Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.

Slides:

Advertisements

Similar presentations

Presented by Nikita Shah 5th IT ( )

Advertisements

Security Update Server Registration, Active scanning and Windows patching.

Using the Self Service BMC Helpdesk

ASGC Site Update Yi-Ping Wu Jeng-Hsueh Wu. Two Significant Researches 1.Oracle Security issues and Studies for 3D 2.Streams Replications Study Report.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

Database Systems: Design, Implementation, and Management Eighth Edition Chapter 15 Database Administration and Security.

Network Security Testing Techniques Presented By:- Sachin Vador.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

Computer Security: Principles and Practice

Oracle Enterprise Manager 10g Grid Control Presented by: Dave LeRoy Cody Maher Irina Goldshteyn Product Managers System Management Products.

Installing and Configuring a Secure Web Server COEN 351 David Papay.

Network security policy: best practices

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW  Understand the difference between service.

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Website Hardening HUIT IT Security | Sep

Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.

Module 1: Web Application Security Overview 1. Overview How Data is stored in a Web Application Types of Data that need to be secured Overview of common.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

ArcGIS Workflow Manager An Introduction

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

Cyber Patriot Training

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Minimizing risks through deployment standardization Sudip Datta Principal Product Manager Oracle Corporation.

Security Overview for Microsoft Infrastructures Fred Baumhardt and James Noyce Infrastructure Solutions and Security Solutions Teams Microsoft Security.

CIS 460 – Network Design Seminar Network Security Scanner Tool GFI LANguard.

User Manager Pro Suite Taking Control of Your Systems Joe Vachon Sales Engineer November 8, 2007.

Module 14: Configuring Server Security Compliance

Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.

Auditing Information Systems (AIS)

Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.

From Virtualization Management to Private Cloud with SCVMM 2012 Dan Stolts Sr. IT Pro Evangelist Microsoft Corporation

© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.

12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,

Ph No: Mob: , plot No-27, NGGO's Colony, Pattabhi reddy gardens, Visakhapatnam-07 Oracle.

Oracle Application Server Portal: Advanced Content Management for Custom Integration John Dunne (Deputy CTO, HPHC) Anton Nielsen (Technical Director,

Module 6: Designing Security for Network Hosts

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

Dave Muirhead Director of Electronic Customer Self-Service Oracle Corporation.

Microsoft Management Seminar Series SMS 2003 Change Management.

INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.

THE NEW WAY TO WORK TOGETHER Share Find the perfect balance between compliance and collaboration Efficiently manage infrastructure while maximizing.

Security fundamentals Topic 2 Establishing and maintaining baseline security.

Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.

Esri UC 2014 | Technical Workshop | Administering Your Microsoft SQL Server Geodatabase Shannon Shields Chet Dobbins.

Security Environment Assessment. Outline  Overview  Key Sources and Participants  General Findings  Policy / Procedures  Host Systems  Network Components.

Michelle Malcher PepsiCo Session # For the DBA Manager – Understanding Oracle and DBAs.

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.

Michael Mast Senior Architect Applications Technology Oracle Corporation.

THE NEW WAY TO WORK TOGETHER Share Find the perfect balance between compliance and collaboration Efficiently manage infrastructure while maximizing.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Working at a Small-to-Medium Business or ISP – Chapter 8

Linux Security Presenter: Dolev Farhi |

Data and database administration

Cisco Data Virtualization

Overview – SOE PatchTT November 2015.

Overview – SOE PatchTT December 2013.

Michael Mast Senior Architect

THE STEPS TO MANAGE THE GRID

TRIP WIRE INTRUSION DETECTION SYSYTEM Presented by.

