SlideShare una empresa de Scribd logo

Presentation best practices for oracle databases hardening

X
xKinAnx

Download & Share Technology Presentations http://goo.gl/k80oY0 Student Guide & Best http://goo.gl/6OkI77

Tecnología
1 de 33
1 2 3 4 5 6 7 8 9 10 we are here: Best Practices for Oracle Databases Hardening Oracle 10.2.0.3 / 10.2.0.4 Alexander Kornbrust
1 2 3 4 5 6 7 8 9 10 we are here: Passwords (Security) Patches Database Settings PUBLIC Privileges Database Trigger Compiling Views Next Steps & Summary Table of Content
1 2 3 4 5 6 7 8 9 10 we are here: Weak and default passwords is still problem No.1 in most Oracle databases. Even if Oracle default accounts like SYS, SYSTEM, DBSNMP, … are getting better, user accounts and technical accounts are often using weak passwords (password=username). It is useless to spend time for Oracle Security if the database is using weak/default passwords Check (Oracle) passwords on a regular basis against a custom dictionary file Passwords
1 2 3 4 5 6 7 8 9 10 we are here: Do not use weak passwords and check all passwords on a regular basis, e.g. with checkpwd or repscan. Check Passwords Regularly C:>checkpwd system/strongpw66@123.34.54.123:1521/ORCL password_list.txt Checkpwd 1.23 [Win] - (c) 2007 by Red-Database-Security GmbH Oracle Security Consulting, Security Audits & Security Training http://www.red-database-security.com MDSYS has weak password MDSYS [EXPIRED & LOCKED] ORDSYS has weak password ORDSYS [EXPIRED & LOCKED] DUMMY123 has weak password DUMMY123 [OPEN] DBSNMP OK [OPEN] SCOTT has weak password TIGER [OPEN] CTXSYS has weak password CHANGE_ON_INSTALL [EXPIRED & LOCKED] SH has weak password CHANGE_ON_INSTALL [EXPIRED & LOCKED] OUTLN has weak password OUTLN [EXPIRED & LOCKED] DIP has weak password DIP [EXPIRED & LOCKED] DUMMY321 has weak password 123YMMUD [OPEN] [...] SYS OK [OPEN] SYSTEM OK [OPEN] Done. Summary: Passwords checked : 13900828 Weak passwords found : 23 Elapsed time (min:sec) : 0:54 Passwords / second : 265486
1 2 3 4 5 6 7 8 9 10 we are here: If the passwords are good it is time to apply (security) patches. You should always try to upgrade at least to a supported version (e.g. 10.2.0.3 / 10.2.0.4). After that you should apply the latest security patch from Oracle (January 2009 CPU). For many reasons (newer version not supported, too many instances, …) this is not always possible. In this case you should try to use a solution like Virtual Patching. (Security) Patches
1 2 3 4 5 6 7 8 9 10 we are here: Exploits for problems fixed with the January 2009 CPU are already published on the internet: exec EXFSYS.DBMS_EXPFIL_DR.GET_EXPRSET_STATS ('EXFSYS', 'EXF$VERSION','EXFVERSION', 'YYYYYYY" and 1=EVILPROC()--') Oracle Security Community is fast…
1 2 3 4 5 6 7 8 9 10 we are here: The next step is to change the default audit settings from Oracle. Database Settings
1 2 3 4 5 6 7 8 9 10 we are here: audit_sys_operations audit_sys_operations By default the database is not auditing SQL commands executed by the user SYS. To change this behaviour it is necessary to change this value to TRUE. A reboot of the database is necessary after changing this value. Command: SQL> alter system set audit_sys_operations=true scope=spfile;
1 2 3 4 5 6 7 8 9 10 we are here: audit_trail audit_trail By default the database is not auditing SQL commands. To enable auditing it is necessary to change this parameter to DB. In this case Oracle is writing all audit information from the database (but not the database vault audit information) into the table SYS.AUD$. Other options could be OS, DB, XML,EXTENDED . A reboot of the database is necessary after changing this value. Extended is a new feature since Oracle 10g Rel.2 Command: SQL> alter system set audit_trail=DB,EXTENDED scope=spfile;
1 2 3 4 5 6 7 8 9 10 we are here: Now it’s time to remove dangerous privileges. The only question is “What is a dangerous package?” PUBLIC Privileges
1 2 3 4 5 6 7 8 9 10 we are here: Now it’s time to remove dangerous privileges. The only question is “What is a dangerous package?” PUBLIC Privileges If we look at the Oracle Security Checklist (Jul 2008) from Oracle, Oracle recommends to remove the privileges from UTL_TCP UTL_SMTP UTL_MAIL UTL_HTTP UTL_INADDR UTL_FILE
1 2 3 4 5 6 7 8 9 10 we are here: PL/SQL Packages What are the most dangerous packages in an Oracle database? dbms_sql utl_file utl_mail utl_inaddr utl_tcp dbms_lob dbms_xmlgen dbms_aw_xml ctxsys.drithsx ordsys.ord_dicom kupp$proc
1 2 3 4 5 6 7 8 9 10 we are here: PL/SQL Packages What is the most dangerous package in an Oracle database? dbms_sql (No. 1, allows privilege escalation) utl_file utl_mail utl_inaddr utl_tcp (No. 3, overtake the DB via TNS Listener) dbms_lob dbms_xmlgen (No. 2, steal the entire DB with a single SQL Injection) dbms_aw_xml ctxsys.drithsx ordsys.ord_dicom kupp$proc
1 2 3 4 5 6 7 8 9 10 we are here: PL/SQL Packages - Sample Via a vulnerable web application it is possible to retrieve information via error messages ' or 1=ctxsys.drithsx.sn(1,(select sys.stragg(distinct banner)||' ' from v$version))--
1 2 3 4 5 6 7 8 9 10 we are here: Revoke Public Privileges I utl_* and dbms_* These packages are powerful and allow network access (e.g. utl_tcp, utl_http,...), file access (dbms_advisor, utl_file, ...), unsecure (dbms_random) or other powerful operations (e.g. dbms_obfuscation_toolkit). Execution privileges on these package should not be granted to public. Command (as user SYS): SQL> revoke execute on utl_http from public force; SQL> revoke execute on utl_tcp from public force; SQL> revoke execute on utl_file from public force; SQL> revoke execute on utl_inaddr from public force; SQL> revoke execute on utl_smtp from public force; SQL> revoke execute on utl_dbws from public force; SQL> revoke execute on dbms_lob from public force; SQL> revoke execute on dbms_random from public force; SQL> revoke execute on dbms_obfuscation_toolkit from public force;
1 2 3 4 5 6 7 8 9 10 we are here: Revoke Public Privileges II SQL> revoke execute on dbms_crypto_toolkit from public force; SQL> revoke execute on dbms_advisor from public force; SQL> revoke execute on dbms_ldap from public force; SQL> revoke execute on dbms_ldap_utl from public force; SQL> revoke execute on dbms_job from public force; SQL> revoke execute on dbms_scheduler from public force; SQL> revoke execute on dbms_ddl from public force; SQL> revoke execute on dbms_epg from public force; SQL> revoke execute on dbms_xmlgen from public force; SQL> revoke execute on dbms_aw_xml from public force; SQL> revoke execute on ctxsys.drithsx from public force; SQL> revoke execute on ordsys.ord_dicom from public force;
1 2 3 4 5 6 7 8 9 10 we are here: Revoke dbms_sql from public dbms_sql dbms_sql allows privilege escalation via the cursor technique. This problem is fixed in Oracle 11g but still possible in all previous Oracle versions. Command (as user SYS): SQL> create role ROLE_DBMSSQL; SQL> grant execute on dbms_sql to ROLE_DBMSSQL; SQL> spool grantdbmssql.sql SQL> select distinct 'grant ROLE_DBMSSQL to "'||owner||'";' from all_dependencies where referenced_name = 'DBMS_SQL' and owner not in ('PUBLIC'); SQL> spool off SQL> @grantdbmssql SQL> revoke execute on dbms_sql from PUBLIC;
1 2 3 4 5 6 7 8 9 10 we are here: Revoke public privileges from Object Types To harden the database it is necessary to revoke some privileges from mighty object types. HTTPUriType This object type allows every user to do HTTP-request. This can be used in SQL Injection attacks to transfer data out of the database. Command (as user SYS): SQL> revoke execute on HTTPUriType from public force;
1 2 3 4 5 6 7 8 9 10 we are here: Database Trigger Using Database trigger (LOGON, LOGOFF, DDL, GRANT, ERROR, SHUTDOWN, STARTUP) is a easy and powerful way to control the database. Especially DLL trigger and Error trigger can help to achieve a better control over the database.
