With the advent of legislative mandates like Sarbanes-Oxley (SOX) and the Health Insurance Portability and Accountability Act (HIPAA), the security and auditing of Oracle Databases has become much more of a priority for most organizations. A common solution has been to implement an Oracle-aware Intrusion Detection System (IDS) or auditing product to address these legislative mandates and increased auditor scrutiny. Integrigy has released a new whitepaper paper that looks at a number of techniques that may be used to evade such Oracle intrusion detection and auditing solutions, especially signature-based solutions. It is actually very easy to evade a signature-based Oracle IDS solution.
Organizations that have implemented network-based IDS and auditing solutions for their Oracle databases should carefully review the actual effectiveness of these solutions.