• Who has access to company data ? • Dose the company meet requirement ? • What Will make the Hacker Rich ? • What Could damage the reputation of the organization ?
Top Threats Effect on Database Server • Limited Education/Trained end users:• Humans are the weakest link in the information security. • The errors committed by the human elements of an organization remain a major contributor to data loss incidents worldwide. • What do we want to accomplish by making users aware of security? • • • • Encourage safe usage habits and discourage unsafe behavior Change user perceptions of information security Inform users about how to recognize and react to potential threats Educate users about information security techniques they can use
Top Threats Effect on Database Server • Challenges:• • • • Delivering a desired message to the end-user. Motivating users to take a personal interest in information security. Giving end user security awareness a higher priority within organizations. No Budget in the company for Security Awareness.
How to Secure Database • What Should I Do to Secure Database ? • Set a good password policy • No password reuse. • Strong passwords • Keep up to date with security patches • Check Firewall level • Trusted Connection Only • Block Unused Ports • Encryption • network level • SSL • File Level Such as Backup. • Database Such As Sensitive Data. • Monitor Database • Periodically check for users with database administration privileges
How to Secure Database • audit your web applications • Misconfigurations. • Log as much as possible • Failed logins. • Permissions errors • Your Data is your money protect it. • Train IT staff on database security. • Always Ask For Professional Services.
Thanks For LAOUC osama.mustafa@gurussolutions.com @OsamaOracle http://osamamustafa.blogspot.com Osama Mustafa

Recomendados

Oracle RAC 19c and Later - Best Practices #OOWLON
Oracle RAC 19c and Later - Best Practices #OOWLONOracle RAC 19c and Later - Best Practices #OOWLON
Oracle RAC 19c and Later - Best Practices #OOWLONMarkus Michalewicz
 
MAA for Oracle Database, Exadata and the Cloud
MAA for Oracle Database, Exadata and the CloudMAA for Oracle Database, Exadata and the Cloud
MAA for Oracle Database, Exadata and the CloudMarkus Michalewicz
 
New Generation Oracle RAC Performance
New Generation Oracle RAC PerformanceNew Generation Oracle RAC Performance
New Generation Oracle RAC PerformanceAnil Nair
 
153 Oracle dba interview questions
153 Oracle dba interview questions153 Oracle dba interview questions
153 Oracle dba interview questionsSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Oracle GoldenGate 18c - REST API Examples
Oracle GoldenGate 18c - REST API ExamplesOracle GoldenGate 18c - REST API Examples
Oracle GoldenGate 18c - REST API ExamplesBobby Curtis
 
Introduction to Oracle Data Guard Broker
Introduction to Oracle Data Guard BrokerIntroduction to Oracle Data Guard Broker
Introduction to Oracle Data Guard BrokerZohar Elkayam
 
Oracle GoldenGate 21c New Features and Best Practices
Oracle GoldenGate 21c New Features and Best PracticesOracle GoldenGate 21c New Features and Best Practices
Oracle GoldenGate 21c New Features and Best PracticesBobby Curtis
 
Democratizing Data Quality Through a Centralized Platform
Democratizing Data Quality Through a Centralized PlatformDemocratizing Data Quality Through a Centralized Platform
Democratizing Data Quality Through a Centralized PlatformDatabricks
 

Recomendados

Oracle RAC 19c and Later - Best Practices #OOWLON
Oracle RAC 19c and Later - Best Practices #OOWLONOracle RAC 19c and Later - Best Practices #OOWLON
Oracle RAC 19c and Later - Best Practices #OOWLONMarkus Michalewicz
 
MAA for Oracle Database, Exadata and the Cloud
MAA for Oracle Database, Exadata and the CloudMAA for Oracle Database, Exadata and the Cloud
MAA for Oracle Database, Exadata and the CloudMarkus Michalewicz
 
New Generation Oracle RAC Performance
New Generation Oracle RAC PerformanceNew Generation Oracle RAC Performance
New Generation Oracle RAC PerformanceAnil Nair
 
153 Oracle dba interview questions
153 Oracle dba interview questions153 Oracle dba interview questions
153 Oracle dba interview questionsSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Oracle GoldenGate 18c - REST API Examples
Oracle GoldenGate 18c - REST API ExamplesOracle GoldenGate 18c - REST API Examples
Oracle GoldenGate 18c - REST API ExamplesBobby Curtis
 
Introduction to Oracle Data Guard Broker
Introduction to Oracle Data Guard BrokerIntroduction to Oracle Data Guard Broker
Introduction to Oracle Data Guard BrokerZohar Elkayam
 
Oracle GoldenGate 21c New Features and Best Practices
Oracle GoldenGate 21c New Features and Best PracticesOracle GoldenGate 21c New Features and Best Practices
Oracle GoldenGate 21c New Features and Best PracticesBobby Curtis
 
Democratizing Data Quality Through a Centralized Platform
Democratizing Data Quality Through a Centralized PlatformDemocratizing Data Quality Through a Centralized Platform
Democratizing Data Quality Through a Centralized PlatformDatabricks
 
Migrating Oracle database to PostgreSQL
Migrating Oracle database to PostgreSQLMigrating Oracle database to PostgreSQL
Migrating Oracle database to PostgreSQLUmair Mansoob
 
What to Expect From Oracle database 19c
What to Expect From Oracle database 19cWhat to Expect From Oracle database 19c
What to Expect From Oracle database 19cMaria Colgan
 
Improve PostgreSQL replication with Oracle GoldenGate
Improve PostgreSQL replication with Oracle GoldenGateImprove PostgreSQL replication with Oracle GoldenGate
Improve PostgreSQL replication with Oracle GoldenGateBobby Curtis
 
