No matter how hardened a system may be, there is always a way in. Most organizations spend the bulk of their time making it very difficult for an external attacker to gain access to their systems and data. While this is effort well-spent, we must assume that someone, someday, will be clever enough to break into our enterprise. It is after the intrusion that auditing is key to assessing and mitigating the compromise. A well-planned implementation of Oracle's native auditing capabilities can help us answer these questions:
- What was compromised?
- What was changed?
- Where did the attack come from?
- Can we rely on our current data?
Having this data available after an attack is critical to getting your data stores back to a state where you can trust the integrity of your system. Similarly, ensuring your backups are secure will help you address another aspect of information assurance: confidentiality.
Anyone can easily rebuild your database from your backups. Given that a great many companies choose to utilize a third-party backup storage company to house their backups, securing your database backups becomes crucial! There have been at least three major news stories last year regarding lost or stolen tapes -- even at the sites of high-end backup storage providers. Ensure that your backups are encrypted before they leave your organization's profession.
Many tape drives now offer encryption built into their hardware, and Oracle has been offering support for encrypted backups since 10gR2. In Oracle 11g, DataPump exports can also be natively encrypted (Note: DataPump's purpose is for moving data, not disaster recovery, but it can be handy to logically capture subsets of your data in certain circumstances). There are also many other third-party offerings for protecting your data. No matter which product you consider, allowing your backups to leave your organization without appropriate protection is an incredible risk.
Dig Deeper on Oracle database security
Related Q&A from Brian Fedorko
A reader asks a question about the GRANT OPTION as it relates to object privileges in Oracle database security. Continue Reading
Interested in using fingerprint scanning in Oracle 9i? Learn about Oracle 9i security and how it works with a biometric scanner in this tip from ... Continue Reading
Oracle expert Brian Fedorko explains how to enable remote Oracle OS authentication in Windows and Linux, including why you might receive the ORA-... Continue Reading