RE: Oracle 9i on Windows 2003 -- Vulnerability Question

From: "Panosian, Estifan" <EPanosian@xxxxxx>
To: "Niall Litchfield" <niall.litchfield@xxxxxxxxx>
Date: Fri, 1 Dec 2006 10:44:47 -0500

Thanks everybody.
Estifan Panosian

-----Original Message-----
From: Niall Litchfield [mailto:niall.litchfield@xxxxxxxxx] 
Sent: Friday, December 01, 2006 4:51 AM
To: Panosian, Estifan
Cc: Oracle-L Freelists
Subject: Re: Oracle 9i on Windows 2003 -- Vulnerability Question

On 11/30/06, Panosian, Estifan <EPanosian@xxxxxx> wrote:
> Hello,
>
> I am trying to make our database more secure, one of the scenarios we
> came up is:
> 'what if an internal hacker (somehow) gets to our database server?'
> 1) what kind of damages he/she could cause, and
> 2) what we need to do to protect our databases?
> 3) Could hacker be able to browse data?
>
> Any article in this regard?
>
> OS is Windows 2003, Oracle is 9.2.0.7.
> The hacker has admin rights on the server.

If you mean physically or remotely (for example using some desktop
remoting software such as vnc|remote desktop|citrix) then it will - in
almost all circumstances - be trivial to carry out any malicious
action that you can think of.  The physical analogy would be if a
burglar can enter you house and has access to your keys/safe codes etc
what damage could they do?

cheers

-- 
Niall Litchfield
Oracle DBA
http://www.orawin.info
--
http://www.freelists.org/webpage/oracle-l

References:

Re: Oracle 9i on Windows 2003 -- Vulnerability Question
From: Niall Litchfield

RE: Oracle 9i on Windows 2003 -- Vulnerability Question

Other related posts: