LitArk » Books » Computer

Finnigan - Oracle Incident Response and Forensics Preparing for and Responding to Data Breaches

Here you can read online Finnigan - Oracle Incident Response and Forensics Preparing for and Responding to Data Breaches full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. City: Berkeley;CA;Place of publication not identified;United States, year: 2018;2017, publisher: Apress, genre: Computer. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:

Romance novel Science fiction Adventure Detective Science History Home and family Prose Art Politics Computer Non-fiction Religion Business Children Humor

Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.

Book:
Oracle Incident Response and Forensics Preparing for and Responding to Data Breaches
Author:
Finnigan / Pete
Publisher:
Apress
Genre:
Books / Computer
Year:
2018;2017
City:
Berkeley;CA;Place of publication not identified;United States
Rating:
4 / 5
Favourites:
Add to favourites
Your mark:
- 80
- 1
- 2
- 3
- 4
- 5

Description
Author's other books
Similar books

Oracle Incident Response and Forensics Preparing for and Responding to Data Breaches: summary, description and annotation

We offer to read an annotation, description, summary or preface (depends on what the author of the book "Oracle Incident Response and Forensics Preparing for and Responding to Data Breaches" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.

Rsum : Discussing forensics in relation to Oracle Database, this book provides the tools and techniques needed to investigate a breach, and the measures to put in place to make it harder for an attack to be successful in the future. --

Finnigan: author's other books

Who wrote Oracle Incident Response and Forensics Preparing for and Responding to Data Breaches? Find out the surname, the name of the author of the book and a list of all author's works by series.

Oracle Incident Response and Forensics Preparing for and Responding to Data Breaches — read online for free the complete book (whole text) full work

Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Oracle Incident Response and Forensics Preparing for and Responding to Data Breaches" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.

Light

Font size:

↓

↑

Reset

Interval:

↓

↑

Bookmark:

Make

Pete Finnigan 2018

Pete Finnigan Oracle Incident Response and Forensics

1. Data Breach

Pete Finnigan 1

(1)

Acomb York, North Yorkshire, UK

There are often multiple reasons why an Oracle database may be attacked. An attacker may see an Oracle database simply as an easy target to gain access to a companys other IT infrastructure. Unfortunately, because Oracle is a very complex product that requires an enormous amount of configuration, often gaps are created in the security model used to protect the data held within the database.

Because access to data is often at multiple levelsvia an application interface, a developer using TOAD, a DBA using SQL*Plus, and many morethere is a risk that the security controls are different at each layer and so allow access to more data at one layer than another. An attacker may choose to attack an Oracle database to steal the data or he may choose to attack an Oracle database simply to gain access to other IT infrastructure.

It is important to understand at a high level the types of attacks that can be performed on an Oracle database so that you are able to recognize them from evidence gathered. It is also imperative to understand what an incident is and what an incident response is. Following an incident, forensic analysis must take place to understand how the attackers may have breached and stolen data or done other damage to your database. Finally, its important to know how Oracle itself works at a reasonably detailed level because this will give you clues as to where evidence or artifacts can be found and used.

We have a brief discussion of the subject of chain of custody. This is the process normally used when investigating a PC as part of computer forensics. With a small system, the process is often clean and simple and involves documentation, verification, and secure storage of the artifacts (usually a complete computer or hard disk). A short discussion is also included on the issue of admissibility of evidence in court. Verifying evidence is usually done by checksumming hard disk, and this process is compared with an Oracle database. This sets the background to normal IT forensic analysis so that we can contrast it with forensic analysis of an Oracle database.

Types of Attack

Table introduces a high-level list of some types of attack that could be performed against an Oracle database. This list includes a brief description of the attack type, the danger it poses to the owner of the data in the Oracle database, and the skill level needed to try the attack. This list is by no means exhaustive and in some cases an attack type may have multiple sub-types. For instance, SQL Injection could be SQL Injection of SQL code embedded in a remote PHP web application that accesses the database or it could be SQL injection of SQL code executed in a PL/SQL package in the database. It could even be SQL injection of SQL code in a batch process where the injection must be done via an INSERT statement.

