Re: Security Measures
- From: Hans Forbrich <fuzzy.graybeard@xxxxxxxxx>
- To: oracle-l@xxxxxxxxxxxxx
- Date: Tue, 07 Apr 2015 06:31:31 -0600
On 07/04/2015 12:26 AM, walid kaakati (Redacted sender
walid_alkaakati@xxxxxxxxx for DMARC) wrote:
Hallo List,
I would like to know what security measures you apply other than
Auditing to ensure that your database is secure and you are as a DBA
has done your home work and you are secure legally.
Best wishes for all !,
Start by defining 'secure'. What do you (or does your organization) mean
when you use the term security?
I personally like the definition and information in the Security Guide
and the Advanced Security Guide in the docs at
http://docs.oracle.com/database/121/nav/portal_25.htm and am impressed
by the information in the books [co-]authored by Scott Know such as
http://www.amazon.ca/Oracle-Database-Security-Scott-Gaetjen-ebook/dp/B00QKUJ97O
After that, a lot depends on policy, such as "will you apply the
quarterly CPUs or PSUs that are made available" and "do passwords need
to change regularly" and "why are service passwords controlled by the
same stupid policy as user passwords" and so on. Are you using
applications in which the vendors have hard-coded passwords?
You also mention "legally". Since Legal is a regional definition, you
need to be aware of what that means.
And, there is the cost vs security tradeoff - has the organization
bothered to pay for the Enterprise Edition (as compared to SE) and for
the Advanced Security Option? Is the organization willing to manage
server side certificates? How about firewalls?
And finally, do you include recoverability (backup, restore, DR) and
service level agreements in the definition of security.
/Hans
Other related posts: