Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff...
-
Upload
erica-dawson -
Category
Documents
-
view
220 -
download
2
Transcript of Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff...
![Page 1: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/1.jpg)
![Page 2: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/2.jpg)
Securing Your Enterprise with Enterprise Manager 10g
Amir NajmiPrincipal Member of Technical Staff
System Management Products
Oracle Corporation
Session id: 40034
![Page 3: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/3.jpg)
“Through 2005, 90 percent of cyber-attacks will continue to exploit known security flaws for which a
patch is available or a preventive measure is known.”
“Through 2005, 90 percent of cyber-attacks will continue to exploit known security flaws for which a
patch is available or a preventive measure is known.”
-Gartner report, May 2002
![Page 4: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/4.jpg)
Common security best practices are not quite so common
Gartner report Slammer virus exploited known security flaw
– Patch was available 6 months before attack– Many of Microsoft’s own servers were affected
Conclusion: Administrators often do not take common security measures
![Page 5: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/5.jpg)
Why is security difficult for administrators?
Lack of knowledge No knowledge of the vulnerability No understanding of impact, justification for fix
Lack of logistical support No easy way to identify vulnerable installations No convenient way to administer the fix No easy way to ensure the fix remains in place
![Page 6: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/6.jpg)
Grid security requires infrastructure support
Grid has greater security requirements due to– Sheer scale– Heterogeneity– Connectivity (weakest link in the chain)– Dynamic configuration
Security must be reduced to routine procedure Management tools must facilitate this practice
at low overhead
![Page 7: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/7.jpg)
Aspects of enterprise security
Develop secure applications
Deploy secure installations, patches
Employ secure configurations
Provision users with appropriate access
Detect and contain intruders
Design and development time
Install time
Operations and Management
Real time
Timescale
Post-install update
![Page 8: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/8.jpg)
Aspects of enterprise security
Develop secure applications
Deploy secure installations, patches
Employ secure configurations
Provision users with appropriate access
Detect and contain intruders
Design and development time
Install time
Operations and Management
Real time
Timescale
Post-install update
![Page 9: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/9.jpg)
EM helps enforce common security best practices
within the Oracle ecosystem
EM helps enforce common security best practices
within the Oracle ecosystem
![Page 10: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/10.jpg)
EM Security is built on the Policy Framework
Policy Framework
Database Configuration
Policy
Security Policy
Storage Configuration
Policy
![Page 11: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/11.jpg)
Policy Framework: concepts
Rule– Specific to target type– Severity: Critical, Warning, Informational
Violation– Can be overridden by administrator
Policy– Collected rules of a single category
Provides common paradigm, user interface Policy is essential to the Grid
![Page 12: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/12.jpg)
35
![Page 13: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/13.jpg)
06
![Page 14: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/14.jpg)
34
![Page 15: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/15.jpg)
EM security management
Software security– Addressing vulnerabilities in Oracle software
Instance hardening– Configuring Oracle for security
Database security– Guarding against excessive privilege
![Page 16: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/16.jpg)
EM security management
Software security– Addressing vulnerabilities in Oracle software
Instance hardening– Configuring Oracle for security
Database security– Guarding against excessive privilege
![Page 17: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/17.jpg)
Patch management with EM
HostsHosts
Grid ControlGrid Control
Oracle Oracle MetalinkMetalinkPatch CachePatch Cache
![Page 18: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/18.jpg)
Software security with EM
Fetch latest security alert metadata (Metalink) Automatically add to software security rule If targets found vulnerable, list patches which
address the problem Help stage (and in some cases, apply) patch Going forward, test for vulnerability as part of
software security rule
![Page 19: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/19.jpg)
31
![Page 20: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/20.jpg)
34
![Page 21: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/21.jpg)
32
![Page 22: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/22.jpg)
33
![Page 23: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/23.jpg)
23
![Page 24: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/24.jpg)
21
![Page 25: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/25.jpg)
22
![Page 26: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/26.jpg)
24
![Page 27: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/27.jpg)
25
![Page 28: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/28.jpg)
EM security management
Software security– Addressing vulnerabilities in Oracle software
Instance hardening– Configuring Oracle for security
Database security– Guarding against excessive privilege
![Page 29: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/29.jpg)
Instance hardening with EM
Identify products deployed in common insecure configurations
Check for weak authentication practices Examples
– Identify insecure services– Track down demo features enabled in production
![Page 30: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/30.jpg)
Database security with EM
Check for excessive user privilege Identify weak privilege model
– Roles should be granular
Examples– Find default passwords– Identify excessive privileges to PUBLIC role
![Page 31: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/31.jpg)
![Page 32: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/32.jpg)
![Page 33: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/33.jpg)
![Page 34: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/34.jpg)
![Page 35: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/35.jpg)
05
![Page 36: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/36.jpg)
06
![Page 37: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/37.jpg)
07
![Page 38: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/38.jpg)
08
![Page 39: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/39.jpg)
09
![Page 40: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/40.jpg)
10
![Page 41: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/41.jpg)
Aspects of enterprise security
Develop secure applications
Deploy secure installations, patches
Employ secure configurations
Provision users with appropriate access
Detect and contain intruders
Design and development time
Install time
Operations and Management
Real time
Timescale
Post-install update
![Page 42: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/42.jpg)
EM helps enforce security best practices
Deploy secure installations, patches– Provide rapid notification of security patches on Oracle
products– Facilitate application of security patches
Employ secure configurations– Alert customer if an Oracle product is deployed in a common
insecure configurations
Provision users with appropriate access– Check systems for accounts with excessive privileges– Provide in-context links to EM user management
![Page 43: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/43.jpg)
Security administrator usage Predefined test library (by target type)
– Software– Instance hardening– Privileges
Tests are conducted automatically, periodically Administrator views results
– Roll-up reporting – Which tests revealed security flaws– Impact of the security flaw– Known workarounds and remedies
Overrides inappropriate violations Takes corrective action
![Page 44: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/44.jpg)
The future of EM Security
More elaborate security roles Security compliance history Extensions to EM Policy Framework
– E.g. policy groups, exemptions, timed exemptions
Greater automation for addressing problems Editable remedies Downloadable test definitions User-defined tests
![Page 45: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/45.jpg)
AQ&Q U E S T I O N SQ U E S T I O N S
A N S W E R SA N S W E R S
![Page 46: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/46.jpg)
Reminder – please complete the OracleWorld online session survey
Thank you.
![Page 47: Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.](https://reader035.fdocuments.in/reader035/viewer/2022062407/56649f3e5503460f94c5e642/html5/thumbnails/47.jpg)