Sources Pts
The Top Sources Of Oracle Database Best Practices Used By IT Auditors
In our experience as IT auditors who review databases, we wanted to share a few excellent sources of Oracle database best practices.
The two main sources are the Center for Internet Security (CIS) ‘Configuration Benchmark’ and the US Defense Information Systems Agency (DISA) ‘Database Security Technical Implementation Guide’ (STIG). The following discussion provides a brief overview of each source.
CIS Security Configuration Benchmark. This benchmark for Oracle Database Server 11g is a consensus document based on input from consultants, software developers, auditors, compliance professionals and government workers.
The benchmark provides a ‘level-I’ configuration of settings that can be implemented by system administrators with basic security knowledge. These settings are designed to minimize disruption to an existing database. There is also a ‘level-II’ configuration which is targeted to network architecture and server function. This higher level requires stronger security experience but yields substantially greater security functionality. 3
The benchmark contains separate sections dedicated to system specific settings, installation and patching, directory and file permissions, database startup and shutdown, auditing policy, user setup and access settings. 3
This configuration benchmark provides the settings for an Oracle database that is secure against conventional threats. There is specific guidance for a secure installation, setup, configuration and operation of an Oracle 11g database environment. In addition to specific configuration settings there are also ‘best practice’ processes and procedures e.g. data backups, archive logs, hardware security. For more information visit oracle database administration
DOD DISA Database Security Technical Implementation Guide (STIG). The STIG was published by the US Defense Information Systems Agency (DISA) for the Department of Defense (DOD). The objective of the STIG is to secure DOD database management systems (DBMS). The document covers known security configuration items, vulnerabilities and issues. For more information visit oracle database administration
The STIG is a comprehensive and detailed configuration standard that consists of ‘security elements’ and ‘security requirements’. The STIG goes into much more depth than the vendor specific ‘checklists’ discussed below.
The ‘security elements’ section of the guide (STIG) includes the essentials of database security such as authentication, authorization, data integrity, system auditing, backup and recovery. These security elements are commonly found in a database management system (DBMS) which controls the security of the actual data.
The section on ‘security requirements’ contains the specific requirements for accessing data and operating the database. Guidance is provided on design and configuration, identification and authentication, boundary defense, disaster recovery, vulnerability and incident management, physical and environmental requirements.
DOD DISA Oracle 11 Database Security Checklist. DISA has also published vendor-specific database security checklists for Oracle and Microsoft SQL Server DBMS’s. The ‘Oracle 11 Database Security Checklist’ is the most current checklist as of the date of this writing – published in August 2010. Separate checklists have also been published for the previous Oracle versions 9 and 10. The Oracle 11 checklist includes security review procedures organized into specific security ‘items’ or ‘checks.’
Conclusion. The two documents discussed above emphasized different aspects of database security. The CIS document provides a basic security configuration (Level I) and an advanced security configuration (Level II). The STIG document provides ‘security elements’ and ‘security requirements’. A more detailed and specific document is the Database Security Checklist.
References. Database Security Technical Implementation Guide (STIG), Version 8, Release 1 (September 2007). US Department of Defense, Defense Information Systems Agency.
Oracle 11 Database Security Checklist, Version 8, Release 1.8 (August 2010). US Department of Defense, Defense Information Systems Agency.
Security Confguration Benchmark for Oracle Database Server 11g. Version 1.0.1 (January 2009). The Center for Internet Security.
Article done by Sarah Abelow Article Source: http://EzineArticles.com/?expert=Sarah_Abelow
|
|
Programmed Test Sources PTS 6400 Frequency Synthesizers NEW $1,250.00 |
|
|
E3 RF Source PTS 120 Programmable Test Source Microwave $895.00 |
|
|
PTS160 Frequency Synthesizer 0.1-160MHz Programmed Test Sources Inc. $349.99 |
|
|
PTS Programmed Test Sources SGB-1103 SGB1103 Ser. 1526 $199.00 |
|
|
PTS / Programmed Test Sources: D310 Freq. Synthesizer $2,499.99 |
|
|
PTS 1 TO 250MHZ PROGRAMMED TEST SOURCE $149.99 |
|
|
PTS Programmed Test Sources D620 Frequency Synthesizer 1-620MHz D620RHN2X-6/X-62 $879.00 |
|
|
PTS Programmed Test Sources 160 Frequency Synthesizer 0.1-160MHz $879.00 |
|
|
PTS Programmed Test Sources 620 Frequency Synthesizer 1-620MHz 620RKN2X-62 $879.00 |
|
|
Programmed Test Sources PTS x10 – Repair – Lot of 3 $199.00 |
|
|
PROGRAMMED TEST SOURCES PTS 200 FREQUENCY SYNTHESIZER MHZ PTS200 ~ PTS250 M6T1AG $985.00 |
|
|
PTS 500 Frequency Synthesizer 1-500 Mhz Programmed Test Source Good Used Pull $287.00 |
|
|
PTS Programmed Test Source PTS-160 Instruction Manual $50.00 |
|
|
Programmed Test Sources PTS L320 320 MHz Frequency Synthesizer L320R1N1X-104 $2,749.00 |
|
|
Programmed Test Sources PTS500 Frequency Synthesizer $2,300.00 |
|
|
PTS Light source PTS-3012A for camera or Scope (V2) $188.88 |
|
|
PTS Programmed Test Source DMA-1005 Instruction Manual $35.00 |
|
|
PTS Programmed Test Source SGA-1002 SGA-1003 Manual $35.00 |
|
|
GE Fanuc IC610MDL112A 24VDC Source Input 16 pts $14.00 |
|
|
Programmed Test Sources Instruction Manual for PTS-500 Frequency Synthesizer $59.99 |