Pete Finnigan's Oracle Security Forum (http://www.petefinnigan.com/forum/yabb/YaBB.cgi)
Oracle Security >> Oracle Security >> protecting ancillary files
(Message started by: Pete Finnigan on Oct 24th, 2007, 9:41pm)

Title: protecting ancillary files
Post by Pete Finnigan on Oct 24th, 2007, 9:41pm
I've been thinking lately about the need to protect ancillary files that either the database creates or which are created by the dba.  Things like export dump files, Oracle support diagnostic files (rda?), dump files from udump and cdump - that sort of stuff.  I'm wondering if anyone else has addressed that issue or has seen papers or the like on the topic.

Title: Re: protecting ancillary files
Post by Pete Finnigan on Oct 25th, 2007, 10:49am
Hi,

Yes you are very right to consider these files. i always review all of these types of files in security audits I perform against Oracle databases. These files in some cases contain sensitive data and in others can contain customre data. If they do contain data they fall outside of the normal database security protections so are in some senses "easy pickings" and must be protected. take for instance a situation where you have sensitive data that needs VPD, encryption or more to protect in in the database and then you export that data to an OS file, VPD doesnt work anymore for instance.

The CIS benchmark includes some of these checks, as does the SANS score. take a look at http://www.petefinnigan.com/orasec.htm for a list of some of the good checklists

cheers

Pete



Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright © 2000-2004 Yet another Bulletin Board