SlideShare a Scribd company logo

Oracle database threats - LAOUC Webinar

Download as PPTX, PDF
Osama Mustafa
Osama Mustafa

LAOUC Webinar , Top 10 Oracle Database Threats How to Secure Oracle Database

Technology
1 of 49
Osama Mustafa Senior Oracle DBA Gurus Solutions
Overview • Introduction • Why Database security is important ? • How Database Are hacked ? • How to Protect against Database Attack ? • Conclusion • Reference • Q&A
Who Am I ? • • • • • • Certified OCP,OCE,OCS 10g,11g Oracle ACE Certified Ethical hacker / LPT Sun / Linux Certified Author Of Oracle Penetration testing book Presenter & Contributor in Oracle Community . osama.mustafa@gurussolutions.com @OsamaOracle http://osamamustafa.blogspot.com Osama Mustafa
GoogIe Search Without Oracle With Oracle
Introduction • 10 January 2014 Target data theft affected 70 million customers. • Data Theft is Becoming Major Threat. • Data Theft is Bank of gold. • 90% of companies say they've been hacked. • Most of the Target Data are Personal Stuff Such as Credit Card, Account Number, and Passwords.
Introduction Revising the Top 10 Data Loss Incidents list
Introduction “Your Personal Data is Worth Pretty Penny, But it All Depends On Who Wants it” TrendMicro Average for personal Data Between 0$-1200$ If you want to know how much your Personal Data Worth Check this Website : http://www.ft.com/cms/s/2/927ca86e-d29b-11e2-88ed00144feab7de.html#axzz2ukFAZIUF
Introduction • In 2012 Report from Verizon Data Indicate that 96% of Records breached are from database. • Less Than 5% of Security Spend on Data Center (WW Security Products ) . Data Center 5% 95%
Why Database Security Is Important • Database is the most important Data Banking : • Financial Data • Client/Customer Data • Corporate/organization Data. • If the database stop working the company will lose money. • If the database is getting hacked, imagine what happened to the company.
Why Database Security Is Important • Ensure the data is confidential, and prevent any outsourcing modification. • Secure database provide an additional benefit which is data management become more efficient and effective. • Access to database should be only restricted to authorized people only unless one thing it’s Public Database. • Secure Database leads to monitor activity and knows authorized people.
Laws about Security • SOX  Sarbanes Oxley • “protect investors by improving reliability of corporate” • PCI  Payment Card industry • Related to Credit card companies such as Visa, Master card. • GLBA  Gramm Leach Bliley Act • companies that offer consumers financial products or services like loans. • DATA  Data Accountability and Trust Act • security policies and procedures to protect data containing personal information
How Database are Hacked ?
How Database are Hacked ? • As Database Administrator you need to know Threats that can effect on your database. • Definition of threats : context of computer security, refers to anything that has the potential to cause serious harm to a computer system. A threat is something that may or may not happen, but has the potential to cause serious damage. Threats can lead to attacks on computer systems, networks and more. • Vulnerability: Existence of a weakness design or implementation error that Existence of a weakness, design, or implementation error that can lead to an unexpected and undesirable event compromising the security of the system
Elements Of Security • Confidentiality : • The concealment of information or resources. • Authenticity • The identification and assurance of the origin of information. • Integrity • The trustworthiness of data or resources in terms of preventing improper and unauthorized changes. • Availability • The ability to use the desired information or resource
Triangle of Security Decide Before Moving The Ball
What The Hacker Do ? • Gather Information • Active : Directly Such as social engineering • Passive : Google search, Social media • Scanning : • use some tools for scan vulnerabilities of the system. • Gaining Access: • Penetration Phase, continue attacking to explore deeper into the target network. • Maintaining Access • Downloading Phase • Clearing Tracks “The more the hacker learns about your internal operations means the more likely he will be intrude and exploit. So be Secure.”
Attack Oracle-Database Server • Database servers are usually hacked to get the critical information • Mistakes made by the web designers can reveal the databases of the server to the hacker • Finding an Oracle database server on network is done using TCP port scan • Once Oracle Database Server has been discovered, First Port of call is TNS Listener.
Top Threats Effect on Database Server • Unused Privileges:• When user are Granted Database access Privileges that exceed requirement of their job these Privileges can lead to major issue if the user was know what he is doing. • • • • • • • • REVOKE CREATE DATABASE LINK FROM connect; REVOKE EXECUTE ON utl_tcp FROM public; REVOKE EXECUTE ON utl_smtp FROM public; REVOKE EXECUTE ON utl_http FROM public; REVOKE EXECUTE ON utl_mail FROM public; REVOKE EXECUTE ON utl_inaddr FROM public; REVOKE EXECUTE ON utl_file FROM public; REVOKE EXECUTE ON dbms_java FROm public;
Top Threats Effect on Database Server • http://support.oracle.com • Review database user privileges • Note 1020286.6 - Script to Create View to Show All User Privs Note 1050267.6 - SCRIPT: Script to show table privileges for users and roles Note 1020176.6 - SCRIPT: Script to Generate object privilege GRANTS • Revoke privileges from PUBLIC where not necessary • Note 247093.1 - Be Cautious When Revoking Privileges Granted to PUBLIC Note 234551.1 - PUBLIC Is it a User, a Role, a User Group, a Privilege ? Note 390225.1 - Execute Privileges Are Reset For Public After Applying Patchset
Top Threats Effect on Database Server • Weak Authentication • Most common Default Password for Database Username Password Sys Manager Sys System Sys Oracle System Same as sys Apps Apps ( EBS User ) scott tiger Oracle Default Password List By Pete Finnigan http://www.petefinnigan.com/default/default_password_list.htm
Voyager Beta worm • On 20-december 2005 an anonymous poster (kwbbwi@findnot.com ) posted an variant of the Oracle Voyager Worm. • Read more About this Worm : • http://www.red-database-security.com/advisory/oracle_worm_voyager.html • attacks Oracle servers using default accounts and password • It attempts a TCP connection to TCP Port 1521 Where oracle connection Service listens. • If Ok Then Tries Series of Username and password • System/manager, sys/change_on_install , dbsnmp/dbsnmp, scott/tiger. • Authenticate Ok , It will create table to transfer payload.
Top Threats Effect on Database Server • Denial of service (DoS) :• Common DoS techniques include buffer overflows, data corruption, network flooding, and resource consumption. • It is an attack through which a person can render a system unusable or significantly slow it down for system unusable, or significantly slow it down for legitimate users, by overloading its resources. • Attackers may: • Attempt to flood a network, thereby preventing legitimate network traffic. • Attempt to disrupt connections between two machines thereby Attempt to disrupt connections between two machines, thereby preventing access to a service. • Attempt to prevent a particular individual from accessing a service. • Attempt to disrupt service to a specific system or person.
Top Threats Effect on Database Server • The Impact:• Disabled network • Disabled organization • Financial loss • Loss of goodwill • DoS Attack Classification:• • • • • Smurf :- Generates a large amount of ICMP echo (ping) Buffer Overflow Attack :- The program writes more information into the buffer. Ping of death :- Send IP Packets larger than the 65,536 Bytes. Teardrop :- IP Requires that packet that is too large for next Router. SYN Attack :- Sends bogus TCP SYN requests to a victim server.
