Oracle Database Vault: Design Failures

Similar documents
The Value of Physical Memory for Incident Response

Oracle Database 11g: Security. What you will learn:

Penetration Testing: Advanced Oracle Exploitation Page 1

Oracle Database Security. Nathan Aaron ICTN 4040 Spring 2006

Securing Data in Oracle Database 12c

Circumvent Oracle s Database Encryption and Reverse Engineering of Oracle Key Management Algorithms. Alexander Kornbrust 28-July-2005

Oracle Database 11g: Security

FORBIDDEN - Ethical Hacking Workshop Duration

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

Database security issues PETRA BILIĆ ALEXANDER SPARBER

NEW AND IMPROVED: HACKING ORACLE FROM WEB. Sumit sid Siddharth 7Safe Limited UK

Oracle Database 11g: Security Release 2. Course Topics. Introduction to Database Security. Choosing Security Solutions

Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Oracle Database 11g: Security

Oracle Database Security

Protecting Data Assets and Reducing Risk

Restore and Recovery Tasks. Copyright 2009, Oracle. All rights reserved.

Loophole+ with Ethical Hacking and Penetration Testing

New Oracle 12c Security Features Oracle E-Business Suite Perspective

FREQUENTLY ASKED QUESTIONS

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Best Practices for Oracle Databases Hardening Oracle /

Network Security. 1 Pass the course => Pass Written exam week 11 Pass Labs

Restoring To A Different Location With EBU And RMAN An AppsDBA Consulting White Paper

Database Assessment. Vulnerability Assessment Course

11. Oracle Recovery Manager Overview and Configuration.

Pentesting / Hacking Oracle databases with

ORACLE CORE DBA ONLINE TRAINING

Migrate Topaz databases from One Server to Another

Security Analysis. Spoofing Oracle Session Information

Oracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data

Oracle Security Auditing

Oracle Security Auditing

Copyright 2014 Oracle and/or its affiliates. All rights reserved.

Performing Database and File System Backups and Restores Using Oracle Secure Backup

Cisco Process Orchestrator Installation Guide

Oracle 11g Database Administration

The Ultimate Remote Database Administration Tool for Oracle, SQL Server and DB2 UDB

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

D50323GC20 Oracle Database 11g: Security Release 2

Securing Database Servers. Database security for enterprise information systems and security professionals

Securing Your Oracle Database to Protect your Data

SQL SERVER Anti-Forensics. Cesar Cerrudo

Oracle Health Sciences Network. 1 Introduction. 1.1 General Security Principles

COURCE TITLE DURATION. Oracle Database 11g: Administration Workshop I

Ethical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours

Using RMAN to restore a database to another server in an ASM environment

Making Database Security an IT Security Priority

Delivery Method: Instructor-led, group-paced, classroom-delivery learning model with structured, hands-on activities.

Database Security. Oracle Database 12c - New Features and Planning Now

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Oracle Database Security. Paul Needham Senior Director, Product Management Database Security

Customer evaluation guide Toad for Oracle v12 Database administration

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

Thick Client Application Security

Oracle Corporation

Oracle Database 11g: Security Release 2

HOW TO. RMAN Restore for Standby 10gR2

Safeguard Sensitive Data in EBS: A Look at Oracle Database Vault, Transparent Data Encryption, and Data Masking. Lucy Feng

Database Auditing Report submitted by: D. Murali Krishna S.M Siva Rama Krishna

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

Cross Platform Transportable Tablespaces Migration in Oracle 11g

Setting up the Oracle Warehouse Builder Project. Topics. Overview. Purpose

ORACLE FORENSICS IN A NUTSHELL 25/03/2007

Need for Database Security. Whitepaper

Oracle Database 11g: Administration Workshop I

CEH Version8 Course Outline

Homeland Security Red Teaming

Feature. Database Backup and Recovery Best Practices

All Things Oracle Database Encryption

<Insert Picture Here> Oracle Database Security Overview

An Oracle White Paper January Oracle Database 12c: Full Transportable Export/Import

The safer, easier way to help you pass any IT exams. Exam : 1Z Upgrade Oracle9i/10g/11g OCA to Oracle Database 12c OCP.

DBMS Questions. 3.) For which two constraints are indexes created when the constraint is added?

HP LeftHand SAN Solutions

Database Extension 1.5 ez Publish Extension Manual

Configuring Backup Settings. Copyright 2009, Oracle. All rights reserved.

Oracle DBA Course Contents

Oracle vs. SQL Server. Simon Pane & Steve Recsky First4 Database Partners Inc. September 20, 2012

Hacking Database for Owning your Data

Data Security: Strategy and Tactics for Success

Thanks for showing interest in Vortex IIT Delhi & What After College (WAC) Ethical Hacking Workshop.

D12CBR Oracle Database 12c: Backup and Recovery Workshop NEW

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Internal Penetration Test

Network Forensics: Log Analysis

EMC Replication Manager Integration with Oracle Database Server

Threat Modelling for Web Application Deployment. Ivan Ristic (Thinking Stone)

2015 Jože Senegačnik Oracle ACE Director

BrightStor ARCserve Backup

Oracle 12c Multitenant and Encryption in Real Life. Christian Pfundtner

Stronger database security is needed to accommodate new requirements

Oracle 11g DBA Training Course Content

Print Audit Facilities Manager Technical Overview

Guardium Change Auditing System (CAS)

What s New in MySQL 5.7 Security Georgi Joro Kodinov Team Lead MySQL Server General Team

Monitoring Audit Trails Using Enterprise Manager

Transcription:

Oracle Database Vault: Design Failures

What is Database Vault? Helps protecting against insider threats even when these comes from privileged database users (SYS) Mandatory in certain countries: laws Can be considered as a war declaration against many DBAs...

Design Failures Database Vault administrator and auditor Operative System Level File System Level RDBMS level The TNS protocol

Database Vault's administrator and auditor The most obvious failure (if it can be considered a failure...) Who controls the police? Who should be the responsable? And who controls the one who controls the auditors and administrators Another department who controls the departament that controls the department who controls the department...?

Failures: Operative System Level Fact: Database system runs as only one operative system user Oracle under Unix/Linux Local System under Windows Database Vault's auditor, administrator, database's administrator and final users, all of they, runs their queries in the same user space owned by the user who runs the database

Failures: Operative System Level Fact: Database administrator can trojanize the database at operative system level libclntsh.so (or.dll) A trojan version of the TNS Listener or, quicker, a proxy between the end user and the real TNS Listener A trojanized Oci library Any Oracle component can be trojanized

Failures: Operative System Level Fact: DBA has Oracle or Local System privileges in the operative system (S)he can attach with a debugger to any oracle process and record all operations Set function and/or address breakpoints and modify the common way the database system works Can change local or global variables, the uid of a running SQL session, etc... Can do whatever (s)he wants...

Failure: Filesystem Level Fact: DBA has file system access Able to read or write datafiles in raw mode There are many libraries and tools to do it Data Unloader Oracle's own tool DUDE (Database Unloading by Data Extraction) http://www.ora600.nl/introduction.htm

Failures: Filesystem Level Fact: DBA can do a backup. (S)he can copy the complete database to any other disk or machine RMAN ALTER TABLESPACE XXX BEGIN BACKUP Can reimport complete database EXP/IMP doesn't work as expected but... (S)he can use RMAN Do a manual recover: damage one datafile and put the manipulated version to recover Hard but possible

Failures: Filesystem Level Problems Recovering and/or editing a large datafile can be very hard and would be a reason to audit the complete database (by the police, of course) The data stored in the datafiles may be encrypted

Failures: Filesystem Level Solutions Trojanize the database if the encryption mechanism is in the database (i.e., PL/SQL) An attacker (DBA) can wait for a system failure to apply the changes made in a datafile without making it a suspicious think You wil always found a system failure You will always found a solution, if you're the DBA or the system administrator you're god :)

Fallas: Database System Is hard to install a trojanized PL/SQL package when database vault is installed Install the trojan prior to install database vault option :) While DBA is doing the testing But... What can be trojanized?

Failures: What to trojanize? DBMS_OBFUSCATION_TOOLKIT *_USERS, *_PRIVS Views DBMS_STANDARD, in example... The installer and installer's scripts Database vault's own scripts ;)

Failures: Backdoors A wrapped (to hide the code) PL/SQL package during database vault install To escalate privileges To remove any evidence of an attack To simply subvert Database Vault's behaviour

Failures: Again, trojanize at OS level We can trojanize at OS level As explained in other chapter libclntsh.(so dll) oracle[.exe] libocci.[so dll] libnnzxx.[so dll] extjob[.exe] sqlplus[.exe]

Failures: Hooks Every time you applies a patch you should reapply the trojan But you can trojanize the rebuild script... Is better to write a tool to hook interesting Oracle functions oci_prepare_stmt, in example? Any of the kk* internal functions

Failures: TNS Protocol There are various rule sets that allows or denies the privilege to do something if you connect from some domain or ip address: IP Address, OS username, program, machine, etc... Are fully user controllable They are simply strings in a TNS Packet NV strings Not trusted

Failures: TNS Protocol An example TNS packet's NV string : (CONNECT_DATA=(CID=(PROGRAM=himom.exe)(H OST=192.168.1.5)(USER=oracle))(COMMAND=connec t)(arguments=64)(service=listener)(version =169869568)) OS username and ip address are fully controllable by an attacker As well as many other options... They are fields of a TNS packet

Conclusions Interesting product but... I think that is unreal Has no privilege separation at os level Root or System can do whatever s(he) wants You can't hide nothing to the kernel and the root/system may alter the kernel behaviour without being noticed by final users To subvert database's behaviour, i.e.

Possible solutions Administrator or root shouldn't have privileges to do whatever (s)he want, otherwise, (s)he is able to attack the database system Note the quotes (root attacking the system...) Google like question: What is broken in Unix? Privilege separation at os level, by creating different users and groups for different task is fundamental Remember: All run in the same user space

End Send comments, questions, criticisms, insults, threats, invitations for sex or for a drink to: joxeankoret@yahoo.es

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information