Oracle security - what can your business do?

• About Us
• Company Background
• Partners
• News & Events
  • Latest News
  • Latest Events
  • Newsletters & Downloads
    • Newsletters
    • Downloads
    • Subscribe
• Careers

• Solve:d March 2008
• Solve:d Public Sector - April 2008
• Solve:d January 2009
• Solve:d Public Sector - February 2008
• Solve:d June 2008
• Solve:d July 2008
• Solve:d September 2008
• Solve:d March 2009
• Solve:d June 2009

If one thing’s for sure within security, adopting a preventative approach is undoubtedly more sensible that simply reacting to issues as they occur.

Often Teamsolve receive frantic calls from businesses that have suffered a security breach, directly as a result of not having a robust protective platform.

Here we take a look at some of the most serious threats to your systems at the moment and the practical measures you can take as a business to address them.

Internal workings

With the unsettling fact that over 80 percent of all security attacks come from an internal source, it is imperative to get the right systems and procedures in place to protect your business and any sensitive data.

There are a variety of sources to which internal security breaches can be attributed, such as ex or disgruntled employees and project/contractual workers.

Identity theft, or misrepresentations resulting from unauthorised access to systems, can be minimised through carefully considered policies and procedures.

What can my business do?

Historically, a database administrator’s (DBA) role was all encompassing – with responsibility and privileges to access even the most sensitive of application data. In today’s volatile environment, where highly sensitive business data is of supreme value, it is necessary to control access for privileged users such as DBAs, whilst also making sure they have adequate permissions to do their job.

Oracle Data Vault is a highly useful tool that can manage enterprise wide authorisations, providing powerful internal control measures and key differentiation between DBAs and Applications DBAs. It will provide a sound basis on which to implement the security resource amendments listed above, restricting access within your applications where necessary.

Those responsible for application data need to be able to make data changes to correct errors, bug fixes and other data related issues. However the business needs to ensure these key users do not abuse their position by establishing a highly configurable audit trail.

Complementing the increased security functionality from Oracle Data Vault, is Oracle Audit Vault. A powerful compliance tool, it also has the ability to automate the audit collection and analysis process, giving visibility across your environment in the event of a security breach.

The perils of the internet

Research from Global market intelligence firm, IDC, indicates that staggeringly, nearly a third of all companies employing more than 500 people have been infected with spyware or malware through internet activity.

Such malicious applications are often picked up through SPAM emails, or websites that  appear to have relevance to charitable appeals, current affairs or celebrity gossip.

Web usage for the end user is only going to become more important, given the shift towards “on-demand” applications such as Oracle’s own Siebel CRM offering. How you as an organisation deal with persistent phishing threats, SPAM bombardment and emerging threats such as those posed by user generated sites such as Myspace and Wikipedia, will be of utmost importance to your system security.

What can my business do?

Infection of an end user’s machine could have serious ramifications for your Oracle systems.

• Make sure you’re running the latest version of Oracle products. This ensures that any bugs or exploits are pro-actively patched. This includes ensuring that you are applying Oracle’s quarterly security patches.
• Switch to an ISP that offers ‘cloud level’ filtering. This stops spam at the ISP’s side, meaning that most SPAM never becomes problematic within your company’s inboxes.

Search engine databases

As uncomforting as it is to read, there is a significant proportion of Oracle databases that are not configured correctly, leaving them open to relatively simplistic access from an “interested” third party.

Oracle databases are renowned the world over for their robustness and ability to protect mission critical data - but only when they’re properly installed, configured and hosted.

In cases where the correct security or hosting measures are not in place, it can be terrifyingly simple to access an Oracle database from a search engine such as Google, or Yahoo.

A search engine acts as a tool to identify “suitable targets”,   after which an attack is mounted to exploit identified holes. Such methods enable a hacker to target a database sitting behind a firewall, that many would have historically viewed as being “secure”.

What can my business do?

 Firstly, it is imperative that the database is installed, hosted and supported correctly. Teamsolve do this for scores of clients and this alone will help to prevent potential issues from occurring.

 It’s important to consider how many layers of protection you’re putting in front of your database. A database simply placed way behind a firewall will offer little protection against today’s sophisticated attacks. Listed below are some practical layers you can deploy on your systems.

• Conduct a vulnerability assessment using a penetration testing tool.
• Implement intrusion detection and security auditing solutions.
• Encrypt confidential data in a cost effective manner and tightly control its use with column-level encryption

Be a detective

The security landscape is constantly evolving, so it’s absolutely critical that DBAs and IT Managers stay up to date with emerging threats.

Set aside a few hours each month, or each quarter, to familiarise yourself with the latest security threats and how they could affect your business.
Security is something that is often not taken seriously enough, until a business has suffered as a consequence. By taking pro-active steps such as the ones listed above, you can prevent any breaches and safeguard your business’ interests against fraudulent or malicious activity.

Teamsolve have an intricate understanding of Oracle security, attained by supporting and implementing scores of mission critical systems. Our consultants can come into your organisation, independently, and assess your security framework. We then make recommendations, where applicable, that could prevent any security breaches from ever occurring.

For more on how Teamsolve can help you improve your business security complete our contact form, email sales@teamsolve.co.uk or call a member of our sales team on 0870 11 22 000.