RE: IDS for DataBase Systems.

Entercept has a database edition of its product for MS-SQL servers. It monitors all system calls and can alert/prevent based on policy. I have had a look at it and it does a pretty good job against things like SQL injection and some other common SQL exploits. Last I heard they are thinking about a version for Oracle on Windows and perhaps Oracle on Solaris, but don't quote me on that.

Regards,
Alan
*not speaking for my employer, vendors, government officials, professional
athletes, the mpaa, et boring cetera*

-----Original Message-----
From: Ralph Los [mailto:RLos@enteredge.com] Sent: Friday, November 15, 2002 8:13 AM
To: 'Galappatti, Kishantha'; 'Hemant Ramnani'; focus-ids@securityfocus.com
Cc: Hemant Ramnani
Subject: RE: IDS for DataBase Systems.

Yes - but that's a scanner, I think what we're looking for is an intrusion
detection system. ISS's Database Scanner is a vulnerability scanning tool
(and believe me, there are much better out there) - and not an DB_IDS.

I'm not aware of any Database-Type IDSes, perhaps we could start a development effort to write one? It would essentially be a compilation (for
MS SQL anyway) of Triggers, SP's, etc if I'm guessing right. Log scanning,
'anomaly detection', all very important.

Cheers,
  Ralph

::: -----Original Message-----
::: From: Galappatti, Kishantha [mailto:Kishantha.Galappatti@gs.com]
::: Sent: Thursday, November 14, 2002 9:24 AM
::: To: 'Hemant Ramnani'; focus-ids@securityfocus.com
::: Cc: Hemant Ramnani
::: Subject: RE: IDS for DataBase Systems.
:::
:::
::: ISS has a product called Database Scanner
Received on Mon Nov 18 02:03:11 2002