Top Threats Effect on Database Server • Examples DoS Attack Tools :• • • • • • • • • • • Jolt2 Bubonic.c Land and LaTierra Targa Blast20 Nemesy Panther2 Crazy Pinger Some Trouble UDP Flood FSMax
Top Threats Effect on Database Server • SQL Injection • type of security exploit in which the attacker "injects" Structured Query Language (SQL) code through a web form input box to gain Structured Query Language (SQL) code through a web form input box, to gain access to resources, or make changes to data • Programmer use sequential commands with user inputs making it easier for attackers to inject commands. • Attacker can do SQL Commands through web application. • For Example when a user logs onto a web page by using a user name and password for validation a SQL query is user name and password for validation, a SQL query is used. • What I Need  Any Web Browser.
Top Threats Effect on Database Server • What Should I look For in SQL Injection ? • HTML method • POST  you cannot see any parameters in browser. • GET • Check HTML Source Code. <Form action=search.asp method=post> <input type=hidden name=X value=Z> </Form> • Examples • http:// www.mywebsite.com /index.asp?id=10
Top Threats Effect on Database Server If you get this error, then the website is vulnerable to an SQL injection attack
Top Threats Effect on Database Server • But Wait How Can I Test SQL Injection !!! • Different Way, Different Tools • Easy Way to use Single Quote in the input • Examples : • • blah’ or 1=1— • Login:blah’ or 1=1— • • Password:blah’ or 1=1— http:// www.mywebsite.com /index.asp?id=10 Will be like this http:// www.mywebsite.com/index.asp?id=blah’ or 1=1--
Top Threats Effect on Database Server • Another examples for single quote usage in SQL Injection : • ‘ or 1=1— • “ or 1=1— • ‘ or ‘a’=‘a • “ or “a”=“a • ‘) or (‘a’=‘a) • The hacker breaks into the system by injecting malformed SQL into the query because the executed query is formed by the concatenation of a fixed string and values entered by the user: • string strQry = "SELECT Count(*) FROM Users WHERE UserName='" + txtUser.Text + "' AND Password='" + txtPassword.Text + "'";
Top Threats Effect on Database Server • If the user enter valid username and password the query strQry will be changed Like this : SELECT Count(*) FROM Users WHERE UserName='Paul' AND Password='password‘ • But The Hacker will not leave weak code Alone and he will enter :' Or 1=1 – • The New Query Will be SELECT Count(*) FROM Users WHERE UserName='' Or 1=1 --' AND Password='' • 1=1 is always true for every row in the table, so assuming there is at least one row in the table this SQL always return nonzero count of records.
Top Threats Effect on Database Server • Weak Audit Trail
Top Threats Effect on Database Server Performance impacts. Determine what is important to be audited. Limited Resource. Which Mechanism Of Audit Trail I should Use ? No End-To-End Auditing
Top Threats Effect on Database Server
Top Threats Effect on Database Server • Whether database auditing is enabled or disabled, Oracle will always audit certain database actions into the OS audit trail. There is no way to change this behavior because it is a formal requirement of the security evaluation criteria. Documents Every DBA Should Read • • • • • NOTE:174340.1 - Audit SYS User Operations (How to Audit SYSDBA) NOTE:553225.1 - How To Set the AUDIT_SYSLOG_LEVEL Parameter? NOTE:1299033.1- Master Note For Oracle Database Auditing Note 174340.1 - Audit SYS User Operations note 1171314.1 Huge/Large/Excessive Number Of Audit Records Are Being Generated In The Database • Note 1509723.1 - Oracle Database Auditing Performance
Top Threats Effect on Database Server • Malware • is software designed to infiltrate or damage a computer system without the owner's informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. Report From Verizon Data:“69% breaches incorporated malware” http://www.wired.com/images_blogs/threatlevel/2012/03/Verizon-DataBreach-Report-2012.pdf
Top Threats Effect on Database Server • Malware includes computer viruses, worms, trojan horses, spyware, adware, most rootkits, and other malicious programs. In law, malware is sometimes known as a computer contaminant, in various legal codes.
Top Threats Effect on Database Server Most Common Ports:Name Protocol Ports Back Office UDP 31337 Or 31338 Deep Throat UDP 2140 and 3150 Net Bus TCP 12345 and 12346 Whack-a-mole TCP 12361 and 12362 Net Bus 2 Pro TCP 20034 Girlfriend TCP 21544 Master Paradise TCP 3129, 40421, 40422, 40423 and 40426 Windows : netstat –an | findstr <port number> Linux : netstat –an | grep <port number>
Top Threats Effect on Database Server • Storage/Backup Media Exposure • When data is saved to tape, you want to be confident that data will be accessible decades from now, as well as tomorrow. • Backup database storage media is often completely unprotected from attack. As a result, several high profile security breaches have involved theft of database backup tapes and hard disks. • Always Remember Company Data Means Money to another Person.
Top Threats Effect on Database Server • Unpatched Database • Oracle Provide Something Called Critical Patch Updates. • Critical Patch Updates are collections of security fixes for Oracle products. • They are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are: • • • • • 17th day of January. 15 April 2014 15 July 2014 14 October 2014 20 January 2015 http://www.oracle.com/technetwork/topics/security/alerts-086861.html
Top Threats Effect on Database Server
Top Threats Effect on Database Server • Another Thing should be follow and Monitored which is : • Security Alerts • Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
Top Threats Effect on Database Server • Unsecure Sensitive Data:• Who has access to company data ? • Dose the company meet requirement ? • What Will make the Hacker Rich ? • What Could damage the reputation of the organization ?
Top Threats Effect on Database Server • Limited Education/Trained end users:• Humans are the weakest link in the information security. • The errors committed by the human elements of an organization remain a major contributor to data loss incidents worldwide. • What do we want to accomplish by making users aware of security? • • • • Encourage safe usage habits and discourage unsafe behavior Change user perceptions of information security Inform users about how to recognize and react to potential threats Educate users about information security techniques they can use
Top Threats Effect on Database Server • Challenges:• • • • Delivering a desired message to the end-user. Motivating users to take a personal interest in information security. Giving end user security awareness a higher priority within organizations. No Budget in the company for Security Awareness.
How to Secure Database • What Should I Do to Secure Database ? • Set a good password policy • No password reuse. • Strong passwords • Keep up to date with security patches • Check Firewall level • Trusted Connection Only • Block Unused Ports • Encryption • network level • SSL • File Level Such as Backup. • Database Such As Sensitive Data. • Monitor Database • Periodically check for users with database administration privileges
How to Secure Database • audit your web applications • Misconfigurations. • Log as much as possible • Failed logins. • Permissions errors • Your Data is your money protect it. • Train IT staff on database security. • Always Ask For Professional Services.
Thanks For LAOUC osama.mustafa@gurussolutions.com @OsamaOracle http://osamamustafa.blogspot.com Osama Mustafa

