IPS Guards Oracle Databases
Database
SHARE
Facebook X Pinterest WhatsApp

IPS Guards Oracle Databases

Written By
Dennis Fisher
Dennis Fisher
Aug 23, 2004
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Security researchers Mark and David Litchfield have spent much of the last few years poring over lines of code looking for vulnerabilities in enterprise applications, specifically Oracle Corp.s databases. Now, the brothers, and co-founders of Next Generation Security Software Ltd., are working on a solution to help defend Oracles database products.

NGSS is developing a firewall designed to protect Oracle databases, which are among the most popular and widely deployed in the world. The solution will act as an IPS (intrusion prevention system) capable of blocking attacks against known and unknown vulnerabilities in Oracle servers.

While investigating flaws in Oracle products, the Litchfields found dozens of vulnerabilities, making that work a logical starting point for their database protection efforts.

/zimages/3/28571.gifClick hereto read about Sourcefire taking the IPS plunge with its 3D Product Suite.

Indeed, NGSS has submitted more than 30 vulnerability reports to Oracle that the vendor is still patching. But NGSS also plans to release versions of the new product, known as Dbfw, for IBMs DB2 database and Microsoft Corp.s SQL Server.

“Were very excited about this product,” said David Litchfield, managing director of NGSS. “We placed a default install of Oracle9i behind Dbfw and couldnt break it. Without Dbfw, I could use one of about 80 different ways to break into the database server. But with Dbfw in place, not a single attack got through.

/zimages/3/28571.gifFor insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog.

“Whats even more exciting is that all of the security bugs were currently waiting on Oracle to fix were stopped by Dbfw, and Dbfw was written before we even knew about the flaws.”

NGSS has not yet specified a release date for the first version of Dbfw. The Litchfields said they are trying to improve the speed of the solution so that it does not affect query times of the protected databases.

/zimages/3/28571.gifCheck out eWEEK.coms Database Center at http://database.eweek.com for the latest database news, reviews and analysis.

/zimages/3/77042.gif

Be sure to add our eWEEK.com database news feed to your RSS newsreader or My Yahoo page

Dennis Fisher
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information