Intro to databricks delta lake
Intro to databricks delta lake Intro to databricks delta lake
Intro to databricks delta lakeMykola Zerniuk
 
Data Mesh
Data MeshData Mesh
Data MeshPiethein Strengholt
 
Oracle Extended Clusters for Oracle RAC
Oracle Extended Clusters for Oracle RACOracle Extended Clusters for Oracle RAC
Oracle Extended Clusters for Oracle RACMarkus Michalewicz
 
Oracle RAC 19c with Standard Edition (SE) 2 - Support Update
Oracle RAC 19c with Standard Edition (SE) 2 - Support UpdateOracle RAC 19c with Standard Edition (SE) 2 - Support Update
Oracle RAC 19c with Standard Edition (SE) 2 - Support UpdateMarkus Michalewicz
 
Oracle Identity & Access Management
Oracle Identity & Access ManagementOracle Identity & Access Management
Oracle Identity & Access ManagementDLT Solutions
 
(ENT305) Develop an Enterprise-wide Cloud Adoption Strategy | AWS re:Invent 2014
(ENT305) Develop an Enterprise-wide Cloud Adoption Strategy | AWS re:Invent 2014(ENT305) Develop an Enterprise-wide Cloud Adoption Strategy | AWS re:Invent 2014
(ENT305) Develop an Enterprise-wide Cloud Adoption Strategy | AWS re:Invent 2014Amazon Web Services
 
Microservices Patterns with GoldenGate
Microservices Patterns with GoldenGateMicroservices Patterns with GoldenGate
Microservices Patterns with GoldenGateJeffrey T. Pollock
 
Clone Oracle Databases In Minutes Without Risk Using Enterprise Manager 13c
Clone Oracle Databases In Minutes Without Risk Using Enterprise Manager 13cClone Oracle Databases In Minutes Without Risk Using Enterprise Manager 13c
Clone Oracle Databases In Minutes Without Risk Using Enterprise Manager 13cAlfredo Krieg
 
Performance Stability, Tips and Tricks and Underscores
Performance Stability, Tips and Tricks and UnderscoresPerformance Stability, Tips and Tricks and Underscores
Performance Stability, Tips and Tricks and UnderscoresJitendra Singh
 
Top 20 FAQs on the Autonomous Database
Top 20 FAQs on the Autonomous DatabaseTop 20 FAQs on the Autonomous Database
Top 20 FAQs on the Autonomous DatabaseSandesh Rao
 
AIOUG : OTNYathra - Troubleshooting and Diagnosing Oracle Database 12.2 and O...
AIOUG : OTNYathra - Troubleshooting and Diagnosing Oracle Database 12.2 and O...AIOUG : OTNYathra - Troubleshooting and Diagnosing Oracle Database 12.2 and O...
AIOUG : OTNYathra - Troubleshooting and Diagnosing Oracle Database 12.2 and O...Sandesh Rao
 
Snowflake Datawarehouse Architecturing
Snowflake Datawarehouse ArchitecturingSnowflake Datawarehouse Architecturing
Snowflake Datawarehouse ArchitecturingIshan Bhawantha Hewanayake
 
Enabling a Data Mesh Architecture with Data Virtualization
Enabling a Data Mesh Architecture with Data VirtualizationEnabling a Data Mesh Architecture with Data Virtualization
Enabling a Data Mesh Architecture with Data VirtualizationDenodo
 
Getting the most out of your Oracle 12.2 Optimizer (i.e. The Brain)
Getting the most out of your Oracle 12.2 Optimizer (i.e. The Brain)Getting the most out of your Oracle 12.2 Optimizer (i.e. The Brain)
Getting the most out of your Oracle 12.2 Optimizer (i.e. The Brain)SolarWinds
 
Enterprise manager 13c
Enterprise manager 13cEnterprise manager 13c
Enterprise manager 13cMarketingArrowECS_CZ
 
Oracle Enterprise Manager Cloud Control 13c for DBAs
Oracle Enterprise Manager Cloud Control 13c for DBAsOracle Enterprise Manager Cloud Control 13c for DBAs
Oracle Enterprise Manager Cloud Control 13c for DBAsGokhan Atil
 
Data platform architecture
Data platform architectureData platform architecture
Data platform architectureSudheer Kondla
 
NoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQL
NoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQLNoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQL
NoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQLDATAVERSITY
 
Webinar - Security and Manageability: Key Criteria in Selecting Enterprise-Gr...
Webinar - Security and Manageability: Key Criteria in Selecting Enterprise-Gr...Webinar - Security and Manageability: Key Criteria in Selecting Enterprise-Gr...
Webinar - Security and Manageability: Key Criteria in Selecting Enterprise-Gr...DataStax
 

Mais conteĂşdo relacionado

Mais procurados

Migrating Oracle database to PostgreSQL
Migrating Oracle database to PostgreSQLMigrating Oracle database to PostgreSQL
Migrating Oracle database to PostgreSQLUmair Mansoob
 
What to Expect From Oracle database 19c
What to Expect From Oracle database 19cWhat to Expect From Oracle database 19c
What to Expect From Oracle database 19cMaria Colgan
 
Improve PostgreSQL replication with Oracle GoldenGate
Improve PostgreSQL replication with Oracle GoldenGateImprove PostgreSQL replication with Oracle GoldenGate
Improve PostgreSQL replication with Oracle GoldenGateBobby Curtis
 
Intro to databricks delta lake
Intro to databricks delta lake Intro to databricks delta lake
Intro to databricks delta lakeMykola Zerniuk
 
Oracle Extended Clusters for Oracle RAC
Oracle Extended Clusters for Oracle RACOracle Extended Clusters for Oracle RAC
Oracle Extended Clusters for Oracle RACMarkus Michalewicz
 
Oracle RAC 19c with Standard Edition (SE) 2 - Support Update
Oracle RAC 19c with Standard Edition (SE) 2 - Support UpdateOracle RAC 19c with Standard Edition (SE) 2 - Support Update
Oracle RAC 19c with Standard Edition (SE) 2 - Support UpdateMarkus Michalewicz
 
Oracle Identity & Access Management
Oracle Identity & Access ManagementOracle Identity & Access Management
Oracle Identity & Access ManagementDLT Solutions
 
(ENT305) Develop an Enterprise-wide Cloud Adoption Strategy | AWS re:Invent 2014
(ENT305) Develop an Enterprise-wide Cloud Adoption Strategy | AWS re:Invent 2014(ENT305) Develop an Enterprise-wide Cloud Adoption Strategy | AWS re:Invent 2014
(ENT305) Develop an Enterprise-wide Cloud Adoption Strategy | AWS re:Invent 2014Amazon Web Services
 
Microservices Patterns with GoldenGate
Microservices Patterns with GoldenGateMicroservices Patterns with GoldenGate
Microservices Patterns with GoldenGateJeffrey T. Pollock
 
Clone Oracle Databases In Minutes Without Risk Using Enterprise Manager 13c
Clone Oracle Databases In Minutes Without Risk Using Enterprise Manager 13cClone Oracle Databases In Minutes Without Risk Using Enterprise Manager 13c
Clone Oracle Databases In Minutes Without Risk Using Enterprise Manager 13cAlfredo Krieg
 
Performance Stability, Tips and Tricks and Underscores
Performance Stability, Tips and Tricks and UnderscoresPerformance Stability, Tips and Tricks and Underscores
Performance Stability, Tips and Tricks and UnderscoresJitendra Singh
 
Top 20 FAQs on the Autonomous Database
Top 20 FAQs on the Autonomous DatabaseTop 20 FAQs on the Autonomous Database
Top 20 FAQs on the Autonomous DatabaseSandesh Rao
 
AIOUG : OTNYathra - Troubleshooting and Diagnosing Oracle Database 12.2 and O...
AIOUG : OTNYathra - Troubleshooting and Diagnosing Oracle Database 12.2 and O...AIOUG : OTNYathra - Troubleshooting and Diagnosing Oracle Database 12.2 and O...
AIOUG : OTNYathra - Troubleshooting and Diagnosing Oracle Database 12.2 and O...Sandesh Rao
 
Enabling a Data Mesh Architecture with Data Virtualization
Enabling a Data Mesh Architecture with Data VirtualizationEnabling a Data Mesh Architecture with Data Virtualization
Enabling a Data Mesh Architecture with Data VirtualizationDenodo
 
Getting the most out of your Oracle 12.2 Optimizer (i.e. The Brain)
Getting the most out of your Oracle 12.2 Optimizer (i.e. The Brain)Getting the most out of your Oracle 12.2 Optimizer (i.e. The Brain)
Getting the most out of your Oracle 12.2 Optimizer (i.e. The Brain)SolarWinds
 
Oracle Enterprise Manager Cloud Control 13c for DBAs
Oracle Enterprise Manager Cloud Control 13c for DBAsOracle Enterprise Manager Cloud Control 13c for DBAs
Oracle Enterprise Manager Cloud Control 13c for DBAsGokhan Atil
 
Data platform architecture
Data platform architectureData platform architecture
Data platform architectureSudheer Kondla
 

Mais procurados (20)

Migrating Oracle database to PostgreSQL
Migrating Oracle database to PostgreSQLMigrating Oracle database to PostgreSQL
Migrating Oracle database to PostgreSQL
 
What to Expect From Oracle database 19c
What to Expect From Oracle database 19cWhat to Expect From Oracle database 19c
What to Expect From Oracle database 19c
 
Improve PostgreSQL replication with Oracle GoldenGate
Improve PostgreSQL replication with Oracle GoldenGateImprove PostgreSQL replication with Oracle GoldenGate
Improve PostgreSQL replication with Oracle GoldenGate
 
Intro to databricks delta lake
Intro to databricks delta lake Intro to databricks delta lake
Intro to databricks delta lake
 
Data Mesh
Data MeshData Mesh
Data Mesh
 
Oracle Extended Clusters for Oracle RAC
Oracle Extended Clusters for Oracle RACOracle Extended Clusters for Oracle RAC
Oracle Extended Clusters for Oracle RAC
 
Oracle RAC 19c with Standard Edition (SE) 2 - Support Update
Oracle RAC 19c with Standard Edition (SE) 2 - Support UpdateOracle RAC 19c with Standard Edition (SE) 2 - Support Update
Oracle RAC 19c with Standard Edition (SE) 2 - Support Update
 
Oracle Identity & Access Management
Oracle Identity & Access ManagementOracle Identity & Access Management
Oracle Identity & Access Management
 
(ENT305) Develop an Enterprise-wide Cloud Adoption Strategy | AWS re:Invent 2014
(ENT305) Develop an Enterprise-wide Cloud Adoption Strategy | AWS re:Invent 2014(ENT305) Develop an Enterprise-wide Cloud Adoption Strategy | AWS re:Invent 2014
(ENT305) Develop an Enterprise-wide Cloud Adoption Strategy | AWS re:Invent 2014
 
Microservices Patterns with GoldenGate
Microservices Patterns with GoldenGateMicroservices Patterns with GoldenGate
Microservices Patterns with GoldenGate
 
Clone Oracle Databases In Minutes Without Risk Using Enterprise Manager 13c
Clone Oracle Databases In Minutes Without Risk Using Enterprise Manager 13cClone Oracle Databases In Minutes Without Risk Using Enterprise Manager 13c
Clone Oracle Databases In Minutes Without Risk Using Enterprise Manager 13c
 