There are many possible attack types and many of them can be combined into a single attack. This makes understanding how any particular attack took place difficult. There is no set list of rules that can be easily used to identify an attack.

The location of the attacker and the database is also very important to how the attack plays out. An attacker who is located internally to the business will more than likely have access to a desktop computer, probably with applications that access the database he wants to attack and possibly with tools that would allow a direct connection to the database. Most end users in an organization will probably not have credentials for the database; at least they may not understand if they do have credentials for the database. Some applications actually log into the database directly but the user enters the credentials in the screen of an application. Internally in an organization the staff is more likely to understand the data that is processed and possibly more likely to understand the architecture and technology used, therefore making an attack easier.

An external attack is much harder. If an attacker is able to exploit a publicly facing web site that serves its data from a database, then it may be possible to effectively tunnel your way in to the database. If this were not possible, then it would be much harder for an external attacker to gain access to an internal database. The attacker would first need to be able to get onto the network of the organization and then find a way to identify and access the database.

The list of attacks in Table is not exhaustive and, as stated, an attacker could be internal or external and attacks can be combined. Factor in the multitude of operating system versions, Oracle database versions, and different types of applications, and you can see how each attack can look quite different.

Table 1-1

Database Attack Types

Attack Type	Danger	Skill Level	Description
SQL Injection	High/Low	High/Low	The danger is high or low depending on the data potentially exposed by the SQL that is attacked. The skill level is high or low depending on whether a tool can be used to perform the exploit.
Cross-Site Scripting	High/Low	High/Low	As with SQL injection, the danger depends on where the code that is exploited is located and what it does. Also the skill level depends again on whether an attacker can simply use a tool successfully or a manual attack is needed.
Payload Injection	High	High	The injection string must be first inserted as valid data for a trigger or later process to read it and place it into a SQL injection scenario.
DDL injection	High/Low	High/Low	Similar to SQL Injection.
PL/SQL Injection	High/Low	High/Low	Similar to SQL Injection.
DML Injection	High/Low	High/Low	Similar to SQL Injection.
Direct database access	High	Medium/High	Much harder, as the attacker needs IT skills and have to install a tool such as SQL*Plus, and would need to know at least Oracle TNS.
Data loss	High/Low	High/Low	This depends on how and where the data is stolen. Low would be an employee simply stealing a paper report or printing a screen. High would be an attack against a web site and then working out how to target the data needed.
Escalation of database rights	High	High	An attacker would need direct database access via a tool such as SQL*Plus or an exploit in a web site that allows SQL or PL/SQL Injection that would allow DDL to be injected.
Access to operating system or network resources	High	High	An attacker would need elevated access to the database normally; then would need access to an account with OS or network access or would need skill to add the correct database objects.
Audit trail changes	High	High	An attacker would need elevated access to the database normally; then would need access to the audit trails or an account that has access

Light

Font size:

↓

↑

Reset

Interval:

↓

↑

Bookmark:

Make

Similar books «Oracle Incident Response and Forensics Preparing for and Responding to Data Breaches»

Look at similar books to Oracle Incident Response and Forensics Preparing for and Responding to Data Breaches. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.

Jinyu Wang

Oracle Database 11g Building Oracle XML DB Applications

Chuck Easttom

Digital Forensics, Investigation, and Response

Ligh Michael Hale

Art of memory forensics: detecting malware and threats in Windows, Linux, and Mac memory

Learning malware analysis: explore the concepts, tools, and techniques to analyze and investigate Windows malware

Luttgens Jason T.

Incident Response & Computer Forensics

Johansen

Digital forensics and incident response: an intelligent way to respond to attacks

Alam

Oracle NoSQL database real-time big data management for the enterprise

Bob Bryla

Oracle Database 12c Release 2 New Features

Neagu Adrian

Oracle 11g Anti-Hackers Cookbook

Leighton Johnson

Computer Incident Response and Forensics Team Management: Conducting a Successful Incident Response

Rick Greenwald

Oracle Essentials: Oracle Database 12c

John Sammons

The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics

Reviews about «Oracle Incident Response and Forensics Preparing for and Responding to Data Breaches»

Discussion, reviews of the book Oracle Incident Response and Forensics Preparing for and Responding to Data Breaches and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.