A. B. Mutiara

Dissection of an Oracle Attack in the Absence of Auditingby David Lichtfield

Why Oracle Forensics?

• Since the state of California passed the Database Security Breach Notification Act (SB 1386) in 2003 another 34 states have passed similar legislation with more set to follow.
• In January 2007 TJX announced they had suffered a database security breach with 45.6 million credits card details stolen – the largest known breach so far.
• In 2006 there were 335 publicized breaches in the U.S.; in 2005 there were 116 publicized breaches; between 1st January and March 31st of 2007, a 90 day period, there have been 85 breaches publicized.
• There are 0 (zero) database-specific forensic analysis and incident response tools on the market – free or commercial.

Where is the evidence?

Evidence of a compromise can be found in many places – for example

• TNS Log files
• Trace files
• Redo Logs
• Datafiles
  • Metadata and statistics
• Apache logs (Oracle Application Server)

This talk specifically covers the datafiles, redo logs In the essence of time we’ll be cutting out several parts of the forensic process which you wouldn’t do in a real scenario of course!

Search for evidence related to SELECTs

To start with we’ll look at an Oracle Data Block

More detailed see here

Sampai saat secara teoritis telah dikembangkan tiga teknik ‘clustering’ dinamik untuk Basis Data berbasis obyek (Object-Oriented Databases (OODb)), yaitu

1. Dynamic, Statistical & Tunable Clustering (DSTC)
2. StatClust,
3. Detection & Reclustering of Objects (DRO)

Dua yang pertama, mengeskpoitasi i) statistik pengunaan secara komprehensif dan ii) graf referensi antar-obyek. Keduanya tergolong cukup terinci. Namun, keduanya juga rumit (kompleks) untuk diimplementasikan dan menghasilkan juga ‘overhead’ yang tinggi. Teknik yang ketiga berbasiskan pada prinsip yang sama, tetapi lebih mudah untuk diimplentasikan.

Ketiga algoritma/teknik cluster dinamik telah diimplementasikan oleh Jérôme Darmont (LIMOS) dkk., pada penyimpanan obyek persisten Texas, dan dibandingkan satu sama lain untuk melihat a) efisiensi cluster (yaitu peningkatan kinerja keseluruahan) dan b) ‘overhead’ dengn menggunakan Object Clustering Benchmark (OCB). Hasil yang diperoleh menunjukan bahwa DRO menghasilkan overhead yang lebih rendah dan kinerja keseluruhan lebih baik.

Lebih detail dapat dibaca pada papernya format pdf

LIMBAS is a web client/server application allowing you to develop application quickly without programming. This, only by the use of tables and forms and other modules like workflow engine, user management, report editor, file manager or soap interface.

An outstanding feature is complete use with an Internet-Browser without installations, Plugins or other components on the client. (live cd go to http://www.limbas.org/, we could find also in this site examples: anthiemen administration, Picture data base, Callcenter, Internet shop, Biographies encyclopedia

Some FAQ about LIMBAS:

What is LIMBAS?

With LIMBAS one can illustrate, manage, administer and distribute business- or project processes over a webbrowser.

What makes LIMBAS unique?

LIMBAS is a performant tool which is based on Unix/Linux operating systems in order to provide tables applications and Workflows only over the browser and without Plugins. It is platform independent for the client. LIMBAS uses many procedures necessary for data security like e.g. transactions, Backups and restrictions of access.

Was can LIMBAS do?

Limbas stores and processes data and files. For this purpose LIMBAS offers many tools and functions e.g.: Input assistance, form generator, report designer, Workflowfunctions, export possibilities and many other things.

Where do I get LIMBAS?

LIMBAS stands under a dual license. The GPL version and is available under www.swissforge.org, the propritaere license can be referred over www.limbas.com.

What can I realize with LIMBAS?

Applications, which have something to do with data bases and with the administration of data.