1 2 3 4 5 6 7 8 9 10 we are here: DDL Trigger DDL_TRIGGER This trigger is monitoring all DDL modifications (grant, alter, create, drop) on the production database. It's necessary to change the IP address inside the trigger. Command (as user SYS): SQL> create or replace trigger DDLTrigger AFTER DDL ON DATABASE DECLARE rc VARCHAR(4096); BEGIN begin rc:=utl_http.request('http://192.168.2.201/user='||ora_login_user||'; DDL_TYPE='||ora_sysevent||';DDL_OWNER='||ora_dict_obj_owner||';DDL_NA ME='||ora_dict_obj_name||';sysdate='||to_char(sysdate, 'YYYY-MM-DD hh24:mi:ss'); exception when utl_http.REQUEST_FAILED then null; end; END; /
1 2 3 4 5 6 7 8 9 10 we are here: Logon Trigger Logon Trigger All logon requests should be monitored with a tamperproof audit log. This could be implemented by using the a database logon trigger. This trigger is sending all logon activities to a webserver. It's necessary to change the IP Address. Command (as user SYS): SQL> create or replace trigger sec_logon after logon on database DECLARE rc VARCHAR(4096); begin begin rc:=utl_http.request('http://192.168.2.201/logon_user='||user||';sessionid ='||sys_context('USERENV','SESSIONID')||';host='||sys_context('USERENV','H OST')||';ip='||ora_client_ip_address||';sysdate='||to_char(sysdate, 'YYYY- MM-DD hh24:mi:ss')); exception when utl_http.REQUEST_FAILED then null; end; End sec_logon;/
1 2 3 4 5 6 7 8 9 10 we are here: Error Trigger Error trigger (optional) This trigger is storing all Oracle error messages occurred on the server. This is really useful to detect attacks, e.g. from SQL Injection Command (as user SYS): SQL> CREATE OR REPLACE TRIGGER after_error AFTER SERVERERROR ON DATABASE DECLARE pragma autonomous_transaction; id NUMBER; sql_text ORA_NAME_LIST_T; v_stmt CLOB; n NUMBER; BEGIN n := ora_sql_txt(sql_text); IF n >= 1 THEN FOR i IN 1..n LOOP v_stmt := v_stmt || sql_text(i); END LOOP; END IF; FOR n IN 1..ora_server_error_depth LOOP IF ora_server_error(n) in ( '900','906','907','911','917','920','923','933','970','1031','1476','1719' ,'1722','1742','1756','1789','1790','24247','29257','29540') THEN INSERT INTO system.oraerror VALUES (SYS_GUID(), sysdate, ora_login_user, ora_client_ip_address, ora_server_error(n), ora_server_error_msg(n), v_stmt); END IF; END LOOP; END after_error; /
1 2 3 4 5 6 7 8 9 10 we are here: Oracle Auditing – Problems and Issues Oracle Auditing is a 95% solution. If you can live with a 95% solution Oracle Auditing will be sufficient for you. Oracle Auditing problems: can be bypassed using various ways interesting statement/object can not be audited sometimes the wrong statement is logged
1 2 3 4 5 6 7 8 9 10 we are here: Oracle Auditing – Bypassing Auditing The following problem was fixed with the January CPU 2009. Running a job with any PL/SQL statement via dbms_ijob does not leave any traces… Declare jj integer := 666666; -- job number begin sys.dbms_ijob.submit(JOB => jj, LUSER => 'SYS',PUSER => 'SYS', CUSER => 'SYS', NEXT_DATE => sysdate, INTERVAL => null, BROKEN => false, WHAT => ' declare jj integer := '||jj||'; begin execute immediate ''alter system archive log current''; sys.dbms_ijob.remove(jj); delete from sys.aud$ where obj$name = ''DBMS_IJOB''; commit; end;', sys.dbms_ijob.run(jj); end; /
1 2 3 4 5 6 7 8 9 10 we are here: Oracle Auditing – Important objects not auditable Important objects can not be audited. It is not possible to audit important tables like sys.user$. This tables containts all user / role and password information from the Oracle database. A password change could be performed by updating the table directly. SQL> update sys.user$ set password = 'D4DF7931AB130E37' where name='SYSTEM'; This can not be audited. SQL> audit all on sys.user$; audit all on sys.user$ ERROR at line 1: ORA-00701: object necessary for warmstarting database cannot be altered
1 2 3 4 5 6 7 8 9 10 we are here: Oracle Auditing – Important objects not auditable II Another way to bypass Oracle Auditing is to modify the data dictionary object directly. A user is normally created with the command "CREATE USER myuser identified by mypassword". Instead of using “CREATE USER” we can get the same result using “CREATE ROLE” plus an “UPDATE SYS.USER$” SQL> create role myuser identified by mypassword; -- convert a role into a user SQL> update sys.user$ set type#=1 where name='MYUSER'; -- alternative update, creates an invisible database user SQL> update sys.user$ set type#=2 where name='MYUSER';
1 2 3 4 5 6 7 8 9 10 we are here: Oracle Auditing – Wrong statements logged Since Oracle 10g it is possible to log the statement which caused the audit entry. This sounds like a good feature but the database is sometimes (e.g. if VPD, QueryRewrite, … is used )modifying the SQL statement which was submitted. In this case Oracle is auditing the previous statement and not the statement which was executed. This technique can be used to steal information from audited tables without leaving traces…
1 2 3 4 5 6 7 8 9 10 we are here: Auditing I Enable Auditing Audit interesting activities. Command (as user SYS): AUDIT CREATE USER BY ACCESS; AUDIT ALTER USER BY ACCESS; AUDIT DROP USER BY ACCESS; AUDIT CREATE ROLE BY ACCESS; AUDIT SELECT ON DBA_USERS BY ACCESS; AUDIT CREATE EXTERNAL JOB BY ACCESS; -- 10g Rel.2 AUDIT CREATE JOB BY ACCESS; -- 10g Rel.1 AUDIT CREATE ANY JOB BY ACCESS; AUDIT CREATE ANY LIBRARY BY ACCESS; AUDIT ALTER DATABASE BY ACCESS; AUDIT ALTER SYSTEM BY ACCESS; AUDIT AUDIT SYSTEM BY ACCESS; AUDIT EXEMPT ACCESS POLICY BY ACCESS; AUDIT GRANT ANY PRIVILEGE BY ACCESS;
1 2 3 4 5 6 7 8 9 10 we are here: Auditing II Command (as user SYS): AUDIT GRANT ANY ROLE BY ACCESS; AUDIT ALTER PROFILE BY ACCESS; AUDIT CREATE ANY PROCEDURE BY ACCESS; AUDIT ALTER ANY PROCEDURE BY ACCESS; AUDIT DROP ANY PROCEDURE BY ACCESS; AUDIT CREATE PUBLIC DATABASE LINK BY ACCESS; AUDIT CREATE PUBLIC SYNONYM BY ACCESS; AUDIT EXECUTE ON DBMS_FGA BY ACCESS; AUDIT EXECUTE ON DBMS_RLS BY ACCESS; AUDIT EXECUTE ON DBMS_FILE_TRANSFER BY ACCESS; AUDIT EXECUTE ON DBMS_SCHEDULER BY ACCESS; AUDIT EXECUTE ON DBMS_JOB BY ACCESS; AUDIT SELECT ON SYS.V_$SQL BY ACCESS; AUDIT SELECT ON SYS.GV_$SQL BY ACCESS; AUDIT EXECUTE ON SYS.KUPP$PROC BY ACCESS; AUDIT EXECUTE ON DBMS_XMLGEN BY ACCESS; AUDIT EXECUTE ON DBMS_NETWORK_ACL_ADMIN BY ACCESS; -- 11g
1 2 3 4 5 6 7 8 9 10 we are here: Recompile All Views Recompile all view To get rid of the "create view" problem it is necessary to recompile all views. This can be done with the script "$ORACLE_HOME/CPU/cpuapr2008/view_recompile/view_recompile _apr2008cpu.sql". This can take up to 4 hours depending of the size of your database. Command (as user SYS): cd $ORACLE_HOME/CPU/cpuapr2008/view_recompile SQL> @view_recompile_apr2008cpu.sql
1 2 3 4 5 6 7 8 9 10 we are here: Next steps & Summary This was just the baseline security for Oracle databases. If you need more this baseline • Check your own application code • Train the DBAs, Developers and Security People • Perform regular security audit • Run database scanners regularly • Use 3rd-party products to increase the security
1 2 3 4 5 6 7 8 9 10 we are here: Links Oracle Password Checker: http://www.red-database-security.com/software/checkpwd.html http://www.red-database-security.com/software/repscan.html Exploit Code for January 2009 CPU: http://blog.red-database-security.com/2009/01/21/exploit-for-january- cpu-2009-published/ http://blog.red-database-security.com/2009/01/16/proof-of-concept- how-to-bypass-oracle-auditing-using-dbms_ijob/ Oracle Security Checklist: http://www.oracle.com/technology/deploy/security/database- security/pdf/twp_security_checklist_database.pdf Oracle SQL Injection Tutorial: http://blog.red-database-security.com/2009/01/17/tutorial-oracle-sql- injection-in-webapps-part-i/
1 2 3 4 5 6 7 8 9 10 we are here: Alexander Kornbrust Red-Database-Security GmbH Bliesstrasse 16 D-66538 Neunkirchen Germany Phone: +49 (0)6821 – 95 17 637 Fax: +49 (0)6821 – 91 27 354 E-Mail: info @ red-database-security.com Contact

