Pete, Oracle security and IDS monitoring of the database is a VERY big issue when we are talking about major corporations using Oracle as their master DB of choice. The ability to monitor (and understand) what people do to the database is highly important. I was involved with several projects that this kind of ability would enhance our ability to parse and look for suspicious activities regarding the DB. Ofir Arkin [ofir@sys-security.com] Founder The Sys-Security Group http://www.sys-security.com PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA -----Original Message----- From: Pete Finnigan [mailto:peteat_private] Sent: ג 18 ספטמבר 2001 11:45 To: LOGANALYSISat_private Subject: [logs] Oracle IDS Hi I am replying to my own original post on Oracle logging to say apart from one person who emailed my privately no one expressed any interest in Oracle log analysis or IDS tools. I don't know if this is because there is a lack of interest in Oracle security or because there is genuinely nothing out there. I have seen quite a lot of interest in Oracle security recently and i could not find anything myself on Oracle IDS's or log analysis so i have decided that i think its the latter and i have decided to write an Oracle IDS myself. I dont know what the licensing will be at this stage, or whether it will be free or commercial, but i have a design and i have started coding a few days ago. As i am in the early stages i was hoping for some input from the experts who frequent this list as to what features they feel would be important in a purely database IDS, built to run inside a database and to monitor only a database for attacks or intrusions. The functionality will reside in a seperate database and is being written in PL/SQL and could if needed be run in the database being monitored ( not a good idea ). This will mean it is truly platform independant as it resides inside Oracle. Not sure about an interface ( GUI ) yet, maybe Java based. It will collect the standard audit trail and act in real time, or delayed ( you choose ) on records coming in, it will also collect various other information at intervals of the users choosing. The signatures will be easy to define and be stored in the database encrypted. Any comments will be most welcome even if its to say i am wasting my time. thanks in advance Pete -- Pete Finnigan IT Security Consultant PenTest Limited Office 01565 830 990 Fax 01565 830 889 Mobile 07974 087 885 pete.finnigan@pentest-limited.com www.pentest-limited.com --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Thu Sep 20 2001 - 12:37:22 PDT