Re: Security Issue

• From: "David Litchfield" <david@xxxxxxxxxxxxxxxxxxxx>
• To: <dofreeman@xxxxxxxxxxx>, <oracle-l@xxxxxxxxxxxxx>
• Date: Fri, 8 Jun 2007 20:47:54 +0100

Hi Don,

I'm in the process of researching and developing what will be an open source, post-database intrusion forensics tool called F.E.D.S. (the Forensic Examiner's Database Scalpel) that is capable of extracting information and row data, deleted or otherwise, from datafiles and the redo logs. Some of this research I've written up in the following papers:

http://www.databasesecurity.com/dbsec/Locating-Dropped-Objects.pdf
http://www.databasesecurity.com/dbsec/dissecting-the-redo-logs.pdf

If you're concerned about people gaining unauthorized access to data on backup files you should look to encrypt them (there are a number of commercial and open source solutions available) and store them in a physically secure location.

HTH,
David Litchfield

----- Original Message ----- From: "Freeman, Donald" <dofreeman@xxxxxxxxxxx>

To: <oracle-l@xxxxxxxxxxxxx>
Sent: Friday, June 08, 2007 6:25 PM
Subject: Security Issue


Is it possible to recover information from an undo datafile?   I have
been searching for information on securing oracle datafiles and see that
there are .dbf file viewers that claim to be able to view/edit/export
the contents as text.   I am thinking that its not likely to be possible
to reconstruct anything usable from an undo datafile.

I know that Oracle 10G has the ability to encrypt the contents of
datafiles and store the key in a wallet.  We are planning an upgrade in
a year but right now I'm having to answer questions about vulnerabilty
of backups stored on removable media.

Don Freeman
Database Administrator 1
Bureau of Information Technology
Pennsylvania Department of Health
(717) 703-5782


--
E-MAIL DISCLAIMER

The information contained in this email and any subsequent
correspondence is private, is solely for the intended recipient(s) and
may contain confidential or privileged information. For those other than
the intended recipient(s), any disclosure, copying, distribution, or any
other action taken, or omitted to be taken, in reliance on such
information is prohibited and may be unlawful. If you are not the
intended recipient and have received this message in error, please
inform the sender and delete this mail and any attachments.

The views expressed in this email do not necessarily reflect NGS policy.
NGS accepts no liability or responsibility for any onward transmission
or use of emails and attachments having left the NGS domain.

NGS and NGSSoftware are trading names of Next Generation Security
Software Ltd. Registered office address: 52 Throwley Way, Sutton, SM1
4BF with Company Number 04225835 and VAT Number 783096402
--
//www.freelists.org/webpage/oracle-l

• Follow-Ups:
  • RE: Security Issue
    • From: Richard J. Goulet

• References:
  • Security Issue
    • From: Freeman, Donald

Other related posts:

• » Security Issue
• » RE: Security Issue
• » Re: Security Issue
• » RE: Security Issue
• » RE: Security Issue
• » RE: Security Issue
• » RE: Security Issue

1. Home
2. oracle-l
3. Archive
4. 06-2007

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---