Performance Stability, Tips and Tricks and Underscores
Performance Stability, Tips and Tricks and UnderscoresPerformance Stability, Tips and Tricks and Underscores
Performance Stability, Tips and Tricks and Underscores
 
Top 20 FAQs on the Autonomous Database
Top 20 FAQs on the Autonomous DatabaseTop 20 FAQs on the Autonomous Database
Top 20 FAQs on the Autonomous Database
 
AIOUG : OTNYathra - Troubleshooting and Diagnosing Oracle Database 12.2 and O...
AIOUG : OTNYathra - Troubleshooting and Diagnosing Oracle Database 12.2 and O...AIOUG : OTNYathra - Troubleshooting and Diagnosing Oracle Database 12.2 and O...
AIOUG : OTNYathra - Troubleshooting and Diagnosing Oracle Database 12.2 and O...
 
Snowflake Datawarehouse Architecturing
Snowflake Datawarehouse ArchitecturingSnowflake Datawarehouse Architecturing
Snowflake Datawarehouse Architecturing
 
Enabling a Data Mesh Architecture with Data Virtualization
Enabling a Data Mesh Architecture with Data VirtualizationEnabling a Data Mesh Architecture with Data Virtualization
Enabling a Data Mesh Architecture with Data Virtualization
 
Getting the most out of your Oracle 12.2 Optimizer (i.e. The Brain)
Getting the most out of your Oracle 12.2 Optimizer (i.e. The Brain)Getting the most out of your Oracle 12.2 Optimizer (i.e. The Brain)
Getting the most out of your Oracle 12.2 Optimizer (i.e. The Brain)
 
Enterprise manager 13c
Enterprise manager 13cEnterprise manager 13c
Enterprise manager 13c
 
Oracle Enterprise Manager Cloud Control 13c for DBAs
Oracle Enterprise Manager Cloud Control 13c for DBAsOracle Enterprise Manager Cloud Control 13c for DBAs
Oracle Enterprise Manager Cloud Control 13c for DBAs
 
Data platform architecture
Data platform architectureData platform architecture
Data platform architecture
 

Destaque

NoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQL
NoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQLNoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQL
NoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQLDATAVERSITY
 
Webinar - Security and Manageability: Key Criteria in Selecting Enterprise-Gr...
Webinar - Security and Manageability: Key Criteria in Selecting Enterprise-Gr...Webinar - Security and Manageability: Key Criteria in Selecting Enterprise-Gr...
Webinar - Security and Manageability: Key Criteria in Selecting Enterprise-Gr...DataStax
 
Webinar: MongoDB 2.6 New Security Features
Webinar: MongoDB 2.6 New Security FeaturesWebinar: MongoDB 2.6 New Security Features
Webinar: MongoDB 2.6 New Security FeaturesMongoDB
 
Oracle Database 12c Attack Vectors
Oracle Database 12c Attack VectorsOracle Database 12c Attack Vectors
Oracle Database 12c Attack VectorsMartin Toshev
 
Attacking Oracle with the Metasploit Framework
Attacking Oracle with the Metasploit FrameworkAttacking Oracle with the Metasploit Framework
Attacking Oracle with the Metasploit FrameworkChris Gates
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Rob Fuller
 

Destaque (6)

NoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQL
NoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQLNoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQL
NoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQL
 
Webinar - Security and Manageability: Key Criteria in Selecting Enterprise-Gr...
Webinar - Security and Manageability: Key Criteria in Selecting Enterprise-Gr...Webinar - Security and Manageability: Key Criteria in Selecting Enterprise-Gr...
Webinar - Security and Manageability: Key Criteria in Selecting Enterprise-Gr...
 
Webinar: MongoDB 2.6 New Security Features
Webinar: MongoDB 2.6 New Security FeaturesWebinar: MongoDB 2.6 New Security Features
Webinar: MongoDB 2.6 New Security Features
 
Oracle Database 12c Attack Vectors
Oracle Database 12c Attack VectorsOracle Database 12c Attack Vectors
Oracle Database 12c Attack Vectors
 
Attacking Oracle with the Metasploit Framework
Attacking Oracle with the Metasploit FrameworkAttacking Oracle with the Metasploit Framework
Attacking Oracle with the Metasploit Framework
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
 

Semelhante a Oracle database threats - LAOUC Webinar

How to Destroy a Database
How to Destroy a DatabaseHow to Destroy a Database
How to Destroy a DatabaseJohn Ashmead
 
Make your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeMake your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeThuan Ng
 
CSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsCSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsAlert Logic
 
Website Hacking and Preventive Measures
Website Hacking and Preventive MeasuresWebsite Hacking and Preventive Measures
Website Hacking and Preventive MeasuresShubham Takode
 
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_alCss sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_alAlert Logic
 
CSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web AppsCSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web AppsAlert Logic
 
Web & Cloud Security in the real world
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real worldMadhu Akula
 
Information Security Systems
Information Security SystemsInformation Security Systems
Information Security SystemsEyad Mhanna
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataPrecisely
 
Unethical access to website’s databases hacking using sql injection
Unethical access to website’s databases hacking using sql injectionUnethical access to website’s databases hacking using sql injection
Unethical access to website’s databases hacking using sql injectionSatyajit Mukherjee
 
Implementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceImplementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceBrian Pichman
 
Ce hv6 module 42 hacking database servers
Ce hv6 module 42 hacking database serversCe hv6 module 42 hacking database servers
Ce hv6 module 42 hacking database serversVi TĂ­nh HoĂ ng Nam
 
