Hacking and protecting Oracle Database Vault
- Type
- Paper
- Tags
- Oracle
- Authors
- Esteban Martínez Fayó
- Event
- Black Hat USA 2010
- Indexed on
- Mar 27, 2013
- URL
- https://media.blackhat.com/bh-us-10/whitepapers/Fayo/BlackHat-USA-2010-Fayo-Hacking-Protecting-Oracle-Databease-Vault-wp.pdf
- File name
- BlackHat-USA-2010-Fayo-Hacking-Protecting-Oracle-Databease-Vault-wp.pdf
- File size
- 319.7 KB
- MD5
- 8202f5976abbe110a01e22dfe1328500
- SHA1
- 8d6eb5254623ad412bb19b6e84d50a15ff437844
Oracle Database Vault was launched a few years ago to put a limit on DBAs unlimited power especially over highly confidential data where it is required by regulations. This presentation will show how this add-on product for Oracle Database performs on this difficult task, first giving an introduction to DB Vault and what protections does it brings, then showing with many examples how it is possible to bypass the protections provided. The attacks demonstrated include getting operating system access to disable DB Vault, SQL Injection and impersonation techniques to bypass DB Vault protections and how it is possible using simple exploits to circumvent DB Vault. These attack examples are accompanied by recommendations on how to protect from them. Also the presentation shows some issues with native database auditing and has a section with additional recommendations to secure DB Vault and conclusions.
About us
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Statistics
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.
Contribute
To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.