Keeping Member Data Safe

Information Security Awareness

SAP R/3 Installation on WIN NT-ORACLE

DAT381 Team Development with SQL Server 2005

Intrusion Detection system

Governing Your Enterprise with Policy-Based Management

Service Template Creation from the Ground Up

Presentation transcript:

Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session id: 40034

“Through 2005, 90 percent of cyber-attacks will continue to exploit known security flaws for which a patch is available or a preventive measure is known.” -Gartner report, May 2002

Common security best practices are not quite so common  Gartner report  Slammer virus exploited known security flaw – Patch was available 6 months before attack – Many of Microsoft’s own servers were affected  Conclusion: Administrators often do not take common security measures

Why is security difficult for administrators? Lack of knowledge  No knowledge of the vulnerability  No understanding of impact, justification for fix Lack of logistical support  No easy way to identify vulnerable installations  No convenient way to administer the fix  No easy way to ensure the fix remains in place

Grid security requires infrastructure support  Grid has greater security requirements due to – Sheer scale – Heterogeneity – Connectivity (weakest link in the chain) – Dynamic configuration  Security must be reduced to routine procedure  Management tools must facilitate this practice at low overhead

Aspects of enterprise security  Develop secure applications  Deploy secure installations, patches  Employ secure configurations  Provision users with appropriate access  Detect and contain intruders Design and development time Install time Operations and Management Real time Timescale Post-install update

Aspects of enterprise security  Develop secure applications  Deploy secure installations, patches  Employ secure configurations  Provision users with appropriate access  Detect and contain intruders Design and development time Install time Operations and Management Real time Timescale Post-install update

EM helps enforce common security best practices within the Oracle ecosystem

EM Security is built on the Policy Framework Policy Framework Database Configuration Policy Security Policy Storage Configuration Policy

Policy Framework: concepts  Rule – Specific to target type – Severity: Critical, Warning, Informational  Violation – Can be overridden by administrator  Policy – Collected rules of a single category  Provides common paradigm, user interface  Policy is essential to the Grid

35

06

34

EM security management  Software security – Addressing vulnerabilities in Oracle software  Instance hardening – Configuring Oracle for security  Database security – Guarding against excessive privilege

EM security management  Software security – Addressing vulnerabilities in Oracle software  Instance hardening – Configuring Oracle for security  Database security – Guarding against excessive privilege

Patch management with EM Hosts Grid Control Oracle Metalink Patch Cache

Software security with EM  Fetch latest security alert metadata (Metalink)  Automatically add to software security rule  If targets found vulnerable, list patches which address the problem  Help stage (and in some cases, apply) patch  Going forward, test for vulnerability as part of software security rule

31

34

32

33

23

21

22

24

25

EM security management  Software security – Addressing vulnerabilities in Oracle software  Instance hardening – Configuring Oracle for security  Database security – Guarding against excessive privilege

Instance hardening with EM  Identify products deployed in common insecure configurations  Check for weak authentication practices  Examples – Identify insecure services – Track down demo features enabled in production

Database security with EM  Check for excessive user privilege  Identify weak privilege model – Roles should be granular  Examples – Find default passwords – Identify excessive privileges to PUBLIC role

05

06

07

08

09

10

Aspects of enterprise security  Develop secure applications  Deploy secure installations, patches  Employ secure configurations  Provision users with appropriate access  Detect and contain intruders Design and development time Install time Operations and Management Real time Timescale Post-install update

EM helps enforce security best practices  Deploy secure installations, patches – Provide rapid notification of security patches on Oracle products – Facilitate application of security patches  Employ secure configurations – Alert customer if an Oracle product is deployed in a common insecure configurations  Provision users with appropriate access – Check systems for accounts with excessive privileges – Provide in-context links to EM user management

Security administrator usage  Predefined test library (by target type) – Software – Instance hardening – Privileges  Tests are conducted automatically, periodically  Administrator views results – Roll-up reporting – Which tests revealed security flaws – Impact of the security flaw – Known workarounds and remedies  Overrides inappropriate violations  Takes corrective action

The future of EM Security  More elaborate security roles  Security compliance history  Extensions to EM Policy Framework – E.g. policy groups, exemptions, timed exemptions  Greater automation for addressing problems  Editable remedies  Downloadable test definitions  User-defined tests

A Q & Q U E S T I O N S A N S W E R S

Reminder – please complete the OracleWorld online session survey Thank you.