DBMS Vulnerabilities And Threats.pptx
DBMS Vulnerabilities And Threats.pptxDBMS Vulnerabilities And Threats.pptx
DBMS Vulnerabilities And Threats.pptxsiti829412
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top TenSecurity Innovation
 
Data base system.pptx
Data base system.pptxData base system.pptx
Data base system.pptxMrwafaAbbas
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataPrecisely
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...IBM Security
 
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme... هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...M Mehdi Ahmadian
 
Lesson 6 web based attacks
Lesson 6 web based attacksLesson 6 web based attacks
Lesson 6 web based attacksFrank Victory
 

Semelhante a Oracle database threats - LAOUC Webinar (20)

How to Destroy a Database
How to Destroy a DatabaseHow to Destroy a Database
How to Destroy a Database
 
Make your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeMake your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More Safe
 
CSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsCSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web Applications
 
Website Hacking and Preventive Measures
Website Hacking and Preventive MeasuresWebsite Hacking and Preventive Measures
Website Hacking and Preventive Measures
 
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_alCss sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
 
CSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web AppsCSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web Apps
 
Web & Cloud Security in the real world
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real world
 
Information Security Systems
Information Security SystemsInformation Security Systems
Information Security Systems
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
 
Unethical access to website’s databases hacking using sql injection
Unethical access to website’s databases hacking using sql injectionUnethical access to website’s databases hacking using sql injection
Unethical access to website’s databases hacking using sql injection
 
Implementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceImplementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day Conference
 
Ce hv6 module 42 hacking database servers
Ce hv6 module 42 hacking database serversCe hv6 module 42 hacking database servers
Ce hv6 module 42 hacking database servers
 
DBMS Vulnerabilities And Threats.pptx
DBMS Vulnerabilities And Threats.pptxDBMS Vulnerabilities And Threats.pptx
DBMS Vulnerabilities And Threats.pptx
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten
 
Data base system.pptx
Data base system.pptxData base system.pptx
Data base system.pptx
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
 
Ccna sec 01
Ccna sec 01Ccna sec 01
Ccna sec 01
 
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme... هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...
 
Lesson 6 web based attacks
Lesson 6 web based attacksLesson 6 web based attacks
Lesson 6 web based attacks
 

Mais de Osama Mustafa

Case study for software architect
Case study for software architectCase study for software architect
Case study for software architectOsama Mustafa
 
DevOps for database
DevOps for databaseDevOps for database
DevOps for databaseOsama Mustafa
 
Does cloud mean the end of the dba
Does cloud mean the end of the dbaDoes cloud mean the end of the dba
Does cloud mean the end of the dbaOsama Mustafa
 
Using git hub for your code
Using git hub for your codeUsing git hub for your code
Using git hub for your codeOsama Mustafa
 
DevOps Project
DevOps Project DevOps Project
DevOps Project Osama Mustafa
 
Java business service
Java business serviceJava business service
Java business serviceOsama Mustafa
 
Steps creating data_integration_services
Steps creating data_integration_servicesSteps creating data_integration_services
Steps creating data_integration_servicesOsama Mustafa
 
Build, Deploy and Run Node Js Application on Azure using Docker
Build, Deploy and Run Node Js Application on Azure using DockerBuild, Deploy and Run Node Js Application on Azure using Docker
Build, Deploy and Run Node Js Application on Azure using DockerOsama Mustafa
 
Oracle api gateway installation as cluster and single node
Oracle api gateway installation as cluster and single nodeOracle api gateway installation as cluster and single node
Oracle api gateway installation as cluster and single nodeOsama Mustafa
 
Helping implementer dealing with famous siebel based system messages and er...
Helping implementer dealing with famous siebel based system messages and er...Helping implementer dealing with famous siebel based system messages and er...
Helping implementer dealing with famous siebel based system messages and er...Osama Mustafa
 
Weblogic and docker
Weblogic and dockerWeblogic and docker
Weblogic and dockerOsama Mustafa
 
Weblogic 101 for dba
Weblogic 101 for dbaWeblogic 101 for dba
Weblogic 101 for dbaOsama Mustafa
 
Ebs clone r12.2.4
Ebs clone r12.2.4Ebs clone r12.2.4
Ebs clone r12.2.4Osama Mustafa
 
Oracle obia 11.1.1.10.1 installation
Oracle obia 11.1.1.10.1 installation Oracle obia 11.1.1.10.1 installation
Oracle obia 11.1.1.10.1 installation Osama Mustafa
 
Oracle Enterprise manager 13c Installation
Oracle Enterprise manager 13c InstallationOracle Enterprise manager 13c Installation
Oracle Enterprise manager 13c InstallationOsama Mustafa
 
Erp installation r12.2
Erp installation r12.2Erp installation r12.2
Erp installation r12.2Osama Mustafa
 
OBIA Installation
OBIA Installation OBIA Installation
OBIA Installation Osama Mustafa
 
Upgrade EBS DB from 11g to 12c.
Upgrade EBS DB from 11g to 12c.Upgrade EBS DB from 11g to 12c.
Upgrade EBS DB from 11g to 12c.Osama Mustafa
 
Eouc 12 on 12c osama mustafa
Eouc 12 on 12c osama mustafaEouc 12 on 12c osama mustafa
Eouc 12 on 12c osama mustafaOsama Mustafa
 
Install oracle siebel on windows 2008 r2
Install oracle siebel on windows 2008 r2Install oracle siebel on windows 2008 r2
Install oracle siebel on windows 2008 r2Osama Mustafa
 

Mais de Osama Mustafa (20)

Case study for software architect
Case study for software architectCase study for software architect
Case study for software architect
 
