Evading Network-Based Oracle Database Intrusion Detection Systems

With the advent of legislative mandates like Sarbanes-Oxley (SOX) and the Health Insurance Portability and Accountability Act (HIPAA), the security and auditing of Oracle Databases has become much more of a priority for most organizations. A common solution has been to implement an Oracle-aware Intrusion Detection System (IDS) or auditing product to address these legislative mandates and increased auditor scrutiny. This paper looks at a number of techniques that may be used to evade such Oracle intrusion detection and auditing solutions, especially signature-based solutions.

Click here to get the file