Recommended

Storage Primer
Storage PrimerStorage Primer
Storage Primersriramr
 
Hadoop Architecture | HDFS Architecture | Hadoop Architecture Tutorial | HDFS...
Hadoop Architecture | HDFS Architecture | Hadoop Architecture Tutorial | HDFS...Hadoop Architecture | HDFS Architecture | Hadoop Architecture Tutorial | HDFS...
Hadoop Architecture | HDFS Architecture | Hadoop Architecture Tutorial | HDFS...Simplilearn
 
ORC File and Vectorization - Hadoop Summit 2013
ORC File and Vectorization - Hadoop Summit 2013ORC File and Vectorization - Hadoop Summit 2013
ORC File and Vectorization - Hadoop Summit 2013Owen O'Malley
 
Data Lake Overview
Data Lake OverviewData Lake Overview
Data Lake OverviewJames Serra
 
Introduction to Apache Pig
Introduction to Apache PigIntroduction to Apache Pig
Introduction to Apache PigJason Shao
 
The Future of Data Science and Machine Learning at Scale: A Look at MLflow, D...
The Future of Data Science and Machine Learning at Scale: A Look at MLflow, D...The Future of Data Science and Machine Learning at Scale: A Look at MLflow, D...
The Future of Data Science and Machine Learning at Scale: A Look at MLflow, D...Databricks
 
Understanding and controlling transaction logs
Understanding and controlling transaction logsUnderstanding and controlling transaction logs
Understanding and controlling transaction logsRed Gate Software
 
Best Practices for Oracle Exadata and the Oracle Optimizer
Best Practices for Oracle Exadata and the Oracle OptimizerBest Practices for Oracle Exadata and the Oracle Optimizer
Best Practices for Oracle Exadata and the Oracle OptimizerEdgar Alejandro Villegas
 

Recommended

Storage Primer
Storage PrimerStorage Primer
Storage Primersriramr
 
Hadoop Architecture | HDFS Architecture | Hadoop Architecture Tutorial | HDFS...
Hadoop Architecture | HDFS Architecture | Hadoop Architecture Tutorial | HDFS...Hadoop Architecture | HDFS Architecture | Hadoop Architecture Tutorial | HDFS...
Hadoop Architecture | HDFS Architecture | Hadoop Architecture Tutorial | HDFS...Simplilearn
 
ORC File and Vectorization - Hadoop Summit 2013
ORC File and Vectorization - Hadoop Summit 2013ORC File and Vectorization - Hadoop Summit 2013
ORC File and Vectorization - Hadoop Summit 2013Owen O'Malley
 
Data Lake Overview
Data Lake OverviewData Lake Overview
Data Lake OverviewJames Serra
 
Introduction to Apache Pig
Introduction to Apache PigIntroduction to Apache Pig
Introduction to Apache PigJason Shao
 
The Future of Data Science and Machine Learning at Scale: A Look at MLflow, D...
The Future of Data Science and Machine Learning at Scale: A Look at MLflow, D...The Future of Data Science and Machine Learning at Scale: A Look at MLflow, D...
The Future of Data Science and Machine Learning at Scale: A Look at MLflow, D...Databricks
 
Understanding and controlling transaction logs
Understanding and controlling transaction logsUnderstanding and controlling transaction logs
Understanding and controlling transaction logsRed Gate Software
 
Best Practices for Oracle Exadata and the Oracle Optimizer
Best Practices for Oracle Exadata and the Oracle OptimizerBest Practices for Oracle Exadata and the Oracle Optimizer
Best Practices for Oracle Exadata and the Oracle OptimizerEdgar Alejandro Villegas
 
Airbyte @ Airflow Summit - The new modern data stack
Airbyte @ Airflow Summit - The new modern data stackAirbyte @ Airflow Summit - The new modern data stack
Airbyte @ Airflow Summit - The new modern data stackMichel Tricot
 
SSD Deployment Strategies for MySQL
SSD Deployment Strategies for MySQLSSD Deployment Strategies for MySQL
SSD Deployment Strategies for MySQLYoshinori Matsunobu
 
Hadoop Training | Hadoop Training For Beginners | Hadoop Architecture | Hadoo...
Hadoop Training | Hadoop Training For Beginners | Hadoop Architecture | Hadoo...Hadoop Training | Hadoop Training For Beginners | Hadoop Architecture | Hadoo...
Hadoop Training | Hadoop Training For Beginners | Hadoop Architecture | Hadoo...Simplilearn
 
CDW: SAN vs. NAS
CDW: SAN vs. NASCDW: SAN vs. NAS
CDW: SAN vs. NASSpiceworks
 
Storage Technology Overview
Storage Technology OverviewStorage Technology Overview
Storage Technology Overviewnomathjobs
 
Introduction to Hadoop and Hadoop component
Introduction to Hadoop and Hadoop component Introduction to Hadoop and Hadoop component
Introduction to Hadoop and Hadoop component rebeccatho
 
Introduction to Spark Streaming
Introduction to Spark StreamingIntroduction to Spark Streaming
Introduction to Spark Streamingdatamantra
 
Big data Hadoop presentation
Big data Hadoop presentation Big data Hadoop presentation
Big data Hadoop presentation Shivanee garg
 
RocksDB compaction
RocksDB compactionRocksDB compaction
RocksDB compactionMIJIN AN
 
What is Apache Spark | Apache Spark Tutorial For Beginners | Apache Spark Tra...
What is Apache Spark | Apache Spark Tutorial For Beginners | Apache Spark Tra...What is Apache Spark | Apache Spark Tutorial For Beginners | Apache Spark Tra...
What is Apache Spark | Apache Spark Tutorial For Beginners | Apache Spark Tra...Edureka!
 
Hive: Loading Data
Hive: Loading DataHive: Loading Data
Hive: Loading DataBenjamin Leonhardi
 
Spark SQL Deep Dive @ Melbourne Spark Meetup
Spark SQL Deep Dive @ Melbourne Spark MeetupSpark SQL Deep Dive @ Melbourne Spark Meetup
Spark SQL Deep Dive @ Melbourne Spark MeetupDatabricks
 
Sharding
ShardingSharding
ShardingMongoDB
 
Tech Talk: RocksDB Slides by Dhruba Borthakur & Haobo Xu of Facebook
Tech Talk: RocksDB Slides by Dhruba Borthakur & Haobo Xu of FacebookTech Talk: RocksDB Slides by Dhruba Borthakur & Haobo Xu of Facebook
Tech Talk: RocksDB Slides by Dhruba Borthakur & Haobo Xu of FacebookThe Hive
 
Understanding das-nas-san
Understanding das-nas-sanUnderstanding das-nas-san
Understanding das-nas-sanAshwin Pawar
 
How to add social share buttons to pdf documents
How to add social share buttons to pdf documentsHow to add social share buttons to pdf documents
How to add social share buttons to pdf documentsJan Kearney
 
Data Vault Overview
Data Vault OverviewData Vault Overview
Data Vault OverviewEmpowered Holdings, LLC
 
Owning Your Own (Data) Lake House
Owning Your Own (Data) Lake HouseOwning Your Own (Data) Lake House
Owning Your Own (Data) Lake HouseData Con LA
 
Hive
HiveHive
HiveManas Nayak
 
CockroachDB
CockroachDBCockroachDB
CockroachDBandrei moga
 
NoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQL
NoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQLNoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQL
NoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQLDATAVERSITY
 
Webinar - Security and Manageability: Key Criteria in Selecting Enterprise-Gr...
Webinar - Security and Manageability: Key Criteria in Selecting Enterprise-Gr...Webinar - Security and Manageability: Key Criteria in Selecting Enterprise-Gr...
Webinar - Security and Manageability: Key Criteria in Selecting Enterprise-Gr...DataStax
 

More Related Content

What's hot

Airbyte @ Airflow Summit - The new modern data stack
Airbyte @ Airflow Summit - The new modern data stackAirbyte @ Airflow Summit - The new modern data stack
Airbyte @ Airflow Summit - The new modern data stackMichel Tricot
 
SSD Deployment Strategies for MySQL
SSD Deployment Strategies for MySQLSSD Deployment Strategies for MySQL
SSD Deployment Strategies for MySQLYoshinori Matsunobu
 
Hadoop Training | Hadoop Training For Beginners | Hadoop Architecture | Hadoo...
Hadoop Training | Hadoop Training For Beginners | Hadoop Architecture | Hadoo...Hadoop Training | Hadoop Training For Beginners | Hadoop Architecture | Hadoo...
Hadoop Training | Hadoop Training For Beginners | Hadoop Architecture | Hadoo...Simplilearn
 
CDW: SAN vs. NAS
CDW: SAN vs. NASCDW: SAN vs. NAS
CDW: SAN vs. NASSpiceworks
 
Storage Technology Overview
Storage Technology OverviewStorage Technology Overview
Storage Technology Overviewnomathjobs
 
Introduction to Hadoop and Hadoop component
Introduction to Hadoop and Hadoop component Introduction to Hadoop and Hadoop component
Introduction to Hadoop and Hadoop component rebeccatho
 
Introduction to Spark Streaming
Introduction to Spark StreamingIntroduction to Spark Streaming
Introduction to Spark Streamingdatamantra
 
Big data Hadoop presentation
Big data Hadoop presentation Big data Hadoop presentation
Big data Hadoop presentation Shivanee garg
 
RocksDB compaction
RocksDB compactionRocksDB compaction
RocksDB compactionMIJIN AN
 
What is Apache Spark | Apache Spark Tutorial For Beginners | Apache Spark Tra...
What is Apache Spark | Apache Spark Tutorial For Beginners | Apache Spark Tra...What is Apache Spark | Apache Spark Tutorial For Beginners | Apache Spark Tra...
What is Apache Spark | Apache Spark Tutorial For Beginners | Apache Spark Tra...Edureka!
 
Spark SQL Deep Dive @ Melbourne Spark Meetup
Spark SQL Deep Dive @ Melbourne Spark MeetupSpark SQL Deep Dive @ Melbourne Spark Meetup
Spark SQL Deep Dive @ Melbourne Spark MeetupDatabricks
 
Sharding
ShardingSharding
ShardingMongoDB
 
Tech Talk: RocksDB Slides by Dhruba Borthakur & Haobo Xu of Facebook
Tech Talk: RocksDB Slides by Dhruba Borthakur & Haobo Xu of FacebookTech Talk: RocksDB Slides by Dhruba Borthakur & Haobo Xu of Facebook
Tech Talk: RocksDB Slides by Dhruba Borthakur & Haobo Xu of FacebookThe Hive
 
Understanding das-nas-san
Understanding das-nas-sanUnderstanding das-nas-san
Understanding das-nas-sanAshwin Pawar
 
How to add social share buttons to pdf documents
How to add social share buttons to pdf documentsHow to add social share buttons to pdf documents
How to add social share buttons to pdf documentsJan Kearney
 
Owning Your Own (Data) Lake House
Owning Your Own (Data) Lake HouseOwning Your Own (Data) Lake House
Owning Your Own (Data) Lake HouseData Con LA
 

What's hot (20)

Airbyte @ Airflow Summit - The new modern data stack
Airbyte @ Airflow Summit - The new modern data stackAirbyte @ Airflow Summit - The new modern data stack
Airbyte @ Airflow Summit - The new modern data stack
 
SSD Deployment Strategies for MySQL
SSD Deployment Strategies for MySQLSSD Deployment Strategies for MySQL
SSD Deployment Strategies for MySQL
 
Hadoop Training | Hadoop Training For Beginners | Hadoop Architecture | Hadoo...
Hadoop Training | Hadoop Training For Beginners | Hadoop Architecture | Hadoo...Hadoop Training | Hadoop Training For Beginners | Hadoop Architecture | Hadoo...
Hadoop Training | Hadoop Training For Beginners | Hadoop Architecture | Hadoo...
 
CDW: SAN vs. NAS
CDW: SAN vs. NASCDW: SAN vs. NAS
CDW: SAN vs. NAS
 
Storage Technology Overview
Storage Technology OverviewStorage Technology Overview
Storage Technology Overview
 
Introduction to Hadoop and Hadoop component
Introduction to Hadoop and Hadoop component Introduction to Hadoop and Hadoop component
Introduction to Hadoop and Hadoop component
 
Introduction to Spark Streaming
Introduction to Spark StreamingIntroduction to Spark Streaming
Introduction to Spark Streaming
 
Big data Hadoop presentation
Big data Hadoop presentation Big data Hadoop presentation
Big data Hadoop presentation
 
RocksDB compaction
RocksDB compactionRocksDB compaction
RocksDB compaction
 
What is Apache Spark | Apache Spark Tutorial For Beginners | Apache Spark Tra...
What is Apache Spark | Apache Spark Tutorial For Beginners | Apache Spark Tra...What is Apache Spark | Apache Spark Tutorial For Beginners | Apache Spark Tra...
What is Apache Spark | Apache Spark Tutorial For Beginners | Apache Spark Tra...
 
Hive: Loading Data
Hive: Loading DataHive: Loading Data
Hive: Loading Data
 
Spark SQL Deep Dive @ Melbourne Spark Meetup
Spark SQL Deep Dive @ Melbourne Spark MeetupSpark SQL Deep Dive @ Melbourne Spark Meetup
Spark SQL Deep Dive @ Melbourne Spark Meetup
 
Sharding
ShardingSharding
Sharding
 
Tech Talk: RocksDB Slides by Dhruba Borthakur & Haobo Xu of Facebook
Tech Talk: RocksDB Slides by Dhruba Borthakur & Haobo Xu of FacebookTech Talk: RocksDB Slides by Dhruba Borthakur & Haobo Xu of Facebook
Tech Talk: RocksDB Slides by Dhruba Borthakur & Haobo Xu of Facebook
 
Understanding das-nas-san
Understanding das-nas-sanUnderstanding das-nas-san
Understanding das-nas-san
 
How to add social share buttons to pdf documents
How to add social share buttons to pdf documentsHow to add social share buttons to pdf documents
How to add social share buttons to pdf documents
 
Data Vault Overview
Data Vault OverviewData Vault Overview
Data Vault Overview
 
Owning Your Own (Data) Lake House
Owning Your Own (Data) Lake HouseOwning Your Own (Data) Lake House
Owning Your Own (Data) Lake House
 
Hive
HiveHive
Hive
 
CockroachDB
CockroachDBCockroachDB
CockroachDB
 

Viewers also liked

NoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQL
NoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQLNoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQL
NoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQLDATAVERSITY
 
Webinar - Security and Manageability: Key Criteria in Selecting Enterprise-Gr...
Webinar - Security and Manageability: Key Criteria in Selecting Enterprise-Gr...Webinar - Security and Manageability: Key Criteria in Selecting Enterprise-Gr...
Webinar - Security and Manageability: Key Criteria in Selecting Enterprise-Gr...DataStax
 
Webinar: MongoDB 2.6 New Security Features
Webinar: MongoDB 2.6 New Security FeaturesWebinar: MongoDB 2.6 New Security Features
Webinar: MongoDB 2.6 New Security FeaturesMongoDB
 
Oracle Database 12c Attack Vectors
Oracle Database 12c Attack VectorsOracle Database 12c Attack Vectors
Oracle Database 12c Attack VectorsMartin Toshev
 
Attacking Oracle with the Metasploit Framework
Attacking Oracle with the Metasploit FrameworkAttacking Oracle with the Metasploit Framework
Attacking Oracle with the Metasploit FrameworkChris Gates
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Rob Fuller
 

Viewers also liked (6)

NoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQL
NoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQLNoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQL
NoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQL
 
Webinar - Security and Manageability: Key Criteria in Selecting Enterprise-Gr...
Webinar - Security and Manageability: Key Criteria in Selecting Enterprise-Gr...Webinar - Security and Manageability: Key Criteria in Selecting Enterprise-Gr...
Webinar - Security and Manageability: Key Criteria in Selecting Enterprise-Gr...
 
Webinar: MongoDB 2.6 New Security Features
Webinar: MongoDB 2.6 New Security FeaturesWebinar: MongoDB 2.6 New Security Features
Webinar: MongoDB 2.6 New Security Features
 
Oracle Database 12c Attack Vectors
Oracle Database 12c Attack VectorsOracle Database 12c Attack Vectors
Oracle Database 12c Attack Vectors
 
Attacking Oracle with the Metasploit Framework
Attacking Oracle with the Metasploit FrameworkAttacking Oracle with the Metasploit Framework
Attacking Oracle with the Metasploit Framework
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
 

Similar to Oracle database threats - LAOUC Webinar

How to Destroy a Database
How to Destroy a DatabaseHow to Destroy a Database
How to Destroy a DatabaseJohn Ashmead
 
Make your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeMake your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeThuan Ng
 
CSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsCSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsAlert Logic
 
Website Hacking and Preventive Measures
Website Hacking and Preventive MeasuresWebsite Hacking and Preventive Measures
Website Hacking and Preventive MeasuresShubham Takode
 
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_alCss sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_alAlert Logic
 
CSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web AppsCSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web AppsAlert Logic
 
Web & Cloud Security in the real world
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real worldMadhu Akula
 
Information Security Systems
Information Security SystemsInformation Security Systems
Information Security SystemsEyad Mhanna
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataPrecisely
 
Unethical access to website’s databases hacking using sql injection
Unethical access to website’s databases hacking using sql injectionUnethical access to website’s databases hacking using sql injection
Unethical access to website’s databases hacking using sql injectionSatyajit Mukherjee
 
Implementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceImplementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceBrian Pichman
 
Ce hv6 module 42 hacking database servers
Ce hv6 module 42 hacking database serversCe hv6 module 42 hacking database servers
Ce hv6 module 42 hacking database serversVi Tính Hoàng Nam
 
DBMS Vulnerabilities And Threats.pptx
DBMS Vulnerabilities And Threats.pptxDBMS Vulnerabilities And Threats.pptx
DBMS Vulnerabilities And Threats.pptxsiti829412
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top TenSecurity Innovation
 
Data base system.pptx
Data base system.pptxData base system.pptx
Data base system.pptxMrwafaAbbas
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataPrecisely
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...IBM Security
 
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme... هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...M Mehdi Ahmadian
 
Lesson 6 web based attacks
Lesson 6 web based attacksLesson 6 web based attacks
Lesson 6 web based attacksFrank Victory
 

Similar to Oracle database threats - LAOUC Webinar (20)

How to Destroy a Database
How to Destroy a DatabaseHow to Destroy a Database
How to Destroy a Database
 
Make your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeMake your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More Safe
 
CSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsCSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web Applications
 
Website Hacking and Preventive Measures
Website Hacking and Preventive MeasuresWebsite Hacking and Preventive Measures
Website Hacking and Preventive Measures
 
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_alCss sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
 
CSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web AppsCSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web Apps
 
Web & Cloud Security in the real world
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real world
 
Information Security Systems
Information Security SystemsInformation Security Systems
Information Security Systems
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
 
Unethical access to website’s databases hacking using sql injection
Unethical access to website’s databases hacking using sql injectionUnethical access to website’s databases hacking using sql injection
Unethical access to website’s databases hacking using sql injection
 
Implementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceImplementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day Conference
 
Ce hv6 module 42 hacking database servers
Ce hv6 module 42 hacking database serversCe hv6 module 42 hacking database servers
Ce hv6 module 42 hacking database servers
 
DBMS Vulnerabilities And Threats.pptx
DBMS Vulnerabilities And Threats.pptxDBMS Vulnerabilities And Threats.pptx
DBMS Vulnerabilities And Threats.pptx
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten
 
Data base system.pptx
Data base system.pptxData base system.pptx
Data base system.pptx
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
 
Ccna sec 01
Ccna sec 01Ccna sec 01
Ccna sec 01
 
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme... هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...
 