DevOps for database
DevOps for databaseDevOps for database
DevOps for database
 
Does cloud mean the end of the dba
Does cloud mean the end of the dbaDoes cloud mean the end of the dba
Does cloud mean the end of the dba
 
Using git hub for your code
Using git hub for your codeUsing git hub for your code
Using git hub for your code
 
DevOps Project
DevOps Project DevOps Project
DevOps Project
 
Java business service
Java business serviceJava business service
Java business service
 
Steps creating data_integration_services
Steps creating data_integration_servicesSteps creating data_integration_services
Steps creating data_integration_services
 
Build, Deploy and Run Node Js Application on Azure using Docker
Build, Deploy and Run Node Js Application on Azure using DockerBuild, Deploy and Run Node Js Application on Azure using Docker
Build, Deploy and Run Node Js Application on Azure using Docker
 
Oracle api gateway installation as cluster and single node
Oracle api gateway installation as cluster and single nodeOracle api gateway installation as cluster and single node
Oracle api gateway installation as cluster and single node
 
Helping implementer dealing with famous siebel based system messages and er...
Helping implementer dealing with famous siebel based system messages and er...Helping implementer dealing with famous siebel based system messages and er...
Helping implementer dealing with famous siebel based system messages and er...
 
Weblogic and docker
Weblogic and dockerWeblogic and docker
Weblogic and docker
 
Weblogic 101 for dba
Weblogic 101 for dbaWeblogic 101 for dba
Weblogic 101 for dba
 
Ebs clone r12.2.4
Ebs clone r12.2.4Ebs clone r12.2.4
Ebs clone r12.2.4
 
Oracle obia 11.1.1.10.1 installation
Oracle obia 11.1.1.10.1 installation Oracle obia 11.1.1.10.1 installation
Oracle obia 11.1.1.10.1 installation
 
Oracle Enterprise manager 13c Installation
Oracle Enterprise manager 13c InstallationOracle Enterprise manager 13c Installation
Oracle Enterprise manager 13c Installation
 
Erp installation r12.2
Erp installation r12.2Erp installation r12.2
Erp installation r12.2
 
OBIA Installation
OBIA Installation OBIA Installation
OBIA Installation
 
Upgrade EBS DB from 11g to 12c.
Upgrade EBS DB from 11g to 12c.Upgrade EBS DB from 11g to 12c.
Upgrade EBS DB from 11g to 12c.
 
Eouc 12 on 12c osama mustafa
Eouc 12 on 12c osama mustafaEouc 12 on 12c osama mustafa
Eouc 12 on 12c osama mustafa
 
Install oracle siebel on windows 2008 r2
Install oracle siebel on windows 2008 r2Install oracle siebel on windows 2008 r2
Install oracle siebel on windows 2008 r2
 