Recomendados

Optimizing Alert Monitoring with Oracle Enterprise Manager
Optimizing Alert Monitoring with Oracle Enterprise ManagerOptimizing Alert Monitoring with Oracle Enterprise Manager
Optimizing Alert Monitoring with Oracle Enterprise ManagerDatavail
 
Hyperion Planning Class
Hyperion Planning ClassHyperion Planning Class
Hyperion Planning ClassAmit Sharma
 
Hyperion analyzer 31 july
Hyperion analyzer 31 julyHyperion analyzer 31 july
Hyperion analyzer 31 julyAmit Sharma
 
Hfm intro v2
Hfm intro v2Hfm intro v2
Hfm intro v2Amit Sharma
 
Bisp training calendar jan 2012
Bisp training calendar jan 2012Bisp training calendar jan 2012
Bisp training calendar jan 2012Amit Sharma
 
Getting started-with-oracle-so a- lab 11
Getting started-with-oracle-so a- lab 11Getting started-with-oracle-so a- lab 11
Getting started-with-oracle-so a- lab 11Amit Sharma
 
Hfm intro v2
Hfm intro v2Hfm intro v2
Hfm intro v2Amit Sharma
 
Reaching Out From PL/SQL (OPP 2010)
Reaching Out From PL/SQL (OPP 2010)Reaching Out From PL/SQL (OPP 2010)
Reaching Out From PL/SQL (OPP 2010)Lucas Jellema
 

Recomendados

Optimizing Alert Monitoring with Oracle Enterprise Manager
Optimizing Alert Monitoring with Oracle Enterprise ManagerOptimizing Alert Monitoring with Oracle Enterprise Manager
Optimizing Alert Monitoring with Oracle Enterprise ManagerDatavail
 
Hyperion Planning Class
Hyperion Planning ClassHyperion Planning Class
Hyperion Planning ClassAmit Sharma
 
Hyperion analyzer 31 july
Hyperion analyzer 31 julyHyperion analyzer 31 july
Hyperion analyzer 31 julyAmit Sharma
 
Hfm intro v2
Hfm intro v2Hfm intro v2
Hfm intro v2Amit Sharma
 
Bisp training calendar jan 2012
Bisp training calendar jan 2012Bisp training calendar jan 2012
Bisp training calendar jan 2012Amit Sharma
 
Getting started-with-oracle-so a- lab 11
Getting started-with-oracle-so a- lab 11Getting started-with-oracle-so a- lab 11
Getting started-with-oracle-so a- lab 11Amit Sharma
 
