Pete Finnigan's Oracle Security Forum
        (http://www.petefinnigan.com/forum/yabb/YaBB.cgi)
      

        Database Security >> Database Security >> Database security for UNIX platforms
        
(Message started by: Pete Finnigan on Oct 19th, 2005, 3:59am)
Title: Database security for UNIX platforms
Post by Pete Finnigan on Oct 19th, 2005, 3:59am
Dear all,

I need help here...what area should i cover for to harden my company's databases. We have oracle and my sql..  so seeking tips urgently..
Title: Re: Database security for UNIX platforms
Post by Pete Finnigan on Nov 1st, 2005, 2:19pm
Hi Jayzee.

Start by protecting the files that make up the db on the host. Right permissions on all files and directries.

Then protect the connections/ports to make sure only the people you want in are in.

Finally protect and audit who is doing what to which object insode the db.

The rules are the same regardless of what DB.

Pete's step by step is one of the best ways of doing oracle, but there are a number of papers on Sans.org on basic protection.
Title: Re: Database security for UNIX platforms
Post by Pete Finnigan on Nov 1st, 2005, 2:50pm
Jayzee,

Take a look at http://www.cisecurity.org/bench_oracle.html
In that document you will find actions to harden your (Oracle) database. And take a good look at http://www.petefinnigan.com

regards,

Ivan
Title: Re: Database security for UNIX platforms
Post by Pete Finnigan on Nov 3rd, 2005, 6:44pm
Hi Jayzee,

Unfortunately the subjet is huge and protecting databases in general is not something that can be easy to define in one go. the problem is that each database, MySQL and Oracle do not have a huge amount in common in terms of defining specific actions to take. In general at a high level Kev is correct, harden the OS, close out ports not needed, ensure those needed are through encrypted pipes and from trusted sources (use OpenSSH or in Oracle valid node checking). Then in the database close out the configuration issues, take a good look at RBAC - least privilege principal. Also consider applications and username and password leakage. Last but not least patch and only install the features you need.

For Oracle there is a wealth of information on my site [url http://www.petefinnigan.com]PeteFinnigan.com[/url]. For MySQL its a little harder to find stuff. Have a look at [url http://www.ngssoftware.com]NGS[/url] and [url http://www.appsecinc.com]Application Security Inc[/url] who both have info on MySQL security.

Look at the [url http://www.cisecurity.org]center for internet security[/url] for details of securing Oracle and also the platforms themselves. There are two books that cover MySQL and Oracle security, the database hackers handbook which is OK but Ron Ben Natan's book implementing database security and auditing is much better.

hth

cheers

Pete
Title: Re: Database security for UNIX platforms
Post by Pete Finnigan on Dec 6th, 2005, 7:13am
thank you guys.. will fine the info rite away..


Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright © 2000-2004 Yet another Bulletin Board