10/32 This chapter gives you a broad overview of the many types of tasks you must perform in order to build good security. Understanding the diverse categories of tasks improves your likelihood of preventing security vulnerabilities. Such vulnerabilities, whether exploited accidentally or intentionally, can undermine or overwhelm otherwise tight security that you have created in other areas. Chapter 1 introduced the requirements for good security, the threats against it, and concepts that have proven useful in creating practical methods for developing and sustaining it. The overview presented in this chapter identifies categories of tasks useful in meeting those requirements and threats. This chapter presents brief descriptions of these categories and tasks, with cross-references to Parts 2 and 3, where important details necessary to their implementation are described. Good security requires physical access control, reliable personnel, trustworthy installation and configuration procedures, secure communications, and control of database operations such as selecting, viewing, updating, or deleting database records. Since some of these requirements involve applications or stored procedures as well as human action, security procedures must also account for how these programs are developed and dealt with. The following practical concerns must also be met:
Scalability, too, is an important and independent practical criterion that should be assessed for each proposed solution. These, then, are the categories with which this overview is concerned. They are discussed in the following sections:
It should not be easy to walk into a facility without a key or badge, or without being required to show identity or authorization. Controlling physical access is your first line of defense, by protecting your data (and your staff) against the simplest of inadvertent or malicious intrusions and interferences. Lack of such control can make it easier to observe, copy, or steal your other security controls, including internal keys, key codes, badge numbers or badges, and so on. The security of these measures also depends on how alert and security conscious each of your staff is, but physical access control stops a variety of potential problems. Each organization must evaluate its own risks and budget. Elaborate measures may not be needed depending on many factors: company size, risk of loss, internal access controls, quantity and frequency of outside visitors, and so on. Preparing for accountability and recovery are additional considerations, possibly prompting alarms or video surveillance of entryways. The visibility of these preparations can also act as deterrence. Improving physical access control to your facility can add to your security. Make it difficult to get in, difficult to remain or leave unobserved or unidentified, difficult to get at sensitive or secure areas inside, and difficult not to leave a trace.
Your staff makes your organization work well, depending on who they are and how they are managed. Your security is critically dependent on them: first, on how honest and trustworthy they are, and second, on how aware and alert they are to security concerns and considerations. The first issue is a matter of selection, interviewing, observation, and reference checking. Done well, these skills can prevent your hiring people who are (or are likely to become) inappropriate for tasks or environments that depend on establishing and maintaining security. To a very large degree, security depends on individuals. When personnel get careless, resentful, or larcenous, tight security loosens or disappears. Your other measures will not matter if they are carelessly or deliberately undermined or sabotaged. The second issue is how aware and alert your staff is to security concerns and considerations. Such consciousness is only partly a matter of background, and the environment and training you provide are the most significant influences, given basic honesty and intent to cooperate. When an organization both shows and says that security is important, by establishing and enforcing security procedures and by providing training and bulletins about it, people learn and adapt. The result is better security and safety for them as well as for the data and products of an organization.
Information security, privacy, and protection of corporate assets and data are of critical importance to every business. For databases, establishing a secure configuration is a very strong first line of defense, using industry-standard best security practices for operational database deployments. The following list of such practices is deliberately general to remain brief. Additional details for each recommendation as it applies to Oracle Database appear in Chapter 7, "Security Policies". Implementing the following recommendations provides the basis for a secure configuration:
Security for network communications is improved by using client, listener, and network checklists to ensure thorough protection. Using SSL is an essential element in these lists, enabling top security for authentication and communications.
SSL is the Internet standard protocol for secure communication, providing mechanisms for data integrity and data encryption. These mechanisms can protect the messages sent and received by you or by applications and servers, supporting secure authentication, authorization, and messaging by means of certificates and, if necessary, encryption. Good security practices maximize protection and minimize gaps or disclosures that threaten security. While the primary documentation for Oracle SSL configuration and practices is Oracle Database Advanced Security Administrator's Guide, the following list illustrates the cautious attention to detail necessary for the successful use of SSL:
Because authenticating client computers is problematic over the Internet, typically, user authentication is performed instead. This approach avoids client system issues that include falsified IP addresses, hacked operating systems or applications, and falsified or stolen client system identities. Nevertheless, the following steps improve the security of client connections:
Because the listener acts as the database gateway to the network, it is important to limit the consequences of malicious interference:
Protecting the network and its traffic from inappropriate access or modification is the essence of network security. The following practices improve network security:
In summary, consider all paths the data travels and assess the threats that impinge on each path and node. Then, take steps to lessen or eliminate those threats and the consequences of a breach of security. In addition, monitor and audit to detect either increased threat levels or successful penetration. |