Lesson 6 web based attacks
Lesson 6 web based attacksLesson 6 web based attacks
Lesson 6 web based attacks
 

More from Osama Mustafa

Case study for software architect
Case study for software architectCase study for software architect
Case study for software architectOsama Mustafa
 
Does cloud mean the end of the dba
Does cloud mean the end of the dbaDoes cloud mean the end of the dba
Does cloud mean the end of the dbaOsama Mustafa
 
Using git hub for your code
Using git hub for your codeUsing git hub for your code
Using git hub for your codeOsama Mustafa
 
Java business service
Java business serviceJava business service
Java business serviceOsama Mustafa
 
Steps creating data_integration_services
Steps creating data_integration_servicesSteps creating data_integration_services
Steps creating data_integration_servicesOsama Mustafa
 
Build, Deploy and Run Node Js Application on Azure using Docker
Build, Deploy and Run Node Js Application on Azure using DockerBuild, Deploy and Run Node Js Application on Azure using Docker
Build, Deploy and Run Node Js Application on Azure using DockerOsama Mustafa
 
Oracle api gateway installation as cluster and single node
Oracle api gateway installation as cluster and single nodeOracle api gateway installation as cluster and single node
Oracle api gateway installation as cluster and single nodeOsama Mustafa
 
Helping implementer dealing with famous siebel based system messages and er...
Helping implementer dealing with famous siebel based system messages and er...Helping implementer dealing with famous siebel based system messages and er...
Helping implementer dealing with famous siebel based system messages and er...Osama Mustafa
 
Weblogic 101 for dba
Weblogic 101 for dbaWeblogic 101 for dba
Weblogic 101 for dbaOsama Mustafa
 
Oracle obia 11.1.1.10.1 installation
Oracle obia 11.1.1.10.1 installation Oracle obia 11.1.1.10.1 installation
Oracle obia 11.1.1.10.1 installation Osama Mustafa
 
Oracle Enterprise manager 13c Installation
Oracle Enterprise manager 13c InstallationOracle Enterprise manager 13c Installation
Oracle Enterprise manager 13c InstallationOsama Mustafa
 
Erp installation r12.2
Erp installation r12.2Erp installation r12.2
Erp installation r12.2Osama Mustafa
 
Upgrade EBS DB from 11g to 12c.
Upgrade EBS DB from 11g to 12c.Upgrade EBS DB from 11g to 12c.
Upgrade EBS DB from 11g to 12c.Osama Mustafa
 
Eouc 12 on 12c osama mustafa
Eouc 12 on 12c osama mustafaEouc 12 on 12c osama mustafa
Eouc 12 on 12c osama mustafaOsama Mustafa
 
Install oracle siebel on windows 2008 r2
Install oracle siebel on windows 2008 r2Install oracle siebel on windows 2008 r2
Install oracle siebel on windows 2008 r2Osama Mustafa
 

More from Osama Mustafa (20)

Case study for software architect
Case study for software architectCase study for software architect
Case study for software architect
 
DevOps for database
DevOps for databaseDevOps for database
DevOps for database
 
Does cloud mean the end of the dba
Does cloud mean the end of the dbaDoes cloud mean the end of the dba
Does cloud mean the end of the dba
 
Using git hub for your code
Using git hub for your codeUsing git hub for your code
Using git hub for your code
 
DevOps Project
DevOps Project DevOps Project
DevOps Project
 
Java business service
Java business serviceJava business service
Java business service
 
Steps creating data_integration_services
Steps creating data_integration_servicesSteps creating data_integration_services
Steps creating data_integration_services
 
Build, Deploy and Run Node Js Application on Azure using Docker
Build, Deploy and Run Node Js Application on Azure using DockerBuild, Deploy and Run Node Js Application on Azure using Docker
Build, Deploy and Run Node Js Application on Azure using Docker
 
Oracle api gateway installation as cluster and single node
Oracle api gateway installation as cluster and single nodeOracle api gateway installation as cluster and single node
Oracle api gateway installation as cluster and single node
 
Helping implementer dealing with famous siebel based system messages and er...
Helping implementer dealing with famous siebel based system messages and er...Helping implementer dealing with famous siebel based system messages and er...
Helping implementer dealing with famous siebel based system messages and er...
 
Weblogic and docker
Weblogic and dockerWeblogic and docker
Weblogic and docker
 
Weblogic 101 for dba
Weblogic 101 for dbaWeblogic 101 for dba
Weblogic 101 for dba
 
Ebs clone r12.2.4
Ebs clone r12.2.4Ebs clone r12.2.4
Ebs clone r12.2.4
 
Oracle obia 11.1.1.10.1 installation
Oracle obia 11.1.1.10.1 installation Oracle obia 11.1.1.10.1 installation
Oracle obia 11.1.1.10.1 installation
 
Oracle Enterprise manager 13c Installation
Oracle Enterprise manager 13c InstallationOracle Enterprise manager 13c Installation
Oracle Enterprise manager 13c Installation
 
Erp installation r12.2
Erp installation r12.2Erp installation r12.2
Erp installation r12.2
 
OBIA Installation
OBIA Installation OBIA Installation
OBIA Installation
 
Upgrade EBS DB from 11g to 12c.
Upgrade EBS DB from 11g to 12c.Upgrade EBS DB from 11g to 12c.
Upgrade EBS DB from 11g to 12c.
 
Eouc 12 on 12c osama mustafa
Eouc 12 on 12c osama mustafaEouc 12 on 12c osama mustafa
Eouc 12 on 12c osama mustafa
 
Install oracle siebel on windows 2008 r2
Install oracle siebel on windows 2008 r2Install oracle siebel on windows 2008 r2
Install oracle siebel on windows 2008 r2
 

Recently uploaded

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 

Recently uploaded (20)