Hfm intro v2
Hfm intro v2Hfm intro v2
Hfm intro v2Amit Sharma
 
Reaching Out From PL/SQL (OPP 2010)
Reaching Out From PL/SQL (OPP 2010)Reaching Out From PL/SQL (OPP 2010)
Reaching Out From PL/SQL (OPP 2010)Lucas Jellema
 
02 Essbase
02 Essbase02 Essbase
02 EssbaseAmit Sharma
 
Oracle - Program with PL/SQL - Lession 14
Oracle - Program with PL/SQL - Lession 14Oracle - Program with PL/SQL - Lession 14
Oracle - Program with PL/SQL - Lession 14Thuan Nguyen
 
Oracle - Program with PL/SQL - Lession 12
Oracle - Program with PL/SQL - Lession 12Oracle - Program with PL/SQL - Lession 12
Oracle - Program with PL/SQL - Lession 12Thuan Nguyen
 
Oracle - Program with PL/SQL - Lession 15
Oracle - Program with PL/SQL - Lession 15Oracle - Program with PL/SQL - Lession 15
Oracle - Program with PL/SQL - Lession 15Thuan Nguyen
 
Oracle - Program with PL/SQL - Lession 13
Oracle - Program with PL/SQL - Lession 13Oracle - Program with PL/SQL - Lession 13
Oracle - Program with PL/SQL - Lession 13Thuan Nguyen
 
Expert talk
Expert talkExpert talk
Expert talkAmit Sharma
 
Olap fundamentals
Olap fundamentalsOlap fundamentals
Olap fundamentalsAmit Sharma
 
Oracle - Program with PL/SQL - Lession 16
Oracle - Program with PL/SQL - Lession 16Oracle - Program with PL/SQL - Lession 16
Oracle - Program with PL/SQL - Lession 16Thuan Nguyen
 
Oracle - Program with PL/SQL - Lession 09
Oracle - Program with PL/SQL - Lession 09Oracle - Program with PL/SQL - Lession 09
Oracle - Program with PL/SQL - Lession 09Thuan Nguyen
 
Oracle - Program with PL/SQL - Lession 06
Oracle - Program with PL/SQL - Lession 06Oracle - Program with PL/SQL - Lession 06
Oracle - Program with PL/SQL - Lession 06Thuan Nguyen
 
Oracle - Program with PL/SQL - Lession 17
Oracle - Program with PL/SQL - Lession 17Oracle - Program with PL/SQL - Lession 17
Oracle - Program with PL/SQL - Lession 17Thuan Nguyen
 
Oracle Database SQL Tuning Concept
Oracle Database SQL Tuning ConceptOracle Database SQL Tuning Concept
Oracle Database SQL Tuning ConceptChien Chung Shen
 
Oracle - Program with PL/SQL - Lession 08
Oracle - Program with PL/SQL - Lession 08Oracle - Program with PL/SQL - Lession 08
Oracle - Program with PL/SQL - Lession 08Thuan Nguyen
 
Oracle Index
Oracle IndexOracle Index
Oracle IndexJongwon
 
Oracle database 12c sql tuning
Oracle database 12c sql tuningOracle database 12c sql tuning
Oracle database 12c sql tuningFemi Adeyemi
 
Back to basics: Simple database web services without the need for SOA
Back to basics: Simple database web services without the need for SOABack to basics: Simple database web services without the need for SOA
Back to basics: Simple database web services without the need for SOASage Computing Services
 
Oracle - Program with PL/SQL - Lession 10
Oracle - Program with PL/SQL - Lession 10Oracle - Program with PL/SQL - Lession 10
Oracle - Program with PL/SQL - Lession 10Thuan Nguyen
 
Oracle sql tuning
Oracle sql tuningOracle sql tuning
Oracle sql tuningbishnupriya Panda
 
Oracle - Program with PL/SQL - Lession 18
Oracle - Program with PL/SQL - Lession 18Oracle - Program with PL/SQL - Lession 18
Oracle - Program with PL/SQL - Lession 18Thuan Nguyen
 
Oracle - Program with PL/SQL - Lession 04
Oracle - Program with PL/SQL - Lession 04Oracle - Program with PL/SQL - Lession 04
Oracle - Program with PL/SQL - Lession 04Thuan Nguyen
 
Engage for success ibm spectrum accelerate 2
Engage for success ibm spectrum accelerate 2Engage for success ibm spectrum accelerate 2
Engage for success ibm spectrum accelerate 2xKinAnx
 
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep diveAccelerate with ibm storage ibm spectrum virtualize hyper swap deep dive
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep divexKinAnx
 

Más contenido relacionado

Destacado

Oracle - Program with PL/SQL - Lession 14
Oracle - Program with PL/SQL - Lession 14Oracle - Program with PL/SQL - Lession 14
Oracle - Program with PL/SQL - Lession 14Thuan Nguyen
 
Oracle - Program with PL/SQL - Lession 12
Oracle - Program with PL/SQL - Lession 12Oracle - Program with PL/SQL - Lession 12
Oracle - Program with PL/SQL - Lession 12Thuan Nguyen
 
Oracle - Program with PL/SQL - Lession 15
Oracle - Program with PL/SQL - Lession 15Oracle - Program with PL/SQL - Lession 15
Oracle - Program with PL/SQL - Lession 15Thuan Nguyen
 
Oracle - Program with PL/SQL - Lession 13
Oracle - Program with PL/SQL - Lession 13Oracle - Program with PL/SQL - Lession 13
Oracle - Program with PL/SQL - Lession 13Thuan Nguyen
 
Olap fundamentals
Olap fundamentalsOlap fundamentals
Olap fundamentalsAmit Sharma
 
Oracle - Program with PL/SQL - Lession 16
Oracle - Program with PL/SQL - Lession 16Oracle - Program with PL/SQL - Lession 16
Oracle - Program with PL/SQL - Lession 16Thuan Nguyen
 
Oracle - Program with PL/SQL - Lession 09
Oracle - Program with PL/SQL - Lession 09Oracle - Program with PL/SQL - Lession 09
Oracle - Program with PL/SQL - Lession 09Thuan Nguyen
 
Oracle - Program with PL/SQL - Lession 06
Oracle - Program with PL/SQL - Lession 06Oracle - Program with PL/SQL - Lession 06
Oracle - Program with PL/SQL - Lession 06Thuan Nguyen
 
Oracle - Program with PL/SQL - Lession 17
Oracle - Program with PL/SQL - Lession 17Oracle - Program with PL/SQL - Lession 17
Oracle - Program with PL/SQL - Lession 17Thuan Nguyen
 
Oracle Database SQL Tuning Concept
Oracle Database SQL Tuning ConceptOracle Database SQL Tuning Concept
Oracle Database SQL Tuning ConceptChien Chung Shen
 