Último

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 

Último (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 

Oracle database threats - LAOUC Webinar

  • 1. Osama Mustafa Senior Oracle DBA Gurus Solutions
  • 2. Overview • Introduction • Why Database security is important ? • How Database Are hacked ? • How to Protect against Database Attack ? • Conclusion • Reference • Q&A
  • 3. Who Am I ? • • • • • • Certified OCP,OCE,OCS 10g,11g Oracle ACE Certified Ethical hacker / LPT Sun / Linux Certified Author Of Oracle Penetration testing book Presenter & Contributor in Oracle Community . osama.mustafa@gurussolutions.com @OsamaOracle http://osamamustafa.blogspot.com Osama Mustafa
  • 5. Introduction • 10 January 2014 Target data theft affected 70 million customers. • Data Theft is Becoming Major Threat. • Data Theft is Bank of gold. • 90% of companies say they've been hacked. • Most of the Target Data are Personal Stuff Such as Credit Card, Account Number, and Passwords.
  • 6. Introduction Revising the Top 10 Data Loss Incidents list
  • 7. Introduction “Your Personal Data is Worth Pretty Penny, But it All Depends On Who Wants it” TrendMicro Average for personal Data Between 0$-1200$ If you want to know how much your Personal Data Worth Check this Website : http://www.ft.com/cms/s/2/927ca86e-d29b-11e2-88ed00144feab7de.html#axzz2ukFAZIUF
  • 8.
  • 9. Introduction • In 2012 Report from Verizon Data Indicate that 96% of Records breached are from database. • Less Than 5% of Security Spend on Data Center (WW Security Products ) . Data Center 5% 95%
  • 10. Why Database Security Is Important • Database is the most important Data Banking : • Financial Data • Client/Customer Data • Corporate/organization Data. • If the database stop working the company will lose money. • If the database is getting hacked, imagine what happened to the company.
  • 11. Why Database Security Is Important • Ensure the data is confidential, and prevent any outsourcing modification. • Secure database provide an additional benefit which is data management become more efficient and effective. • Access to database should be only restricted to authorized people only unless one thing it’s Public Database. • Secure Database leads to monitor activity and knows authorized people.
  • 12. Laws about Security • SOX  Sarbanes Oxley • “protect investors by improving reliability of corporate” • PCI  Payment Card industry • Related to Credit card companies such as Visa, Master card. • GLBA  Gramm Leach Bliley Act • companies that offer consumers financial products or services like loans. • DATA  Data Accountability and Trust Act • security policies and procedures to protect data containing personal information
  • 13. How Database are Hacked ?
  • 14. How Database are Hacked ? • As Database Administrator you need to know Threats that can effect on your database. • Definition of threats : context of computer security, refers to anything that has the potential to cause serious harm to a computer system. A threat is something that may or may not happen, but has the potential to cause serious damage. Threats can lead to attacks on computer systems, networks and more. • Vulnerability: Existence of a weakness design or implementation error that Existence of a weakness, design, or implementation error that can lead to an unexpected and undesirable event compromising the security of the system
  • 15. Elements Of Security • Confidentiality : • The concealment of information or resources. • Authenticity • The identification and assurance of the origin of information. • Integrity • The trustworthiness of data or resources in terms of preventing improper and unauthorized changes. • Availability • The ability to use the desired information or resource
  • 16. Triangle of Security Decide Before Moving The Ball
  • 17. What The Hacker Do ? • Gather Information • Active : Directly Such as social engineering • Passive : Google search, Social media • Scanning : • use some tools for scan vulnerabilities of the system. • Gaining Access: • Penetration Phase, continue attacking to explore deeper into the target network. • Maintaining Access • Downloading Phase • Clearing Tracks “The more the hacker learns about your internal operations means the more likely he will be intrude and exploit. So be Secure.”
  • 18. Attack Oracle-Database Server • Database servers are usually hacked to get the critical information • Mistakes made by the web designers can reveal the databases of the server to the hacker • Finding an Oracle database server on network is done using TCP port scan • Once Oracle Database Server has been discovered, First Port of call is TNS Listener.
  • 19. Top Threats Effect on Database Server • Unused Privileges:• When user are Granted Database access Privileges that exceed requirement of their job these Privileges can lead to major issue if the user was know what he is doing. • • • • • • • • REVOKE CREATE DATABASE LINK FROM connect; REVOKE EXECUTE ON utl_tcp FROM public; REVOKE EXECUTE ON utl_smtp FROM public; REVOKE EXECUTE ON utl_http FROM public; REVOKE EXECUTE ON utl_mail FROM public; REVOKE EXECUTE ON utl_inaddr FROM public; REVOKE EXECUTE ON utl_file FROM public; REVOKE EXECUTE ON dbms_java FROm public;
  • 20. Top Threats Effect on Database Server • http://support.oracle.com • Review database user privileges • Note 1020286.6 - Script to Create View to Show All User Privs Note 1050267.6 - SCRIPT: Script to show table privileges for users and roles Note 1020176.6 - SCRIPT: Script to Generate object privilege GRANTS • Revoke privileges from PUBLIC where not necessary • Note 247093.1 - Be Cautious When Revoking Privileges Granted to PUBLIC Note 234551.1 - PUBLIC Is it a User, a Role, a User Group, a Privilege ? Note 390225.1 - Execute Privileges Are Reset For Public After Applying Patchset
  • 21. Top Threats Effect on Database Server • Weak Authentication • Most common Default Password for Database Username Password Sys Manager Sys System Sys Oracle System Same as sys Apps Apps ( EBS User ) scott tiger Oracle Default Password List By Pete Finnigan http://www.petefinnigan.com/default/default_password_list.htm
  • 22. Voyager Beta worm • On 20-december 2005 an anonymous poster (kwbbwi@findnot.com ) posted an variant of the Oracle Voyager Worm. • Read more About this Worm : • http://www.red-database-security.com/advisory/oracle_worm_voyager.html • attacks Oracle servers using default accounts and password • It attempts a TCP connection to TCP Port 1521 Where oracle connection Service listens. • If Ok Then Tries Series of Username and password • System/manager, sys/change_on_install , dbsnmp/dbsnmp, scott/tiger. • Authenticate Ok , It will create table to transfer payload.
  • 23. Top Threats Effect on Database Server • Denial of service (DoS) :• Common DoS techniques include buffer overflows, data corruption, network flooding, and resource consumption. • It is an attack through which a person can render a system unusable or significantly slow it down for system unusable, or significantly slow it down for legitimate users, by overloading its resources. • Attackers may: • Attempt to flood a network, thereby preventing legitimate network traffic. • Attempt to disrupt connections between two machines thereby Attempt to disrupt connections between two machines, thereby preventing access to a service. • Attempt to prevent a particular individual from accessing a service. • Attempt to disrupt service to a specific system or person.
  • 24. Top Threats Effect on Database Server • The Impact:• Disabled network • Disabled organization • Financial loss • Loss of goodwill • DoS Attack Classification:• • • • • Smurf :- Generates a large amount of ICMP echo (ping) Buffer Overflow Attack :- The program writes more information into the buffer. Ping of death :- Send IP Packets larger than the 65,536 Bytes. Teardrop :- IP Requires that packet that is too large for next Router. SYN Attack :- Sends bogus TCP SYN requests to a victim server.
  • 25. Top Threats Effect on Database Server • Examples DoS Attack Tools :• • • • • • • • • • • Jolt2 Bubonic.c Land and LaTierra Targa Blast20 Nemesy Panther2 Crazy Pinger Some Trouble UDP Flood FSMax
  • 26. Top Threats Effect on Database Server • SQL Injection • type of security exploit in which the attacker "injects" Structured Query Language (SQL) code through a web form input box to gain Structured Query Language (SQL) code through a web form input box, to gain access to resources, or make changes to data • Programmer use sequential commands with user inputs making it easier for attackers to inject commands. • Attacker can do SQL Commands through web application. • For Example when a user logs onto a web page by using a user name and password for validation a SQL query is user name and password for validation, a SQL query is used. • What I Need  Any Web Browser.
  • 27. Top Threats Effect on Database Server • What Should I look For in SQL Injection ? • HTML method • POST  you cannot see any parameters in browser. • GET • Check HTML Source Code. <Form action=search.asp method=post> <input type=hidden name=X value=Z> </Form> • Examples • http:// www.mywebsite.com /index.asp?id=10
  • 28. Top Threats Effect on Database Server If you get this error, then the website is vulnerable to an SQL injection attack
  • 29. Top Threats Effect on Database Server • But Wait How Can I Test SQL Injection !!! • Different Way, Different Tools • Easy Way to use Single Quote in the input • Examples : • • blah’ or 1=1— • Login:blah’ or 1=1— • • Password:blah’ or 1=1— http:// www.mywebsite.com /index.asp?id=10 Will be like this http:// www.mywebsite.com/index.asp?id=blah’ or 1=1--
  • 30. Top Threats Effect on Database Server • Another examples for single quote usage in SQL Injection : • ‘ or 1=1— • “ or 1=1— • ‘ or ‘a’=‘a • “ or “a”=“a • ‘) or (‘a’=‘a) • The hacker breaks into the system by injecting malformed SQL into the query because the executed query is formed by the concatenation of a fixed string and values entered by the user: • string strQry = "SELECT Count(*) FROM Users WHERE UserName='" + txtUser.Text + "' AND Password='" + txtPassword.Text + "'";
  • 31. Top Threats Effect on Database Server • If the user enter valid username and password the query strQry will be changed Like this : SELECT Count(*) FROM Users WHERE UserName='Paul' AND Password='password‘ • But The Hacker will not leave weak code Alone and he will enter :' Or 1=1 – • The New Query Will be SELECT Count(*) FROM Users WHERE UserName='' Or 1=1 --' AND Password='' • 1=1 is always true for every row in the table, so assuming there is at least one row in the table this SQL always return nonzero count of records.
  • 32. Top Threats Effect on Database Server • Weak Audit Trail
  • 33. Top Threats Effect on Database Server Performance impacts. Determine what is important to be audited. Limited Resource. Which Mechanism Of Audit Trail I should Use ? No End-To-End Auditing
  • 34. Top Threats Effect on Database Server
  • 35. Top Threats Effect on Database Server • Whether database auditing is enabled or disabled, Oracle will always audit certain database actions into the OS audit trail. There is no way to change this behavior because it is a formal requirement of the security evaluation criteria. Documents Every DBA Should Read • • • • • NOTE:174340.1 - Audit SYS User Operations (How to Audit SYSDBA) NOTE:553225.1 - How To Set the AUDIT_SYSLOG_LEVEL Parameter? NOTE:1299033.1- Master Note For Oracle Database Auditing Note 174340.1 - Audit SYS User Operations note 1171314.1 Huge/Large/Excessive Number Of Audit Records Are Being Generated In The Database • Note 1509723.1 - Oracle Database Auditing Performance
  • 36. Top Threats Effect on Database Server • Malware • is software designed to infiltrate or damage a computer system without the owner's informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. Report From Verizon Data:“69% breaches incorporated malware” http://www.wired.com/images_blogs/threatlevel/2012/03/Verizon-DataBreach-Report-2012.pdf
  • 37. Top Threats Effect on Database Server • Malware includes computer viruses, worms, trojan horses, spyware, adware, most rootkits, and other malicious programs. In law, malware is sometimes known as a computer contaminant, in various legal codes.
  • 38. Top Threats Effect on Database Server Most Common Ports:Name Protocol Ports Back Office UDP 31337 Or 31338 Deep Throat UDP 2140 and 3150 Net Bus TCP 12345 and 12346 Whack-a-mole TCP 12361 and 12362 Net Bus 2 Pro TCP 20034 Girlfriend TCP 21544 Master Paradise TCP 3129, 40421, 40422, 40423 and 40426 Windows : netstat –an | findstr <port number> Linux : netstat –an | grep <port number>
  • 39. Top Threats Effect on Database Server • Storage/Backup Media Exposure • When data is saved to tape, you want to be confident that data will be accessible decades from now, as well as tomorrow. • Backup database storage media is often completely unprotected from attack. As a result, several high profile security breaches have involved theft of database backup tapes and hard disks. • Always Remember Company Data Means Money to another Person.
  • 40. Top Threats Effect on Database Server • Unpatched Database • Oracle Provide Something Called Critical Patch Updates. • Critical Patch Updates are collections of security fixes for Oracle products. • They are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are: • • • • • 17th day of January. 15 April 2014 15 July 2014 14 October 2014 20 January 2015 http://www.oracle.com/technetwork/topics/security/alerts-086861.html
  • 41. Top Threats Effect on Database Server
  • 42. Top Threats Effect on Database Server • Another Thing should be follow and Monitored which is : • Security Alerts • Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
  • 43. Top Threats Effect on Database Server • Unsecure Sensitive Data:• Who has access to company data ? • Dose the company meet requirement ? • What Will make the Hacker Rich ? • What Could damage the reputation of the organization ?
  • 44. Top Threats Effect on Database Server • Limited Education/Trained end users:• Humans are the weakest link in the information security. • The errors committed by the human elements of an organization remain a major contributor to data loss incidents worldwide. • What do we want to accomplish by making users aware of security? • • • • Encourage safe usage habits and discourage unsafe behavior Change user perceptions of information security Inform users about how to recognize and react to potential threats Educate users about information security techniques they can use
  • 45. Top Threats Effect on Database Server • Challenges:• • • • Delivering a desired message to the end-user. Motivating users to take a personal interest in information security. Giving end user security awareness a higher priority within organizations. No Budget in the company for Security Awareness.
  • 46. How to Secure Database • What Should I Do to Secure Database ? • Set a good password policy • No password reuse. • Strong passwords • Keep up to date with security patches • Check Firewall level • Trusted Connection Only • Block Unused Ports • Encryption • network level • SSL • File Level Such as Backup. • Database Such As Sensitive Data. • Monitor Database • Periodically check for users with database administration privileges
  • 47. How to Secure Database • audit your web applications • Misconfigurations. • Log as much as possible • Failed logins. • Permissions errors • Your Data is your money protect it. • Train IT staff on database security. • Always Ask For Professional Services.
  • 48.