Evading Oracle IDS and Auditing Solutions

With the advent of legislative mandates like Sarbanes-Oxley (SOX) and the Health Insurance Portability and Accountability Act (HIPAA), the security and auditing of Oracle Databases has become much more of a priority for most organizations. A common solution has been to implement an Oracle-aware Intrusion Detection System (IDS) or auditing product to address these legislative mandates and increased auditor scrutiny. Integrigy has released a new whitepaper paper that looks at a number of techniques that may be used to evade such Oracle intrusion detection and auditing solutions, especially signature-based solutions.  It is actually very easy to evade a signature-based Oracle IDS solution.

Organizations that have implemented network-based IDS and auditing solutions for their Oracle databases should carefully review the actual effectiveness of these solutions.

Whitepaper: Evading Network-Based Oracle Database Intrusion Detection Systems

 Share this post