Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.

Published byErica Dawson Modified over 9 years ago

Similar presentations

Presentation on theme: "Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session."— Presentation transcript:

1

2 Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session id: 40034

3 “Through 2005, 90 percent of cyber-attacks will continue to exploit known security flaws for which a patch is available or a preventive measure is known.” -Gartner report, May 2002

4 Common security best practices are not quite so common  Gartner report  Slammer virus exploited known security flaw – Patch was available 6 months before attack – Many of Microsoft’s own servers were affected  Conclusion: Administrators often do not take common security measures

5 Why is security difficult for administrators? Lack of knowledge  No knowledge of the vulnerability  No understanding of impact, justification for fix Lack of logistical support  No easy way to identify vulnerable installations  No convenient way to administer the fix  No easy way to ensure the fix remains in place

6 Grid security requires infrastructure support  Grid has greater security requirements due to – Sheer scale – Heterogeneity – Connectivity (weakest link in the chain) – Dynamic configuration  Security must be reduced to routine procedure  Management tools must facilitate this practice at low overhead

7 Aspects of enterprise security  Develop secure applications  Deploy secure installations, patches  Employ secure configurations  Provision users with appropriate access  Detect and contain intruders Design and development time Install time Operations and Management Real time Timescale Post-install update

8 Aspects of enterprise security  Develop secure applications  Deploy secure installations, patches  Employ secure configurations  Provision users with appropriate access  Detect and contain intruders Design and development time Install time Operations and Management Real time Timescale Post-install update

9 EM helps enforce common security best practices within the Oracle ecosystem

10 EM Security is built on the Policy Framework Policy Framework Database Configuration Policy Security Policy Storage Configuration Policy

11 Policy Framework: concepts  Rule – Specific to target type – Severity: Critical, Warning, Informational  Violation – Can be overridden by administrator  Policy – Collected rules of a single category  Provides common paradigm, user interface  Policy is essential to the Grid

12 35

13 06

14 34

15 EM security management  Software security – Addressing vulnerabilities in Oracle software  Instance hardening – Configuring Oracle for security  Database security – Guarding against excessive privilege

16 EM security management  Software security – Addressing vulnerabilities in Oracle software  Instance hardening – Configuring Oracle for security  Database security – Guarding against excessive privilege

17 Patch management with EM Hosts Grid Control Oracle Metalink Patch Cache

18 Software security with EM  Fetch latest security alert metadata (Metalink)  Automatically add to software security rule  If targets found vulnerable, list patches which address the problem  Help stage (and in some cases, apply) patch  Going forward, test for vulnerability as part of software security rule

19 31

20 34

21 32

22 33

23 23

24 21

25 22

26 24

27 25

28 EM security management  Software security – Addressing vulnerabilities in Oracle software  Instance hardening – Configuring Oracle for security  Database security – Guarding against excessive privilege

29 Instance hardening with EM  Identify products deployed in common insecure configurations  Check for weak authentication practices  Examples – Identify insecure services – Track down demo features enabled in production

30 Database security with EM  Check for excessive user privilege  Identify weak privilege model – Roles should be granular  Examples – Find default passwords – Identify excessive privileges to PUBLIC role

31

32

33

34

35 05

36 06

37 07

38 08

39 09

40 10

41 Aspects of enterprise security  Develop secure applications  Deploy secure installations, patches  Employ secure configurations  Provision users with appropriate access  Detect and contain intruders Design and development time Install time Operations and Management Real time Timescale Post-install update

42 EM helps enforce security best practices  Deploy secure installations, patches – Provide rapid notification of security patches on Oracle products – Facilitate application of security patches  Employ secure configurations – Alert customer if an Oracle product is deployed in a common insecure configurations  Provision users with appropriate access – Check systems for accounts with excessive privileges – Provide in-context links to EM user management

43 Security administrator usage  Predefined test library (by target type) – Software – Instance hardening – Privileges  Tests are conducted automatically, periodically  Administrator views results – Roll-up reporting – Which tests revealed security flaws – Impact of the security flaw – Known workarounds and remedies  Overrides inappropriate violations  Takes corrective action

44 The future of EM Security  More elaborate security roles  Security compliance history  Extensions to EM Policy Framework – E.g. policy groups, exemptions, timed exemptions  Greater automation for addressing problems  Editable remedies  Downloadable test definitions  User-defined tests

45 A Q & Q U E S T I O N S A N S W E R S

46 Reminder – please complete the OracleWorld online session survey Thank you.

47

Download ppt "Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session."

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
Security Update Server Registration, Active scanning and Windows patching.

Security Update Server Registration, Active scanning and Windows patching.
Using the Self Service BMC Helpdesk

Using the Self Service BMC Helpdesk
ASGC Site Update Yi-Ping Wu Jeng-Hsueh Wu. Two Significant Researches 1.Oracle Security issues and Studies for 3D 2.Streams Replications Study Report.

ASGC Site Update Yi-Ping Wu Jeng-Hsueh Wu. Two Significant Researches 1.Oracle Security issues and Studies for 3D 2.Streams Replications Study Report.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Database Systems: Design, Implementation, and Management Eighth Edition Chapter 15 Database Administration and Security.

Database Systems: Design, Implementation, and Management Eighth Edition Chapter 15 Database Administration and Security.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Oracle Enterprise Manager 10g Grid Control Presented by: Dave LeRoy Cody Maher Irina Goldshteyn Product Managers System Management Products.

Oracle Enterprise Manager 10g Grid Control Presented by: Dave LeRoy Cody Maher Irina Goldshteyn Product Managers System Management Products.
Installing and Configuring a Secure Web Server COEN 351 David Papay.

Installing and Configuring a Secure Web Server COEN 351 David Papay.
Network security policy: best practices

Network security policy: best practices
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW  Understand the difference between service.

11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW  Understand the difference between service.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.

Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.
Module 1: Web Application Security Overview 1. Overview How Data is stored in a Web Application Types of Data that need to be secured Overview of common.

Module 1: Web Application Security Overview 1. Overview How Data is stored in a Web Application Types of Data that need to be secured Overview of common.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

Similar presentations

Ads by Google