[logs] Oracle IDS

From: Pete Finnigan (peteat_private)
Date: Tue Sep 18 2001 - 02:44:39 PDT

Next message: Russell Fulton: "Re: [logs] Log rotation tools"

Previous message: Sweth Chandramouli: "Re: [logs] Log rotation tools"
Next in thread: Ofir Arkin: "RE: [logs] Oracle IDS"
Reply: Ofir Arkin: "RE: [logs] Oracle IDS"
Reply: lbuchanaat_private: "RE: [logs] Oracle IDS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi

I am replying to my own original post on Oracle logging to say apart
from one person who emailed my privately no one expressed any interest
in Oracle log analysis or IDS tools. I don't know if this is because
there is a lack of interest in Oracle security or because there is
genuinely nothing out there.

I have seen quite a lot of interest in Oracle security recently and i
could not find anything myself on Oracle IDS's or log analysis so i have
decided that i think its the latter and i have decided to write an
Oracle IDS myself. I dont know what the licensing will be at this stage,
or whether it will be free or commercial, but i have a design and i have
started coding a few days ago. 

As i am in the early stages i was hoping for some input from the experts
who frequent this list as to what features they feel would be important
in a purely database IDS, built to run inside a database and to monitor
only a database for attacks or intrusions. 

The functionality will reside in a seperate database and is being
written in PL/SQL and could if needed be run in the database being
monitored ( not a good idea ). This will mean it is truly platform
independant as it resides inside Oracle. Not sure about an interface (
GUI ) yet, maybe Java based. It will collect the standard audit trail
and act in real time, or delayed ( you choose ) on records coming in, it
will also collect various other information at intervals of the users
choosing. The signatures will be easy to define and be stored in the
database encrypted.

Any comments will be most welcome even if its to say i am wasting my
time.

thanks in advance

Pete

-- 
Pete Finnigan
IT Security Consultant
PenTest Limited

Office  01565 830 990
Fax     01565 830 889
Mobile  07974 087 885

pete.finnigan@pentest-limited.com

www.pentest-limited.com

---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private

Next message: Russell Fulton: "Re: [logs] Log rotation tools"
Previous message: Sweth Chandramouli: "Re: [logs] Log rotation tools"
Next in thread: Ofir Arkin: "RE: [logs] Oracle IDS"
Reply: Ofir Arkin: "RE: [logs] Oracle IDS"
Reply: lbuchanaat_private: "RE: [logs] Oracle IDS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 09:52:30 PDT