Oracle - Program with PL/SQL - Lession 08
Oracle - Program with PL/SQL - Lession 08Oracle - Program with PL/SQL - Lession 08
Oracle - Program with PL/SQL - Lession 08Thuan Nguyen
 
Oracle Index
Oracle IndexOracle Index
Oracle IndexJongwon
 
Oracle database 12c sql tuning
Oracle database 12c sql tuningOracle database 12c sql tuning
Oracle database 12c sql tuningFemi Adeyemi
 
Back to basics: Simple database web services without the need for SOA
Back to basics: Simple database web services without the need for SOABack to basics: Simple database web services without the need for SOA
Back to basics: Simple database web services without the need for SOASage Computing Services
 
Oracle - Program with PL/SQL - Lession 10
Oracle - Program with PL/SQL - Lession 10Oracle - Program with PL/SQL - Lession 10
Oracle - Program with PL/SQL - Lession 10Thuan Nguyen
 
Oracle - Program with PL/SQL - Lession 18
Oracle - Program with PL/SQL - Lession 18Oracle - Program with PL/SQL - Lession 18
Oracle - Program with PL/SQL - Lession 18Thuan Nguyen
 
Oracle - Program with PL/SQL - Lession 04
Oracle - Program with PL/SQL - Lession 04Oracle - Program with PL/SQL - Lession 04
Oracle - Program with PL/SQL - Lession 04Thuan Nguyen
 

Destacado (20)

02 Essbase
02 Essbase02 Essbase
02 Essbase
 
Oracle - Program with PL/SQL - Lession 14
Oracle - Program with PL/SQL - Lession 14Oracle - Program with PL/SQL - Lession 14
Oracle - Program with PL/SQL - Lession 14
 
Oracle - Program with PL/SQL - Lession 12
Oracle - Program with PL/SQL - Lession 12Oracle - Program with PL/SQL - Lession 12
Oracle - Program with PL/SQL - Lession 12
 
Oracle - Program with PL/SQL - Lession 15
Oracle - Program with PL/SQL - Lession 15Oracle - Program with PL/SQL - Lession 15
Oracle - Program with PL/SQL - Lession 15
 
Oracle - Program with PL/SQL - Lession 13
Oracle - Program with PL/SQL - Lession 13Oracle - Program with PL/SQL - Lession 13
Oracle - Program with PL/SQL - Lession 13
 
Expert talk
Expert talkExpert talk
Expert talk
 
Olap fundamentals
Olap fundamentalsOlap fundamentals
Olap fundamentals
 
Oracle - Program with PL/SQL - Lession 16
Oracle - Program with PL/SQL - Lession 16Oracle - Program with PL/SQL - Lession 16
Oracle - Program with PL/SQL - Lession 16
 
Oracle - Program with PL/SQL - Lession 09
Oracle - Program with PL/SQL - Lession 09Oracle - Program with PL/SQL - Lession 09
Oracle - Program with PL/SQL - Lession 09
 
Oracle - Program with PL/SQL - Lession 06
Oracle - Program with PL/SQL - Lession 06Oracle - Program with PL/SQL - Lession 06
Oracle - Program with PL/SQL - Lession 06
 
Oracle - Program with PL/SQL - Lession 17
Oracle - Program with PL/SQL - Lession 17Oracle - Program with PL/SQL - Lession 17
Oracle - Program with PL/SQL - Lession 17
 
Oracle Database SQL Tuning Concept
Oracle Database SQL Tuning ConceptOracle Database SQL Tuning Concept
Oracle Database SQL Tuning Concept
 
Oracle - Program with PL/SQL - Lession 08
Oracle - Program with PL/SQL - Lession 08Oracle - Program with PL/SQL - Lession 08
Oracle - Program with PL/SQL - Lession 08
 
Oracle Index
Oracle IndexOracle Index
Oracle Index
 
Oracle database 12c sql tuning
Oracle database 12c sql tuningOracle database 12c sql tuning
Oracle database 12c sql tuning
 
Back to basics: Simple database web services without the need for SOA
Back to basics: Simple database web services without the need for SOABack to basics: Simple database web services without the need for SOA
Back to basics: Simple database web services without the need for SOA
 
Oracle - Program with PL/SQL - Lession 10
Oracle - Program with PL/SQL - Lession 10Oracle - Program with PL/SQL - Lession 10
Oracle - Program with PL/SQL - Lession 10
 
Oracle sql tuning
Oracle sql tuningOracle sql tuning
Oracle sql tuning
 
Oracle - Program with PL/SQL - Lession 18
Oracle - Program with PL/SQL - Lession 18Oracle - Program with PL/SQL - Lession 18
Oracle - Program with PL/SQL - Lession 18
 
Oracle - Program with PL/SQL - Lession 04
Oracle - Program with PL/SQL - Lession 04Oracle - Program with PL/SQL - Lession 04
Oracle - Program with PL/SQL - Lession 04
 

Más de xKinAnx

Engage for success ibm spectrum accelerate 2
Engage for success ibm spectrum accelerate 2Engage for success ibm spectrum accelerate 2
Engage for success ibm spectrum accelerate 2xKinAnx
 
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep diveAccelerate with ibm storage ibm spectrum virtualize hyper swap deep dive
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep divexKinAnx
 
Software defined storage provisioning using ibm smart cloud
Software defined storage provisioning using ibm smart cloudSoftware defined storage provisioning using ibm smart cloud
Software defined storage provisioning using ibm smart cloudxKinAnx
 
Ibm spectrum virtualize 101
Ibm spectrum virtualize 101 Ibm spectrum virtualize 101
Ibm spectrum virtualize 101 xKinAnx
 
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...xKinAnx
 
04 empalis -ibm_spectrum_protect_-_strategy_and_directions
04 empalis -ibm_spectrum_protect_-_strategy_and_directions04 empalis -ibm_spectrum_protect_-_strategy_and_directions
04 empalis -ibm_spectrum_protect_-_strategy_and_directionsxKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...
Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...
Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...
Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...
Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...
Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...
Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...
Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...
Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...xKinAnx
 
Presentation disaster recovery in virtualization and cloud
Presentation disaster recovery in virtualization and cloudPresentation disaster recovery in virtualization and cloud
Presentation disaster recovery in virtualization and cloudxKinAnx
 
Presentation disaster recovery for oracle fusion middleware with the zfs st...
Presentation disaster recovery for oracle fusion middleware with the zfs st...Presentation disaster recovery for oracle fusion middleware with the zfs st...
Presentation disaster recovery for oracle fusion middleware with the zfs st...xKinAnx
 
Presentation differentiated virtualization for enterprise clouds, large and...
Presentation differentiated virtualization for enterprise clouds, large and...Presentation differentiated virtualization for enterprise clouds, large and...
Presentation differentiated virtualization for enterprise clouds, large and...xKinAnx
 
Presentation desktops for the cloud the view rollout
Presentation desktops for the cloud the view rolloutPresentation desktops for the cloud the view rollout
Presentation desktops for the cloud the view rolloutxKinAnx
 

Más de xKinAnx (20)

Engage for success ibm spectrum accelerate 2
Engage for success ibm spectrum accelerate 2Engage for success ibm spectrum accelerate 2
Engage for success ibm spectrum accelerate 2
 
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep diveAccelerate with ibm storage ibm spectrum virtualize hyper swap deep dive
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive
 
Software defined storage provisioning using ibm smart cloud
Software defined storage provisioning using ibm smart cloudSoftware defined storage provisioning using ibm smart cloud
Software defined storage provisioning using ibm smart cloud
 
Ibm spectrum virtualize 101
Ibm spectrum virtualize 101 Ibm spectrum virtualize 101
Ibm spectrum virtualize 101
 
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...
 
