www.theplague.fora.pl Forum Index www.theplague.fora.pl
WAR
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   GalleriesGalleries   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

hollister outlet sale The Top Sources Of Oracle Be

 
Post new topic   Reply to topic    www.theplague.fora.pl Forum Index -> The PLague Info
View previous topic :: View next topic  
Author Message
clkelyqld2
Top Gun



Joined: 10 Aug 2013
Posts: 7099
Read: 0 topics

Warns: 0/5
Location: England
PostPosted: Sat 12:03, 31 Aug 2013    Post subject: hollister outlet sale The Top Sources Of Oracle Be
As IT auditors with heavy experience auditing databases, we wanted to write a brief overview of some excellent sources of Oracle database best practices.
The two sources are the Center for Internet Security (CIS) 'Security Configuration Benchmark' and the US Defense Information Systems Agency (DISA) 'Database Security Technical Implementation Guide' (STIG).
The following discussion provides a brief overview of each source.
CIS Security Configuration Benchmark. This benchmark for [link widoczny dla zalogowanych] Oracle Database Server 11g is the consensus of industry consultants, auditors, software developers, compliance professionals and government workers.
This benchmark document offers a 'level-I' configuration where settings and actions can be implemented by system administrators with any level of security experience. The settings will not have a disruptive impact on an existing database. A 'level-II' configuration is more focused on security functionality and network architecture. This level requires a higher level of experience.
The benchmark [link widoczny dla zalogowanych] contains separate sections dedicated to system specific settings, installation and patching, directory and file permissions, database startup and shutdown, auditing policy, user [link widoczny dla zalogowanych] setup and access settings.
This benchmark is aimed at Oracle security against conventional [link widoczny dla zalogowanych] threats. The document includes specific guidance for secure setup, installation, configuration and operation of an Oracle 11g database environment. There are also 'best practice' processes and procedures on data backup, archive logs and hardware [link widoczny dla zalogowanych] security included in the document.
DOD DISA Database Security Technical Implementation Guide (STIG). The STIG was published by [link widoczny dla zalogowanych] the US Defense Information Systems Agency (DISA) for the Department of Defense (DOD). The objective of the STIG is to secure DOD database management systems (DBMS). The document [link widoczny dla zalogowanych] covers known security configuration items, vulnerabilities and issues.
The STIG was created as a detailed and comprehensive configuration standard that includes 'security elements' and 'security requirements'. Although the STIG is a 'generic' document it goes into much more depth than the vendor-specific 'checklists' discussed below.
The 'security elements' section of the [link widoczny dla zalogowanych] guide (STIG) focuses on the essentials of database security [link widoczny dla zalogowanych] such as authentication, authorization, data integrity, system auditing, backup and recovery. This section of the STIG [link widoczny dla zalogowanych] discusses the security elements that are most commonly found in a database management system (DBMS) where control [link widoczny dla zalogowanych] resides for security of actual data.
The 'security requirements' section covers the requirements for accessing data and operating the database. There is guidance on identification and authentication, design and [link widoczny dla zalogowanych] configuration, boundary defense, disaster recovery, vulnerability and incident management, physical and environmental requirements.
DOD DISA Oracle 11 Database Security Checklist. DISA has also published vendor-specific database security checklists for Oracle and Microsoft SQL Server DBMS's. The 'Oracle 11 Database Security Checklist' is the most current checklist as of the date of this writing - published in August 2010. Separate checklists have also been published for the previous Oracle versions 9 and 10. The Oracle 11 checklist includes security review procedures organized into specific security 'items' or 'checks.'
Conclusion. The two documents discussed above emphasized different aspects of database security. The CIS document provides a basic security configuration (Level I) and an advanced security configuration (Level II). The STIG document provides 'security elements' and 'security requirements'. A more detailed and specific document is the Database Security Checklist.
References. Database Security Technical Implementation Guide (STIG), Version 8, Release 1 (September 2007). US Department of Defense, Defense Information Systems Agency.
Oracle 11 Database Security Checklist, Version 8, Release 1.8 (August 2010). US Department of Defense, Defense Information Systems Agency.
Security Confguration Benchmark for Oracle Database Server 11g. Version 1.0.1 (January 2009). The Center for Internet Security. [link widoczny dla zalogowanych]
相关的主题文章:


[link widoczny dla zalogowanych]

[link widoczny dla zalogowanych]

[link widoczny dla zalogowanych]

The post has been approved 0 times
Back to top
View user's profile
Display posts from previous:   
Post new topic   Reply to topic    www.theplague.fora.pl Forum Index -> The PLague Info All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

fora.pl - załóż własne forum dyskusyjne za darmo
Powered by phpBB © 2001, 2005 phpBB Group
Regulamin
Na skróty:The PLagueThe PLague InfoRekrutacja/RecrutationRegulamin/Rules