http://www.darkreading.com/database-security/167901020/security/application-security/228300490/the-top-five-challenges-in-securing-oracle-databases.html By Adrian Lane Contributing Writer Darkreading Nov 23, 2010 [Excerpted from "Database Security: Oracle Offers New Tools To Counter Threats," a new report posted this week on Dark Reading's Database Security Tech Center.] It’s not easy to secure any relational database, let alone one as enormous and feature-rich as Oracle. The product’s massive and diverse deployments and legacy installations make it virtually impossible to identify and defend against every potential threat. Its connectivity to Web apps brings open-source and third-party variables into the mix, making the end-user organization even more vulnerable. However, it is possible to tame the Oracle beast, especially with some new tools the company recently launched. Let's take a look at some of the security challenges Oracle database users face, and some of the methods of handling them. Challenge 1: Patching In the past, Oracle was terrible about creating timely patches for vulnerabilities brought to its attention. Highly publicized vulnerability disclosures and customer outcries have altered the company’s approach. Oracle still lags in meaningful disclosure of vulnerability risks, and it certainly does not communicate risk in a language its customers understand, nor does it typically provide workarounds. Nevertheless, it does release security patches in a much timelier fashion than it did just a couple of years ago. But any Oracle DBA will tell you installation of Oracle patches is difficult, especially since systems often require rebooting after patching; the database is a hub around which many business functions revolve. [...] ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/Received on Wed Nov 24 2010 - 02:14:13 PST
This archive was generated by hypermail 2.2.0 : Wed Nov 24 2010 - 02:17:49 PST