Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Security Issues

Re: Security Issues

From: Kalle <kk.kk_at_kk.com>
Date: Sat, 18 Oct 2003 03:58:06 GMT
Message-ID: <3F90B8C5.2D095DA3@kk.com> 






Pete,



thank you for your prompt reply...



I will investigate more ;-)



rgds


Kalle



Pete Finnigan wrote:



> Hi Kalle,

>

> Encryption is an option but protecting your data against DBA's is

> probably impossible, even if you encrypt the secret data it has to be

> decrypted to be read and maintained by the application, someone has to

> have access to the keys used "at some point". Someone somewhere in the

> chain of command has to be trusted. There are secure ways of managing

> keys using products such as the Thales RG7100 HSM or Eracom CSA8000.

> Also check out jared Still's page http://www.cybcon.com/~jkstill/util/en

> cryption/encryption.html about encryption. Also search www.fatcity.com

> for the ORACLE-L list and find a recent posting by Craig Munday about

> encryption and key protection.

>

> The backups should not be kept locally on the machine (you might have a

> problem with "quickly as possible" though) and should be encrypted -

> choose any file encryption method!. Tape management should be thought

> out so that backup tapes cannot be socially engineered from wherever

> they are stored.

>

> You should consider auditing very carefully and monitor access and

> controls and use of system privileges (also protect the audit trail).

> You could consider limiting security access by the DBA's using a custom

> designed role and not the DBA role but i think you are heading down the

> wrong path with that one - the problem would be that it is difficult to

> limit privileges whilst still allowing the DBA's you employ to function

> effectively. You should consider label security based on VPD on your

> secure data. Also consider fine grained auditing.

>

> There are many papers about security and Oracle on my website at

> http://www.petefinnigan.com/orasec.htm - some of which may be useful to

> you.

>

> kind regards

>

> Pete

> --

> Pete Finnigan

> email:pete_at_petefinnigan.com

> Web site: http://www.petefinnigan.com - Oracle security audit specialists

> Book:Oracle security step-by-step Guide - see http://store.sans.org for details.

Received on Fri Oct 17 2003 - 22:58:06 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US