Pete Finnigan's Oracle Security Weblog

I got an email from someone (Sorry I am writing this without access to my email and I cannot remember the persons name) who sent me a link to the http://repo.solutionbeacon.net/insight2006-q3.pdf - (broken link) Oracle applications user group (OAUG) insight fall 2006 paper. I have been a fan of them for a while as besides being well into Oracle database security I have also spent quite a lot of time in the last few years getting up to speed with Oracle E-Business Suite (Oracle Applications) security.

The paper includes a section titled "30-Minute release 11i security: Keeping the bad guys away" - by Randy Giefer. The article is excellent and does a good job of overviewing the security settings of E-Business Suite. An interestimng angle of the paper is the fact that the author targets the fact that most security is built for expernal attack prevention but the FBI has published that 80% of attacks are done by insiders. This is one reason that security must work for all attack possibilities, internal or external.