Re: Question About Oracle Security issue.....

From: Chris Day <chris.day_at_rdbms.freeserve.co.uk>
Date: Thu, 05 Apr 2001 23:16:35 +0100
Message-ID: <3ACCEEC3.FEACA66F_at_rdbms.freeserve.co.uk>

Richard,

Glad you mentioned the information security issues, the focus then moves to gaining evidence about possible risks and then applying mitigation.

I would enable session level auditing, you can then gain evidence about logons and mitigate risk.
With 8i the logon trigger is ideal to gain the 'program' information, you can't force a logoff, but you gain evidence.
I'm raising this at the Oracle CAC in the summer, should be able to force a logoff.

Chris

Richard wrote:
>
> Hello,
>
> Thank you Cliff and Daniel.
>
> To prevent potential fraud caused by internal staffs is the primary reason I
> need this solution.
>
> Some developers/Power users may "spy" the confidential information in
> databases. The confidential information means the data itself and database
> schema.
>
> For technical guys, it is easy to intrude database with some tools like
> SQL*PLUS (to get more data information) or ERWin ( to get database schema )
>
> if they have valid userid/password. From the viewpoint of internal audit,
> that is a threat for information security.
>
> If any one have better solution than this one , i.e., to prevent
> unauthorized client machines and/or unauthorized applications to access
> database,
>
> please let me share your idea.
>
> Thank you...
>
> Richard L. Chen
>
> ( PS: Actually, I don't think that would be difficult for Oracle to
> implement this idea.)
>
> C Palmer <cliff_at_palmercs.com> wrote in message
> news:3ACC6B13.3DD6A8F8_at_palmercs.com...
> > Richard, *if* the oracle server machine is (or can be) seperated from
> > *all* the client machines onto a different network segment, you might be
> > able to place an intellegent router between the segments and configure the
> > router to deny routing to ports 1521 and 1527 on the oracle server box
> > from the specific workstations you wish. In addition to that you could
> > implement challeneged access in other fashions.
> >
> > I have to echo Daniel A Morgan's concerns about the wisdom of this
> > notion. This sounds like a really unworkable idea to me and probably wont
> > really solve your problem.. Remember that a fair number of users know how
> > to change their IP/IPX address or they can simply go sit at someone else's
> > workstation.
> >
> > HTH
> > Cliff
> >
> > Richard wrote:
> >
> > > Hi,
> > >
> > > Is there any possible solution to prevent unauthorized client machines
> > > and/or unauthorized applications to access
> > > Oracle database, even with valid USER ID and PASSWORD ??
> > >
> > > Thanks,
> > >
> > > Richard
> > > richchen_at_ms6.hinet.net
> >
Received on Fri Apr 06 2001 - 00:16:35 CEST

This message: [ Message body ]
Next message: Steve Bell: "Re: Question About Oracle Security issue....."
Previous message: Richard: "Re: Question About Oracle Security issue....."
Maybe in reply to: Richard: "Question About Oracle Security issue....."
In reply to Richard: "Re: Question About Oracle Security issue....."
Next in thread: timkarnold: "Re: Oracle Enterprise manager Setup"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message