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 

Oracle database threats - LAOUC Webinar

  • 1. Osama Mustafa Senior Oracle DBA Gurus Solutions
  • 2. Overview • Introduction • Why Database security is important ? • How Database Are hacked ? • How to Protect against Database Attack ? • Conclusion • Reference • Q&A
  • 3. Who Am I ? • • • • • • Certified OCP,OCE,OCS 10g,11g Oracle ACE Certified Ethical hacker / LPT Sun / Linux Certified Author Of Oracle Penetration testing book Presenter & Contributor in Oracle Community . osama.mustafa@gurussolutions.com @OsamaOracle http://osamamustafa.blogspot.com Osama Mustafa
  • 5. Introduction • 10 January 2014 Target data theft affected 70 million customers. • Data Theft is Becoming Major Threat. • Data Theft is Bank of gold. • 90% of companies say they've been hacked. • Most of the Target Data are Personal Stuff Such as Credit Card, Account Number, and Passwords.
  • 6. Introduction Revising the Top 10 Data Loss Incidents list
  • 7. Introduction “Your Personal Data is Worth Pretty Penny, But it All Depends On Who Wants it” TrendMicro Average for personal Data Between 0$-1200$ If you want to know how much your Personal Data Worth Check this Website : http://www.ft.com/cms/s/2/927ca86e-d29b-11e2-88ed00144feab7de.html#axzz2ukFAZIUF
  • 8.
  • 9. Introduction • In 2012 Report from Verizon Data Indicate that 96% of Records breached are from database. • Less Than 5% of Security Spend on Data Center (WW Security Products ) . Data Center 5% 95%
  • 10. Why Database Security Is Important • Database is the most important Data Banking : • Financial Data • Client/Customer Data • Corporate/organization Data. • If the database stop working the company will lose money. • If the database is getting hacked, imagine what happened to the company.
  • 11. Why Database Security Is Important • Ensure the data is confidential, and prevent any outsourcing modification. • Secure database provide an additional benefit which is data management become more efficient and effective. • Access to database should be only restricted to authorized people only unless one thing it’s Public Database. • Secure Database leads to monitor activity and knows authorized people.
  • 12. Laws about Security • SOX  Sarbanes Oxley • “protect investors by improving reliability of corporate” • PCI  Payment Card industry • Related to Credit card companies such as Visa, Master card. • GLBA  Gramm Leach Bliley Act • companies that offer consumers financial products or services like loans. • DATA  Data Accountability and Trust Act • security policies and procedures to protect data containing personal information
  • 13. How Database are Hacked ?
  • 14. How Database are Hacked ? • As Database Administrator you need to know Threats that can effect on your database. • Definition of threats : context of computer security, refers to anything that has the potential to cause serious harm to a computer system. A threat is something that may or may not happen, but has the potential to cause serious damage. Threats can lead to attacks on computer systems, networks and more. • Vulnerability: Existence of a weakness design or implementation error that Existence of a weakness, design, or implementation error that can lead to an unexpected and undesirable event compromising the security of the system
  • 15. Elements Of Security • Confidentiality : • The concealment of information or resources. • Authenticity • The identification and assurance of the origin of information. • Integrity • The trustworthiness of data or resources in terms of preventing improper and unauthorized changes. • Availability • The ability to use the desired information or resource
  • 16. Triangle of Security Decide Before Moving The Ball
  • 17. What The Hacker Do ? • Gather Information • Active : Directly Such as social engineering • Passive : Google search, Social media • Scanning : • use some tools for scan vulnerabilities of the system. • Gaining Access: • Penetration Phase, continue attacking to explore deeper into the target network. • Maintaining Access • Downloading Phase • Clearing Tracks “The more the hacker learns about your internal operations means the more likely he will be intrude and exploit. So be Secure.”
  • 18. Attack Oracle-Database Server • Database servers are usually hacked to get the critical information • Mistakes made by the web designers can reveal the databases of the server to the hacker • Finding an Oracle database server on network is done using TCP port scan • Once Oracle Database Server has been discovered, First Port of call is TNS Listener.
  • 19. Top Threats Effect on Database Server • Unused Privileges:• When user are Granted Database access Privileges that exceed requirement of their job these Privileges can lead to major issue if the user was know what he is doing. • • • • • • • • REVOKE CREATE DATABASE LINK FROM connect; REVOKE EXECUTE ON utl_tcp FROM public; REVOKE EXECUTE ON utl_smtp FROM public; REVOKE EXECUTE ON utl_http FROM public; REVOKE EXECUTE ON utl_mail FROM public; REVOKE EXECUTE ON utl_inaddr FROM public; REVOKE EXECUTE ON utl_file FROM public; REVOKE EXECUTE ON dbms_java FROm public;
  • 20. Top Threats Effect on Database Server • http://support.oracle.com • Review database user privileges • Note 1020286.6 - Script to Create View to Show All User Privs Note 1050267.6 - SCRIPT: Script to show table privileges for users and roles Note 1020176.6 - SCRIPT: Script to Generate object privilege GRANTS • Revoke privileges from PUBLIC where not necessary • Note 247093.1 - Be Cautious When Revoking Privileges Granted to PUBLIC Note 234551.1 - PUBLIC Is it a User, a Role, a User Group, a Privilege ? Note 390225.1 - Execute Privileges Are Reset For Public After Applying Patchset
  • 21. Top Threats Effect on Database Server • Weak Authentication • Most common Default Password for Database Username Password Sys Manager Sys System Sys Oracle System Same as sys Apps Apps ( EBS User ) scott tiger Oracle Default Password List By Pete Finnigan http://www.petefinnigan.com/default/default_password_list.htm
  • 22. Voyager Beta worm • On 20-december 2005 an anonymous poster (kwbbwi@findnot.com ) posted an variant of the Oracle Voyager Worm. • Read more About this Worm : • http://www.red-database-security.com/advisory/oracle_worm_voyager.html • attacks Oracle servers using default accounts and password • It attempts a TCP connection to TCP Port 1521 Where oracle connection Service listens. • If Ok Then Tries Series of Username and password • System/manager, sys/change_on_install , dbsnmp/dbsnmp, scott/tiger. • Authenticate Ok , It will create table to transfer payload.
  • 23. Top Threats Effect on Database Server • Denial of service (DoS) :• Common DoS techniques include buffer overflows, data corruption, network flooding, and resource consumption. • It is an attack through which a person can render a system unusable or significantly slow it down for system unusable, or significantly slow it down for legitimate users, by overloading its resources. • Attackers may: • Attempt to flood a network, thereby preventing legitimate network traffic. • Attempt to disrupt connections between two machines thereby Attempt to disrupt connections between two machines, thereby preventing access to a service. • Attempt to prevent a particular individual from accessing a service. • Attempt to disrupt service to a specific system or person.
  • 24. Top Threats Effect on Database Server • The Impact:• Disabled network • Disabled organization • Financial loss • Loss of goodwill • DoS Attack Classification:• • • • • Smurf :- Generates a large amount of ICMP echo (ping) Buffer Overflow Attack :- The program writes more information into the buffer. Ping of death :- Send IP Packets larger than the 65,536 Bytes. Teardrop :- IP Requires that packet that is too large for next Router. SYN Attack :- Sends bogus TCP SYN requests to a victim server.
  • 25. Top Threats Effect on Database Server • Examples DoS Attack Tools :• • • • • • • • • • • Jolt2 Bubonic.c Land and LaTierra Targa Blast20 Nemesy Panther2 Crazy Pinger Some Trouble UDP Flood FSMax
  • 26. Top Threats Effect on Database Server • SQL Injection • type of security exploit in which the attacker "injects" Structured Query Language (SQL) code through a web form input box to gain Structured Query Language (SQL) code through a web form input box, to gain access to resources, or make changes to data • Programmer use sequential commands with user inputs making it easier for attackers to inject commands. • Attacker can do SQL Commands through web application. • For Example when a user logs onto a web page by using a user name and password for validation a SQL query is user name and password for validation, a SQL query is used. • What I Need  Any Web Browser.
  • 27. Top Threats Effect on Database Server • What Should I look For in SQL Injection ? • HTML method • POST  you cannot see any parameters in browser. • GET • Check HTML Source Code. <Form action=search.asp method=post> <input type=hidden name=X value=Z> </Form> • Examples • http:// www.mywebsite.com /index.asp?id=10
  • 28. Top Threats Effect on Database Server If you get this error, then the website is vulnerable to an SQL injection attack
  • 29. Top Threats Effect on Database Server • But Wait How Can I Test SQL Injection !!! • Different Way, Different Tools • Easy Way to use Single Quote in the input • Examples : • • blah’ or 1=1— • Login:blah’ or 1=1— • • Password:blah’ or 1=1— http:// www.mywebsite.com /index.asp?id=10 Will be like this http:// www.mywebsite.com/index.asp?id=blah’ or 1=1--
  • 30. Top Threats Effect on Database Server • Another examples for single quote usage in SQL Injection : • ‘ or 1=1— • “ or 1=1— • ‘ or ‘a’=‘a • “ or “a”=“a • ‘) or (‘a’=‘a) • The hacker breaks into the system by injecting malformed SQL into the query because the executed query is formed by the concatenation of a fixed string and values entered by the user: • string strQry = "SELECT Count(*) FROM Users WHERE UserName='" + txtUser.Text + "' AND Password='" + txtPassword.Text + "'";
  • 31. Top Threats Effect on Database Server • If the user enter valid username and password the query strQry will be changed Like this : SELECT Count(*) FROM Users WHERE UserName='Paul' AND Password='password‘ • But The Hacker will not leave weak code Alone and he will enter :' Or 1=1 – • The New Query Will be SELECT Count(*) FROM Users WHERE UserName='' Or 1=1 --' AND Password='' • 1=1 is always true for every row in the table, so assuming there is at least one row in the table this SQL always return nonzero count of records.
  • 32. Top Threats Effect on Database Server • Weak Audit Trail
  • 33. Top Threats Effect on Database Server Performance impacts. Determine what is important to be audited. Limited Resource. Which Mechanism Of Audit Trail I should Use ? No End-To-End Auditing
  • 34. Top Threats Effect on Database Server
  • 35. Top Threats Effect on Database Server • Whether database auditing is enabled or disabled, Oracle will always audit certain database actions into the OS audit trail. There is no way to change this behavior because it is a formal requirement of the security evaluation criteria. Documents Every DBA Should Read • • • • • NOTE:174340.1 - Audit SYS User Operations (How to Audit SYSDBA) NOTE:553225.1 - How To Set the AUDIT_SYSLOG_LEVEL Parameter? NOTE:1299033.1- Master Note For Oracle Database Auditing Note 174340.1 - Audit SYS User Operations note 1171314.1 Huge/Large/Excessive Number Of Audit Records Are Being Generated In The Database • Note 1509723.1 - Oracle Database Auditing Performance
  • 36. Top Threats Effect on Database Server • Malware • is software designed to infiltrate or damage a computer system without the owner's informed consent The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. Report From Verizon Data:“69% breaches incorporated malware” http://www.wired.com/images_blogs/threatlevel/2012/03/Verizon-DataBreach-Report-2012.pdf
  • 37. Top Threats Effect on Database Server • Malware includes computer viruses, worms, trojan horses, spyware, adware, most rootkits, and other malicious programs. In law, malware is sometimes known as a computer contaminant, in various legal codes.
  • 38. Top Threats Effect on Database Server Most Common Ports:Name Protocol Ports Back Office UDP 31337 Or 31338 Deep Throat UDP 2140 and 3150 Net Bus TCP 12345 and 12346 Whack-a-mole TCP 12361 and 12362 Net Bus 2 Pro TCP 20034 Girlfriend TCP 21544 Master Paradise TCP 3129, 40421, 40422, 40423 and 40426 Windows : netstat –an | findstr <port number> Linux : netstat –an | grep <port number>
  • 39. Top Threats Effect on Database Server • Storage/Backup Media Exposure • When data is saved to tape, you want to be confident that data will be accessible decades from now, as well as tomorrow. • Backup database storage media is often completely unprotected from attack. As a result, several high profile security breaches have involved theft of database backup tapes and hard disks. • Always Remember Company Data Means Money to another Person.
  • 40. Top Threats Effect on Database Server • Unpatched Database • Oracle Provide Something Called Critical Patch Updates. • Critical Patch Updates are collections of security fixes for Oracle products. • They are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are: • • • • • 17th day of January. 15 April 2014 15 July 2014 14 October 2014 20 January 2015 http://www.oracle.com/technetwork/topics/security/alerts-086861.html
  • 41. Top Threats Effect on Database Server
  • 42. Top Threats Effect on Database Server • Another Thing should be follow and Monitored which is : • Security Alerts • Oracle will issue Security Alerts for vulnerability fixes deemed too critical to wait for distribution in the next Critical Patch Update
  • 43. Top Threats Effect on Database Server • Unsecure Sensitive Data:• Who has access to company data ? • Dose the company meet requirement ? • What Will make the Hacker Rich ? • What Could damage the reputation of the organization ?
  • 44. Top Threats Effect on Database Server • Limited Education/Trained end users:• Humans are the weakest link in the information security. • The errors committed by the human elements of an organization remain a major contributor to data loss incidents worldwide. • What do we want to accomplish by making users aware of security? • • • • Encourage safe usage habits and discourage unsafe behavior Change user perceptions of information security Inform users about how to recognize and react to potential threats Educate users about information security techniques they can use
  • 45. Top Threats Effect on Database Server • Challenges:• • • • Delivering a desired message to the end-user. Motivating users to take a personal interest in information security. Giving end user security awareness a higher priority within organizations. No Budget in the company for Security Awareness.
  • 46. How to Secure Database • What Should I Do to Secure Database ? • Set a good password policy • No password reuse. • Strong passwords • Keep up to date with security patches • Check Firewall level • Trusted Connection Only • Block Unused Ports • Encryption • network level • SSL • File Level Such as Backup. • Database Such As Sensitive Data. • Monitor Database • Periodically check for users with database administration privileges
  • 47. How to Secure Database • audit your web applications • Misconfigurations. • Log as much as possible • Failed logins. • Permissions errors • Your Data is your money protect it. • Train IT staff on database security. • Always Ask For Professional Services.
  • 48.