| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Looking for Security book
Glad you found it useful Paul,
cheers
Pete
In article <1ac7c7b3.0302182304.677ff28_at_posting.google.com>, Paul Drake
<drak0nian_at_yahoo.com> writes
>Pete Finnigan <pete_at_peterfinnigan.demon.co.uk> wrote in message news:<2yUlfCBcwA
>U+Ewln_at_peterfinnigan.demon.co.uk>...
>> Hi Paul,
>>
>> Sorry for the delay in replying to this thread. Some comments in-line.
>
>I've spent the past couple of days shoveling snow, haven't been
>checking this newsgroup lately either.
>
>> In article <1ac7c7b3.0302132240.18129d37_at_posting.google.com>, Paul Drake
>> <drak0nian_at_yahoo.com> writes
>> >Pete Finnigan <pete_at_peterfinnigan.demon.co.uk> wrote in message
>> >news:<WgRNLjBVYC
>> >T+Ew4+@peterfinnigan.demon.co.uk>...
>> >
>> >It reminds me of the 'Bastille Linux project', whereby after
>> >installing RH Linux (6.2 was the last time I used it) one could harden
>> >the operating system very effectively by running a single script.
>> >The release of a good sample security template in an open source
>> >fashion might help to secure a large nmber of servers, relative to the
>> >circulation of either SANS text, the Oracle Security step-by-step or
>> >securing windows 2000 servers. Calling attention to it certainly
>> >wouldn't hurt.
>> >
>>
>> This has already been done by the Centre For Internet Security (CIS),
>> see www.cisecurity.org, they have provided benchmark documents for a few
>> O/S's and applications (Oracle benchmark is in development now) Windows
>> 2k is available in level 1 and 2. You can download these "benchmark"
>> documents that detail a defined security standard for the particular
>> system being secured. Each also has a benchmark tool available that when
>> run "scores" the installation against the benchmark standard, i.e. it
>> finds non compliance's. CIS has as one of its founder members the SANS
>> Institute. CIS is mentioned on the back cover of the Oracle security
>> step-by-step book.
>>
>> Thanks again for the reply.
>>
>> kind regards
>>
>> Pete
>
>Pete,
>
>thanks much for the link to cisecurity.org.
>that is exactly what I was looking for.
>
>Paul
-- Pete Finnigan Email : pete_at_peterfinnigan.demon.co.uk Email : pete_at_petefinnigan.com Web site: http://www.petefinnigan.com Independent consultant specialising in Oracle security. Pete Finnigan is the author of the recently published book about Oracle security from the SANS Institute "Oracle security Step-by-step (A survival guide for Oracle security)" - see http://store.sans.org for details. Some recently published articles include: http://online.securityfocus.com/infocus/1644 - "SQL injection and Oracle - part one" http://online.securityfocus.com/infocus/1646 - "SQL injection and Oracle - part two"Received on Thu Feb 20 2003 - 09:39:20 CST
 |
 |