Security Benchmarks for Oracle Database 11g

Posted on
Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

<p><strong>Hershey, Pa. &mdash; Oct. 22</strong><br />The Center for Internet Security (CIS) announced the release of its security configuration benchmark for Oracle Database 11g. CIS benchmarks are distributed free of charge to promote worldwide use and adoption of user originated security standards for secure and compliant IT environments. <br /><br />As with all CIS Benchmarks, the Oracle Database 11g security benchmark is the only consensus-driven security configuration standard both developed and accepted by a broad range of security professionals in government, business, industry and academia.<br /><br />The CIS benchmark for Oracle Database 11g recommends settings and procedures for secure installation, setup, configuration and operation of an Oracle Database 11g environment. With the use of the settings and procedures provided, security professionals and system administrators can exercise due care in securing an Oracle database from conventional threats. </p><p>Recognizing that security cannot and should not be limited to only the application, the scope of this benchmark is not limited to Oracle Database specific settings or configurations, but also addresses backups, archive logs, processes and procedures for maintaining and monitoring the security of the Oracle Database instance. Applicable items were verified and tested against an Oracle Database 11g default install on a Red Hat Enterprise Server 5. The Oracle version used was<br /><br />&ldquo;CIS is the only distributor of consensus-driven security configuration standards that are widely accepted by U.S. government agencies, auditors for corporate compliance and with Fortune 500 organizations concerned with meeting regulatory requirements for information security,&rdquo; said Bert Miuccio, CEO of the Center for Internet Security. <br /><br />&ldquo;The Oracle Database 11g benchmark is a compilation of security configuration actions and settings that harden Oracle databases against unauthorized access, data loss, malware and other threats. This benchmark represents a prudent level of due care for helping ensure that Oracle Database 11g security satisfies compliance requirements.&rdquo;<br /><br />CIS benchmarks are downloaded more than 1 million times per year. In use by thousands of enterprises as the basis for security configuration policies, the consensus benchmarks are the de-facto standard for hardening operating systems, middleware, software applications and network devices. Benchmark recommendations are defined via consensus among hundreds of security professionals worldwide and are distributed freely in .PDF format. <br /><br />Many of the benchmarks are also available to CIS Members in XML format via the CIS Members Web site. CIS provides its members with benefits and access that includes benchmark scoring tools with specialized features; timely electronic notification of updates to the benchmarks and scoring tools; the right to distribute the benchmarks and tools within the member&rsquo;s organization; access to the CIS Member Web Site; eligibility for licensing the commercial use of CIS resources; an active role in the benchmark consensus process; and more.<br /><br />In addition to the Oracle Database 11g benchmark, more than 40 others are available without charge through CIS, helping organizations avoid having to &ldquo;reinvent the wheel&rdquo; when configuring systems for security. CIS benchmarks provide both Level 1 and Level 2 security recommendations. Level 1 recommendations can be understood and performed by system administrators with any level of security knowledge and are unlikely to cause any system or network service interruptions. </p><p>Level 2 security configurations vary depending on network architecture and server function. These are of greatest value to system administrators who have sufficient security knowledge to apply them with consideration to their particular IT environments.<br /><br />Spearheading the Oracle Database 11g Benchmark effort was Adam Cecchetti, senior security consultant for Leviathan Security Group. Key contributors included Sheila Christman with participation from corporations, government agencies and technology vendors, including Oracle. <br /></p>

Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone


Posted in Archive|