04 empalis -ibm_spectrum_protect_-_strategy_and_directions
04 empalis -ibm_spectrum_protect_-_strategy_and_directions04 empalis -ibm_spectrum_protect_-_strategy_and_directions
04 empalis -ibm_spectrum_protect_-_strategy_and_directions
 
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
 
Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...
Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...
Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...
 
Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...
Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...
Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...
 
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
 
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
 
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...
 
Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...
 
Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...
 
Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...
Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...
Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...
 
Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...
Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...
Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...
 
Presentation disaster recovery in virtualization and cloud
Presentation disaster recovery in virtualization and cloudPresentation disaster recovery in virtualization and cloud
Presentation disaster recovery in virtualization and cloud
 
Presentation disaster recovery for oracle fusion middleware with the zfs st...
Presentation disaster recovery for oracle fusion middleware with the zfs st...Presentation disaster recovery for oracle fusion middleware with the zfs st...
Presentation disaster recovery for oracle fusion middleware with the zfs st...
 
Presentation differentiated virtualization for enterprise clouds, large and...
Presentation differentiated virtualization for enterprise clouds, large and...Presentation differentiated virtualization for enterprise clouds, large and...
Presentation differentiated virtualization for enterprise clouds, large and...
 
Presentation desktops for the cloud the view rollout
Presentation desktops for the cloud the view rolloutPresentation desktops for the cloud the view rollout
Presentation desktops for the cloud the view rollout
 

Último

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 

Último (20)

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 

Presentation best practices for oracle databases hardening

  • 1. 1 2 3 4 5 6 7 8 9 10 we are here: Best Practices for Oracle Databases Hardening Oracle 10.2.0.3 / 10.2.0.4 Alexander Kornbrust
  • 2. 1 2 3 4 5 6 7 8 9 10 we are here: Passwords (Security) Patches Database Settings PUBLIC Privileges Database Trigger Compiling Views Next Steps & Summary Table of Content
  • 3. 1 2 3 4 5 6 7 8 9 10 we are here: Weak and default passwords is still problem No.1 in most Oracle databases. Even if Oracle default accounts like SYS, SYSTEM, DBSNMP, … are getting better, user accounts and technical accounts are often using weak passwords (password=username). It is useless to spend time for Oracle Security if the database is using weak/default passwords Check (Oracle) passwords on a regular basis against a custom dictionary file Passwords
  • 4. 1 2 3 4 5 6 7 8 9 10 we are here: Do not use weak passwords and check all passwords on a regular basis, e.g. with checkpwd or repscan. Check Passwords Regularly C:>checkpwd system/strongpw66@123.34.54.123:1521/ORCL password_list.txt Checkpwd 1.23 [Win] - (c) 2007 by Red-Database-Security GmbH Oracle Security Consulting, Security Audits & Security Training http://www.red-database-security.com MDSYS has weak password MDSYS [EXPIRED & LOCKED] ORDSYS has weak password ORDSYS [EXPIRED & LOCKED] DUMMY123 has weak password DUMMY123 [OPEN] DBSNMP OK [OPEN] SCOTT has weak password TIGER [OPEN] CTXSYS has weak password CHANGE_ON_INSTALL [EXPIRED & LOCKED] SH has weak password CHANGE_ON_INSTALL [EXPIRED & LOCKED] OUTLN has weak password OUTLN [EXPIRED & LOCKED] DIP has weak password DIP [EXPIRED & LOCKED] DUMMY321 has weak password 123YMMUD [OPEN] [...] SYS OK [OPEN] SYSTEM OK [OPEN] Done. Summary: Passwords checked : 13900828 Weak passwords found : 23 Elapsed time (min:sec) : 0:54 Passwords / second : 265486
  • 5. 1 2 3 4 5 6 7 8 9 10 we are here: If the passwords are good it is time to apply (security) patches. You should always try to upgrade at least to a supported version (e.g. 10.2.0.3 / 10.2.0.4). After that you should apply the latest security patch from Oracle (January 2009 CPU). For many reasons (newer version not supported, too many instances, …) this is not always possible. In this case you should try to use a solution like Virtual Patching. (Security) Patches
  • 6. 1 2 3 4 5 6 7 8 9 10 we are here: Exploits for problems fixed with the January 2009 CPU are already published on the internet: exec EXFSYS.DBMS_EXPFIL_DR.GET_EXPRSET_STATS ('EXFSYS', 'EXF$VERSION','EXFVERSION', 'YYYYYYY" and 1=EVILPROC()--') Oracle Security Community is fast…
  • 7. 1 2 3 4 5 6 7 8 9 10 we are here: The next step is to change the default audit settings from Oracle. Database Settings
  • 8. 1 2 3 4 5 6 7 8 9 10 we are here: audit_sys_operations audit_sys_operations By default the database is not auditing SQL commands executed by the user SYS. To change this behaviour it is necessary to change this value to TRUE. A reboot of the database is necessary after changing this value. Command: SQL> alter system set audit_sys_operations=true scope=spfile;
  • 9. 1 2 3 4 5 6 7 8 9 10 we are here: audit_trail audit_trail By default the database is not auditing SQL commands. To enable auditing it is necessary to change this parameter to DB. In this case Oracle is writing all audit information from the database (but not the database vault audit information) into the table SYS.AUD$. Other options could be OS, DB, XML,EXTENDED . A reboot of the database is necessary after changing this value. Extended is a new feature since Oracle 10g Rel.2 Command: SQL> alter system set audit_trail=DB,EXTENDED scope=spfile;
  • 10. 1 2 3 4 5 6 7 8 9 10 we are here: Now it’s time to remove dangerous privileges. The only question is “What is a dangerous package?” PUBLIC Privileges
  • 11. 1 2 3 4 5 6 7 8 9 10 we are here: Now it’s time to remove dangerous privileges. The only question is “What is a dangerous package?” PUBLIC Privileges If we look at the Oracle Security Checklist (Jul 2008) from Oracle, Oracle recommends to remove the privileges from UTL_TCP UTL_SMTP UTL_MAIL UTL_HTTP UTL_INADDR UTL_FILE
  • 12. 1 2 3 4 5 6 7 8 9 10 we are here: PL/SQL Packages What are the most dangerous packages in an Oracle database? dbms_sql utl_file utl_mail utl_inaddr utl_tcp dbms_lob dbms_xmlgen dbms_aw_xml ctxsys.drithsx ordsys.ord_dicom kupp$proc
  • 13. 1 2 3 4 5 6 7 8 9 10 we are here: PL/SQL Packages What is the most dangerous package in an Oracle database? dbms_sql (No. 1, allows privilege escalation) utl_file utl_mail utl_inaddr utl_tcp (No. 3, overtake the DB via TNS Listener) dbms_lob dbms_xmlgen (No. 2, steal the entire DB with a single SQL Injection) dbms_aw_xml ctxsys.drithsx ordsys.ord_dicom kupp$proc
  • 14. 1 2 3 4 5 6 7 8 9 10 we are here: PL/SQL Packages - Sample Via a vulnerable web application it is possible to retrieve information via error messages ' or 1=ctxsys.drithsx.sn(1,(select sys.stragg(distinct banner)||' ' from v$version))--
  • 15. 1 2 3 4 5 6 7 8 9 10 we are here: Revoke Public Privileges I utl_* and dbms_* These packages are powerful and allow network access (e.g. utl_tcp, utl_http,...), file access (dbms_advisor, utl_file, ...), unsecure (dbms_random) or other powerful operations (e.g. dbms_obfuscation_toolkit). Execution privileges on these package should not be granted to public. Command (as user SYS): SQL> revoke execute on utl_http from public force; SQL> revoke execute on utl_tcp from public force; SQL> revoke execute on utl_file from public force; SQL> revoke execute on utl_inaddr from public force; SQL> revoke execute on utl_smtp from public force; SQL> revoke execute on utl_dbws from public force; SQL> revoke execute on dbms_lob from public force; SQL> revoke execute on dbms_random from public force; SQL> revoke execute on dbms_obfuscation_toolkit from public force;
  • 16. 1 2 3 4 5 6 7 8 9 10 we are here: Revoke Public Privileges II SQL> revoke execute on dbms_crypto_toolkit from public force; SQL> revoke execute on dbms_advisor from public force; SQL> revoke execute on dbms_ldap from public force; SQL> revoke execute on dbms_ldap_utl from public force; SQL> revoke execute on dbms_job from public force; SQL> revoke execute on dbms_scheduler from public force; SQL> revoke execute on dbms_ddl from public force; SQL> revoke execute on dbms_epg from public force; SQL> revoke execute on dbms_xmlgen from public force; SQL> revoke execute on dbms_aw_xml from public force; SQL> revoke execute on ctxsys.drithsx from public force; SQL> revoke execute on ordsys.ord_dicom from public force;
  • 17. 1 2 3 4 5 6 7 8 9 10 we are here: Revoke dbms_sql from public dbms_sql dbms_sql allows privilege escalation via the cursor technique. This problem is fixed in Oracle 11g but still possible in all previous Oracle versions. Command (as user SYS): SQL> create role ROLE_DBMSSQL; SQL> grant execute on dbms_sql to ROLE_DBMSSQL; SQL> spool grantdbmssql.sql SQL> select distinct 'grant ROLE_DBMSSQL to "'||owner||'";' from all_dependencies where referenced_name = 'DBMS_SQL' and owner not in ('PUBLIC'); SQL> spool off SQL> @grantdbmssql SQL> revoke execute on dbms_sql from PUBLIC;
  • 18. 1 2 3 4 5 6 7 8 9 10 we are here: Revoke public privileges from Object Types To harden the database it is necessary to revoke some privileges from mighty object types. HTTPUriType This object type allows every user to do HTTP-request. This can be used in SQL Injection attacks to transfer data out of the database. Command (as user SYS): SQL> revoke execute on HTTPUriType from public force;
  • 19. 1 2 3 4 5 6 7 8 9 10 we are here: Database Trigger Using Database trigger (LOGON, LOGOFF, DDL, GRANT, ERROR, SHUTDOWN, STARTUP) is a easy and powerful way to control the database. Especially DLL trigger and Error trigger can help to achieve a better control over the database.
