Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security ISSForum
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISSForum] RE: again on databaase login

from [Duncanson, Robert] Network Security [Permanent Link]
Subject: [ISSForum] RE: again on databaase login
Date: Thu, 19 Aug 2004 10:43:17 +0100 
Matteo,

1. At the database level, the process must use the RealsecureDB database
- accomplish this by 'USE RealsecureDB'. You can eliminate this step
either by configuring a default database for a SQL login or in the ODBC
connection properties.

2. Creating an ODBC connection only means you can access SQL Server/MSDE
*using* ODBC - but you still need an account with access to the
database. SQL Server (MSDE) handles authentication slightly differently
depending on how it was initially set up. Assuming SQL logins are used,
this T-SQL will create a SQL server login and a RealsecureDB database
user with read-only rights to all tables:
        USE master
        EXEC sp_addlogin
@loginame=[ReportApp],@passwd=[abcd123],@defdb=[RealsecureDB]
        USE RealsecureDB
        EXEC sp_grantdbaccess @loginame=
[ReportApp],@name_in_db=[ReportApp]
        EXEC sp_addrolemember @rolename=[db_datareader],
@membername=[ReportApp]
        GO    

3. The SiteProtector database schema is detailed in the product
documentation, but for basic needs you probably won't need it. Start
with the Observances table if you want processed/refined information, or
the SensorData table if you want 'raw' sensor events. 

Cheers,
Robert
                

-----Original Message-----
From: nyarlathothep@libero.it [mailto:nyarlathothep@libero.it] 
Sent: 19 August 2004 09:27
To: Duncanson, Robert
Cc: issforum
Subject: again on databaase login

ok, I've created another ODBC source and I can connect with the Windows
user logged in, but I see only 10 tables, the server schema tables I
think... I cant see the ISS tables...

any idea?

Thankx,

Matteo



---------- Initial Header -----------


From      : "Duncanson, Robert" robert.duncanson@gb.unisys.com

To          : nyarlathothep@libero.it,"issforum" issforum@iss.net
Cc          : 
Date      : Thu, 19 Aug 2004 09:06:20 +0100
Subject : RE: [ISSForum] databaase login


Matteo,

You cannot use the SQL logins (IssApp, EventCollector_XXXXXX etc.) 
that are created by ISS components, since these have random passwords 
which are stored securely. (Even if that were not the case, using the 
same account for two distinctly different processes goes against best



practice.)

The solution is to simply create a new SQL login for your agent

process.

From what you wrote, this looks like a read-only/reporting scenario, 
so the standard SQL roles public+db_datareader would probably suffice.

Cheers,

Robert

-----Original Message-----
From: issforum-bounces@iss.net [mailto:issforum-bounces@iss.net]
Sent: 18 August 2004 14:59
To: issforum
Subject: [ISSForum] databaase login
Importance: High

Hi all,

I've a problem with the Evaluation version of ISS Site Protector

Suite:


I'm developing an agent capable to connect to Snort and ISS IDS sensor



so I've to see how ISS write alerts data in the database.

I've installed the evaluation and it works perfectly, but I recognize 
that I dont know how to login into the MS SQL desktop database to see 
tables.




Is it possible? 
Is the login the same one of the Site Protector system or something 
else?

Could someone help me?


--------------------------------------------------------------------
Matteo Poropat
mailto:nyarlathothep@libero.it
http://www.genhome.org
--------------------------------------------------------------------






_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum




To contact the ISSForum Moderator, send email to mod-issforum@iss.net




The ISSForum mailing list is hosted and managed by Internet Security 
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.





-------------------------------
-------------------------------
------

Matteo Poropat
mailto:nyarlathothep@liber
o.it
http://www.genhome.org

http://books.dreambook.co
m/mefistofele74/genhome.
html
-------------------------------
-------------------------------
------


_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISSForum] RE: again on databaase login, Duncanson, Robert <=
Previous by Date:  [ISSForum] again on databaase login, nyarlathothep\@libero\.it
Next by Date:  [ISSForum] RE: FOUND! databaase login, Duncanson, Robert
Previous by Thread:  [ISSForum] again on databaase login, nyarlathothep\@libero\.it
Next by Thread:  [ISSForum] RE: FOUND! databaase login, Duncanson, Robert
Indexes:  [Date] [Thread] [Top] [All Lists]