Re: Securing Oracle, where to start? what to read?

From: mohammed bhatti <mohammed.bhatti1@xxxxxxxxx>
To: cicciuxdba@xxxxxxxxx
Date: Mon, 20 Jun 2011 14:14:00 -0400

On Mon, Jun 20, 2011 at 1:31 PM, Guillermo Alan Bort
<cicciuxdba@xxxxxxxxx>wrote:

> List,
>
>    After a few years in the field of database administration I've come to
> realize that I am utterly unprepared to deal with an attack on my databases.
> Luckily enough I haven't had to test that, but as it is I have no experience
> and I feel that if the day ever came that I had to either find out how an
> attack happened (post-mortem) or deal with one in real time I would be
> outwitted by most attackers. Furthermore, I fear that our security
> guidelines are outdated and probably rather pointless by now. I'd like to
> start reading up on this specially about real life attacks on database
> security and ways to secure the database that grant the best possible
> security and minimizes pain for the users.
>
>   Does anybody have any good books/white papers/websites to recommend?
>
>   Of course, I'm already familiar with Pete Finnigan's web www.*
> petefinnigan*.com. And there are a few of the white papars published there
> as well as the tools that look very interesting.
>
> Thanks in advance
> Cheers
> Alan.-
>


As for securing databases, you may want to search for database STIG
(Security Technical Information Guides).  Most of the latest ones are
located on DoD systems and may require valid DoD certs to access.  However,
some older database STIGs are avaiable here:

http://www.databasesecurity.com/dbsec/database-stig-v7r1.pdf

--
mohammed

References:
- Securing Oracle, where to start? what to read?
  - From: Guillermo Alan Bort

Re: Securing Oracle, where to start? what to read?

Other related posts: