Re: PCI / AV / Linux DB Servers

From: Thomas Roach <troach_at_gmail.com>
Date: Fri, 31 Jan 2014 20:25:54 -0500
Message-Id: <4D3BCC74-C74E-4AC8-9323-B13D8540B4D5_at_gmail.com>

And if you have something that scans networks then have it exclude the private non routable interconnect.

Sent from my iPhone

> On Jan 31, 2014, at 8:18 PM, "CRISLER, JON A" <JC1706_at_att.com> wrote:
>
> I am pretty sure Symantec has a Linux version, and I know McAfee does as well. You can use those- you might have better costs with Symantec since you already use those products. Just configure the package for use in a Oracle env- for instance, on-access scanning to anything Oracle related (db files, ocr etc) should be removed for performance reasons. The main thing is the on-access scanning stuff which kills performance. As for your interconnect traffic being high- I don’t see why the AV would cause that, but Oracle might be reacting to something else going on …
>
> From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Uzzell, Stephan
> Sent: Friday, January 31, 2014 12:24 PM
> To: 'Radoulov, Dimitre'
> Cc: oracle-l_at_freelists.org; Uzzell, Stephan
> Subject: RE: PCI / AV / Linux DB Servers
>
> That’s something we’ve discussed. However, we have some application servers (multi-customer environment) where the application servers are available via public internet. This is primarily for customers that are not large enough to invest in MPLS or a VPN. While we are absolutely on board with removing the internet access from our DB servers, I don’t think we can cut the entire datacenter off…. So with some servers necessarily exposed, how do we protect the DB servers (my area of concern)?
>
> Thanks!
>
> Stephan Uzzell
>
> From: Radoulov, Dimitre [mailto:cichomitiko_at_gmail.com]
> Sent: Friday, 31 January, 2014 12:16
> To: Uzzell, Stephan
> Cc: oracle-l_at_freelists.org
> Subject: Re: PCI / AV / Linux DB Servers
>
> Firewalls. We have no servers directly exposed on Internet.
>
> Regards
> Dimitre
>
> Il 31/gen/2014 18:07 "Uzzell, Stephan" <SUzzell_at_micros.com> ha scritto:
> Hi all,
>
> We’re in a bit of an uncomfortable spot here… We’re basically a Windows shop, our DB servers have internet access, and therefore our DB servers have AV software installed. We have periodically had to disable or even remove it on some of our larger database clusters as we have seen slow interconnect traffic with it enabled (Symantec Endpoint, mostly version 12 by this point). As soon as we remove Endpoint, interconnect ping times go back to where they should be and we move on.
>
> We’ve just started a process of converting to Linux – supposedly we’ll have all 240+ databases on 11.2.0.3 on Linux by the end of the year. We had somewhat assumed along the way that we would not be using AV software on our Linux DB servers: lower risk, fewer Linux viruses, &c.
>
> Our PCI auditor doesn’t seem to agree. To satisfy his requirements, we need some form our AV software installed. Or some other form of protection…
>
> So – I guess my question is: people running production Linux environments – what do you do? How do you protect your servers?
>
> Thanks!
>
> Stephan Uzzell
>

--
http://www.freelists.org/webpage/oracle-l

Received on Sat Feb 01 2014 - 02:25:54 CET

This message: [ Message body ]
Next message: Justin Mungal: "Re: training for new DBA's"
Previous message: CRISLER, JON A: "RE: PCI / AV / Linux DB Servers"
In reply to: CRISLER, JON A: "RE: PCI / AV / Linux DB Servers"
Next in thread: Justin Mungal: "Re: PCI / AV / Linux DB Servers"
Maybe reply: Justin Mungal: "Re: PCI / AV / Linux DB Servers"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message