Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Oracle Auditing
From: Pete Finnigan <plsql () peterfinnigan demon co uk>
Date: Thu, 11 Aug 2005 20:02:10 +0100


Can I also add that I have an Oracle Security tools page you can find at
http://www.petefinnigan.com/tools.htm that lists all free and commercial
Oracle security tools I currently know about. 

I was not aware of DokFleed tool till I read this thread so thanks for

You say that you do not know much about Oracle - can i suggest that the
check list from the Center for Internet Security is a good starting
point for a good overall list of oracle security configuration /
auditing issues. This is originally based on the SANS Step-by-step book
and also the SANS S.C.O.R.E. list is also based on the same - The CIS
checklist also comes with a free benchmark tool. Links to both are on my
oracle security white papers page http://www.petefinnigan.com/orasec.htm
quoted by David. There are lots of good papers on Oracle security there
as well. 

You might also be interested in Integrigy's free listener audit tool and
Patrik Karrlson's Oracle tools (links on my tools page).

Also check out Alex Kornbrusts site http://www.red-database-security.com
and Esteban martinex Fayo / Cesar Cerrudo's site http://www.argeniss.com
which has some great Oracle security info. Aarons site www.appsecinc.com
also has some good info including listener issues as has NGS at

The recent WinSID's listener tool looks not bad also from Paul Bruenic.
A link is on my tools page.

Also I wrote the SANS Securing Oracle course that Josh quoted from using
James Abendschans tnscmd.pl tool. Its based on the example James gives
in his notes.


kind regards

Pete Finnigan (email:pete () petefinnigan com)
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Oracle Security Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.

FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]