  • 20. 1 2 3 4 5 6 7 8 9 10 we are here: DDL Trigger DDL_TRIGGER This trigger is monitoring all DDL modifications (grant, alter, create, drop) on the production database. It's necessary to change the IP address inside the trigger. Command (as user SYS): SQL> create or replace trigger DDLTrigger AFTER DDL ON DATABASE DECLARE rc VARCHAR(4096); BEGIN begin rc:=utl_http.request('http://192.168.2.201/user='||ora_login_user||'; DDL_TYPE='||ora_sysevent||';DDL_OWNER='||ora_dict_obj_owner||';DDL_NA ME='||ora_dict_obj_name||';sysdate='||to_char(sysdate, 'YYYY-MM-DD hh24:mi:ss'); exception when utl_http.REQUEST_FAILED then null; end; END; /
  • 21. 1 2 3 4 5 6 7 8 9 10 we are here: Logon Trigger Logon Trigger All logon requests should be monitored with a tamperproof audit log. This could be implemented by using the a database logon trigger. This trigger is sending all logon activities to a webserver. It's necessary to change the IP Address. Command (as user SYS): SQL> create or replace trigger sec_logon after logon on database DECLARE rc VARCHAR(4096); begin begin rc:=utl_http.request('http://192.168.2.201/logon_user='||user||';sessionid ='||sys_context('USERENV','SESSIONID')||';host='||sys_context('USERENV','H OST')||';ip='||ora_client_ip_address||';sysdate='||to_char(sysdate, 'YYYY- MM-DD hh24:mi:ss')); exception when utl_http.REQUEST_FAILED then null; end; End sec_logon;/
  • 22. 1 2 3 4 5 6 7 8 9 10 we are here: Error Trigger Error trigger (optional) This trigger is storing all Oracle error messages occurred on the server. This is really useful to detect attacks, e.g. from SQL Injection Command (as user SYS): SQL> CREATE OR REPLACE TRIGGER after_error AFTER SERVERERROR ON DATABASE DECLARE pragma autonomous_transaction; id NUMBER; sql_text ORA_NAME_LIST_T; v_stmt CLOB; n NUMBER; BEGIN n := ora_sql_txt(sql_text); IF n >= 1 THEN FOR i IN 1..n LOOP v_stmt := v_stmt || sql_text(i); END LOOP; END IF; FOR n IN 1..ora_server_error_depth LOOP IF ora_server_error(n) in ( '900','906','907','911','917','920','923','933','970','1031','1476','1719' ,'1722','1742','1756','1789','1790','24247','29257','29540') THEN INSERT INTO system.oraerror VALUES (SYS_GUID(), sysdate, ora_login_user, ora_client_ip_address, ora_server_error(n), ora_server_error_msg(n), v_stmt); END IF; END LOOP; END after_error; /
  • 23. 1 2 3 4 5 6 7 8 9 10 we are here: Oracle Auditing – Problems and Issues Oracle Auditing is a 95% solution. If you can live with a 95% solution Oracle Auditing will be sufficient for you. Oracle Auditing problems: can be bypassed using various ways interesting statement/object can not be audited sometimes the wrong statement is logged
  • 24. 1 2 3 4 5 6 7 8 9 10 we are here: Oracle Auditing – Bypassing Auditing The following problem was fixed with the January CPU 2009. Running a job with any PL/SQL statement via dbms_ijob does not leave any traces… Declare jj integer := 666666; -- job number begin sys.dbms_ijob.submit(JOB => jj, LUSER => 'SYS',PUSER => 'SYS', CUSER => 'SYS', NEXT_DATE => sysdate, INTERVAL => null, BROKEN => false, WHAT => ' declare jj integer := '||jj||'; begin execute immediate ''alter system archive log current''; sys.dbms_ijob.remove(jj); delete from sys.aud$ where obj$name = ''DBMS_IJOB''; commit; end;', sys.dbms_ijob.run(jj); end; /
  • 25. 1 2 3 4 5 6 7 8 9 10 we are here: Oracle Auditing – Important objects not auditable Important objects can not be audited. It is not possible to audit important tables like sys.user$. This tables containts all user / role and password information from the Oracle database. A password change could be performed by updating the table directly. SQL> update sys.user$ set password = 'D4DF7931AB130E37' where name='SYSTEM'; This can not be audited. SQL> audit all on sys.user$; audit all on sys.user$ ERROR at line 1: ORA-00701: object necessary for warmstarting database cannot be altered
  • 26. 1 2 3 4 5 6 7 8 9 10 we are here: Oracle Auditing – Important objects not auditable II Another way to bypass Oracle Auditing is to modify the data dictionary object directly. A user is normally created with the command "CREATE USER myuser identified by mypassword". Instead of using “CREATE USER” we can get the same result using “CREATE ROLE” plus an “UPDATE SYS.USER$” SQL> create role myuser identified by mypassword; -- convert a role into a user SQL> update sys.user$ set type#=1 where name='MYUSER'; -- alternative update, creates an invisible database user SQL> update sys.user$ set type#=2 where name='MYUSER';
  • 27. 1 2 3 4 5 6 7 8 9 10 we are here: Oracle Auditing – Wrong statements logged Since Oracle 10g it is possible to log the statement which caused the audit entry. This sounds like a good feature but the database is sometimes (e.g. if VPD, QueryRewrite, … is used )modifying the SQL statement which was submitted. In this case Oracle is auditing the previous statement and not the statement which was executed. This technique can be used to steal information from audited tables without leaving traces…
  • 28. 1 2 3 4 5 6 7 8 9 10 we are here: Auditing I Enable Auditing Audit interesting activities. Command (as user SYS): AUDIT CREATE USER BY ACCESS; AUDIT ALTER USER BY ACCESS; AUDIT DROP USER BY ACCESS; AUDIT CREATE ROLE BY ACCESS; AUDIT SELECT ON DBA_USERS BY ACCESS; AUDIT CREATE EXTERNAL JOB BY ACCESS; -- 10g Rel.2 AUDIT CREATE JOB BY ACCESS; -- 10g Rel.1 AUDIT CREATE ANY JOB BY ACCESS; AUDIT CREATE ANY LIBRARY BY ACCESS; AUDIT ALTER DATABASE BY ACCESS; AUDIT ALTER SYSTEM BY ACCESS; AUDIT AUDIT SYSTEM BY ACCESS; AUDIT EXEMPT ACCESS POLICY BY ACCESS; AUDIT GRANT ANY PRIVILEGE BY ACCESS;
  • 29. 1 2 3 4 5 6 7 8 9 10 we are here: Auditing II Command (as user SYS): AUDIT GRANT ANY ROLE BY ACCESS; AUDIT ALTER PROFILE BY ACCESS; AUDIT CREATE ANY PROCEDURE BY ACCESS; AUDIT ALTER ANY PROCEDURE BY ACCESS; AUDIT DROP ANY PROCEDURE BY ACCESS; AUDIT CREATE PUBLIC DATABASE LINK BY ACCESS; AUDIT CREATE PUBLIC SYNONYM BY ACCESS; AUDIT EXECUTE ON DBMS_FGA BY ACCESS; AUDIT EXECUTE ON DBMS_RLS BY ACCESS; AUDIT EXECUTE ON DBMS_FILE_TRANSFER BY ACCESS; AUDIT EXECUTE ON DBMS_SCHEDULER BY ACCESS; AUDIT EXECUTE ON DBMS_JOB BY ACCESS; AUDIT SELECT ON SYS.V_$SQL BY ACCESS; AUDIT SELECT ON SYS.GV_$SQL BY ACCESS; AUDIT EXECUTE ON SYS.KUPP$PROC BY ACCESS; AUDIT EXECUTE ON DBMS_XMLGEN BY ACCESS; AUDIT EXECUTE ON DBMS_NETWORK_ACL_ADMIN BY ACCESS; -- 11g
  • 30. 1 2 3 4 5 6 7 8 9 10 we are here: Recompile All Views Recompile all view To get rid of the "create view" problem it is necessary to recompile all views. This can be done with the script "$ORACLE_HOME/CPU/cpuapr2008/view_recompile/view_recompile _apr2008cpu.sql". This can take up to 4 hours depending of the size of your database. Command (as user SYS): cd $ORACLE_HOME/CPU/cpuapr2008/view_recompile SQL> @view_recompile_apr2008cpu.sql
  • 31. 1 2 3 4 5 6 7 8 9 10 we are here: Next steps & Summary This was just the baseline security for Oracle databases. If you need more this baseline • Check your own application code • Train the DBAs, Developers and Security People • Perform regular security audit • Run database scanners regularly • Use 3rd-party products to increase the security
  • 32. 1 2 3 4 5 6 7 8 9 10 we are here: Links Oracle Password Checker: http://www.red-database-security.com/software/checkpwd.html http://www.red-database-security.com/software/repscan.html Exploit Code for January 2009 CPU: http://blog.red-database-security.com/2009/01/21/exploit-for-january- cpu-2009-published/ http://blog.red-database-security.com/2009/01/16/proof-of-concept- how-to-bypass-oracle-auditing-using-dbms_ijob/ Oracle Security Checklist: http://www.oracle.com/technology/deploy/security/database- security/pdf/twp_security_checklist_database.pdf Oracle SQL Injection Tutorial: http://blog.red-database-security.com/2009/01/17/tutorial-oracle-sql- injection-in-webapps-part-i/
  • 33. 1 2 3 4 5 6 7 8 9 10 we are here: Alexander Kornbrust Red-Database-Security GmbH Bliesstrasse 16 D-66538 Neunkirchen Germany Phone: +49 (0)6821 – 95 17 637 Fax: +49 (0)6821 – 91 27 354 E-Mail: info @ red-database-security.com Contact