Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secmon Basic Oracle Security Monitoring. motivation & start internet security evaluate password cracker to check security of passwords.

PublishShavonne Lyons Modified over 9 years ago

Similar presentations

Presentation on theme: "Secmon Basic Oracle Security Monitoring. motivation & start internet security evaluate password cracker to check security of passwords."— Presentation transcript:

1 secmon Basic Oracle Security Monitoring

2 motivation & start internet security evaluate password cracker to check security of passwords

3 problems default passwords (Oracle) – Scott/Tiger username = password – (slight permutations) hidden users (rootkits)

4 oracle passwords[1] username prepended as salt – oracl:epwd same as oracle:pwd only uppercase fast hashing

5 Results of Evaluation[2] programversionsourcebinariesmulti- threaded test1test2test3 orabf0.7.6closedwinno0.1s1.8s473.3s checkpwd1.23closedwin, linux, mac claimed1.1s8.9s1197.7s woraauthbf0.21R2openwinyes0.2s1.3s358.8s Further performance test of woraauthbf were performed on different hardware[3]

6 the winner: woraauthbf reasonably fast multi-threaded open source no Linux version

7 customizing woraauthbf my port of woraauthbf to linux – C/C++ – replacing Windows functions – version 0.21 and 0.22 – changes probably in 0.23

8 woraauthbf: the bugs in permutation generation one misplaced pointer race condition – My mistake

9 woraauthbf: the enhancements removed all warnings icc multithreading of permutation checking & generating

10 woraauthbf: enhancement results[3] ~150 user names; ~1.5 Mio. Dictionary entries

11 good dictionaries are needed but are hard to find combine high quality ones with ‘edited’ low quality ones

12 dictionaries: the sources Wordlist project on sourceforge[4] – http://wordlist.sourceforge.net/ http://wordlist.sourceforge.net/ ftp://ftp.cerias.purdue.edu/pub/dict/ ftp://ftp.ox.ac.uk/pub/wordlists Internet Dictionary Project – http://www.ilovelanguages.com/IDP/ http://www.ilovelanguages.com/IDP/ French, German, Italian, Portuguese, Spanish, Dutch, Polish…

13 dictionaries: the ‘editing’ glance through cat German.txt | sed -r 's/[[:blank:]]+/\n/g' | sed -r 's/~//g' | sed -r 's/=//g' | sed -r 's/\[Article\]//g' | sed -r 's/\[Pronoun\]//g' | sed -r 's/\//\n/g' | sed -r 's/\.//g' | sed -r 's/,/\n/g' | sed -r 's/~//g'| sed -r 's/\[Adverb\]//g' | sed -r 's/\[Noun\]//g' | sed -r 's/://g' | sed -r 's/\[Verb\]//g' | sed -r 's/\[Adjective\]//g' | sed -r 's/;//g' | sed -r 's/^(.+)\((.+)\)/\1\n\1\2/g' | sed -r 's/^\((.+)\)$/\1/g' | sed -r 's/\(f\)//g' | sed -r 's/\(e\)//g' | sed -r 's/\^//g' | sed -r 's/\\//g' | sed -r 's/\[Preposition\]//g' | sed -r 's/\[Conjunction\]//g' | sed -r 's/\"//g' | sed -r 's/_//g' | sed -r 's/\(//g' | sed -r 's/\)//g' | sed -r 's/`//g' | sed -r 's/[0-9]//g' | sed -r 's/\[\]//g' | sed -r 's/\[f\]//g' | sed -r 's/\[int\]//g' | sed -r 's/\[//g' | sed -r 's/\+//g' | sed -r 's/- //g' | sed -r 's/&//g' | tr '[:lower:]' '[:upper:]' | sort -u > germanWordlist

14 secmon: the architecture

15 secmon: quick facts python shell scripts – (grep, awk, sed) multithreaded – each remote component controlled by own thread

16 secmon: the remote component ‘run’ executable – gets arguments – returns result on stdout (stderr) easy to add new component

17 secmon: the remote components targetDBComponent – gets username and hashes crunchComponent – does the actual pw checking hiddenUserComponent – more later

18 secmon: virtual demo

19

20

21

22 secmon: hiding users[4]

23 secmon: hiding users

24

25 Future migration to pdb_backup production rollout project report & documentation release linux version of woraauthbf check privileges of users – other checks (rootkits…)

26 questions? Thanks to: – Maria – Luca Canali – Dawid – Miguel – Jacek – and the rest of the IT-DM team

27 references [1] Wright, Joshua; Cid, Carlos. An Assessment of the Oracle Password Hashing Algorithm http://www.sans.org/reading_room/special/inde x.php?id=oracle_pass&ref=911 http://www.sans.org/reading_room/special/inde x.php?id=oracle_pass&ref=911 [2] Donnerer, Michael. A Comparision of Offline Password Cracking Tools for Oracle 10g Databases [3] Donnerer, Michael. Some permformance measurements of woraauthbf [4] Kornbrust, Alexander. Are Oracle Rootkits Easy To Find? http://blog.red-database- security.com/2007/12/24/are-oracle-rootkits- easy-to-find/http://blog.red-database- security.com/2007/12/24/are-oracle-rootkits- easy-to-find/

Download ppt "Secmon Basic Oracle Security Monitoring. motivation & start internet security evaluate password cracker to check security of passwords."

Similar presentations

XStudio Quick Overview Eric Gavaldo

XStudio Quick Overview Eric Gavaldo
Password Cracking Lesson 10. Why crack passwords?

Password Cracking Lesson 10. Why crack passwords?
QDV 7 Overview A powerful estimating tool designed to match up with your own specific methodologies.

QDV 7 Overview A powerful estimating tool designed to match up with your own specific methodologies.
Novell from Home Net Storage. Novell access via NetStorage 1-Web Interface Connect to your shared drive through your web browser Windows, Mac or Linux.

Novell from Home Net Storage. Novell access via NetStorage 1-Web Interface Connect to your shared drive through your web browser Windows, Mac or Linux.
ManageEngine TM Applications Manager 8 Monitoring Custom Applications.

ManageEngine TM Applications Manager 8 Monitoring Custom Applications.
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 10 04/18/2011 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 10 04/18/2011 Security and Privacy in Cloud Computing.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
1 MySQL Passwords Password Strength and “Cracking” Presented by Devin Egan Defcon 12 - July 31, 2004 Password Strength and “Cracking” Presented by Devin.

1 MySQL Passwords Password Strength and “Cracking” Presented by Devin Egan Defcon 12 - July 31, 2004 Password Strength and “Cracking” Presented by Devin.
Lecture 02CS311 – Operating Systems 1 1 CS311 – Lecture 02 Outline UNIX/Linux features – Redirection – pipes – Terminating a command – Running program.

Lecture 02CS311 – Operating Systems 1 1 CS311 – Lecture 02 Outline UNIX/Linux features – Redirection – pipes – Terminating a command – Running program.
Start. Hardware Software Definition: Hardware are the materialistic components inside the PC. Examples: 1-The Monitor 2-The Mouse 3-The Keyboard 4-The.

Start. Hardware Software Definition: Hardware are the materialistic components inside the PC. Examples: 1-The Monitor 2-The Mouse 3-The Keyboard 4-The.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
Linux Security.

Linux Security.
1 SEEM3460 Tutorial Unix Introduction. 2 Introduction What is Unix? An operation system (OS), similar to Windows, MacOS X Why learn Unix? Greatest Software.

1 SEEM3460 Tutorial Unix Introduction. 2 Introduction What is Unix? An operation system (OS), similar to Windows, MacOS X Why learn Unix? Greatest Software.
Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:

Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:
Introducing Kerio Control Unified Threat Management Solution Release date: June 1, 2010 Kerio Technologies, Inc.

Introducing Kerio Control Unified Threat Management Solution Release date: June 1, 2010 Kerio Technologies, Inc.
Address Book in JAVA By www.PPTSWorld.com. What is Address Book Address Book is book or database used for storing entries called contacts Each contact.

Address Book in JAVA By What is Address Book Address Book is book or database used for storing entries called contacts Each contact.
Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.

Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
Introduction to UNIX/Linux Exercises Dan Stanzione.

Introduction to UNIX/Linux Exercises Dan Stanzione.

Similar presentations

Ads by Google