Demo Environment & Scenario Information

Below is information about the applications that were audited on January 15, 2013, and the attacks performed against the databases that day:

Oracle Databases

Five databases were audited for this demo:
  • AIX-11g – Oracle 11g running on AIX 5.3 on PowerPC
  • Linux32-10g – Oracle 10g running on 32bit Linux
  • Linux64-11g – Oracle 11g running on 64bit Linux
  • Solaris-10g – Oracle 10g running on SPARC Solaris
  • Windows-11g – Oracle 11g running on Microsoft Windows 64bit
All the databases have 4 accounts in use:
  • TOM – DBA account
  • SYS – SYS account
  • HRAPP – account for the HR demo application (see below)
  • CCAPP – account for the Credit Card demo application (see below)

Demo Applications

Two demo applications ran against the databases during the auditing period:
  • HRAPP – a demo program that reads and write employee and salary tables. The sensitive table in this scenario is the salaries table, where unauthorized reads or updates to the salaries are considered a breach. HRAPP ran against AIX-11g, Linux32-10g, and Windows-11g.
  • CCAPP – a demo credit card program that reads card holder information and writes transactions. In this scenario the sensitive table is the cards table where unauthorized reads are considered a breach. CCAPP ran against Linux-11g, and Solaris-10g.
Both applications had a large volume of authorized activity, and about 10 different attacks (breaches) performed by various means.
For comparison purposes, during the previous day (January 14, 2013), only the applications ran against these databases.

Policy Deployment

Different auditing policies were deployed for different databases to allow for investigations under different conditions. Note that policy deployment is performed on the Audit Server only and does not affect the performance or behavior of the agent in any way:
  • AIX-11g – the DBA, DDL, and Sensitive Table policies were deployed for this database
  • Linux32-10g – the SOX policies were deployed for this database
  • Linux64-11g – the DBA, DDL, and Sensitive Table policies were deployed for this database
  • Solaris-10g – both the PCI policies and the Everything policy were deployed for this database.
  • Windows-11g – the SOX policies were deployed for this database
In addition, all databases had the AppUser policies deployed.
For detailed information on the policies deployed on each database, check the Overview screen in the demo.

Attacks & Breaches

During the auditing on January 15, 10 different attacks were performed against each of the audited databases. See the Detective Challenge for general information about the attacks and Attack descriptions for a more detailed description.