Does your security plan protect your data? Today, many companies have security plans that include Internet connections,
email systems, networks and operating systems. However, most security plans do not include one of the most important parts
of your enterprise: the database.
Creating and enforcing security procedures to protect your corporate data is an integral component of managing an
Oracle database. More and more, businesses are required to adhere to regulatory compliance requirements,
such as Sarbanes Oxley. The Oracle database has several
layers of security and provides auditing functionality at each level.
The Oracle consultants at Celeritas can assist you in defining and implementing your security requirements.
We secure your Oracle database by implementing the following security features:
- Password Management to force password expiration, limit password reuse,
limit the number of failed logon attempts, force password complexity, lock and expire database accounts
- Database Auditing to monitor logon and logoffs and successful
and unsuccessful transactions
- Fine Grained Auditing to define specific conditions necessary for an
audit record to be generated, resulting in a more meaningful audit trail
- Database Resource Manager to set resource limits and quotas on the amount of various system resources
available to users
- Roles to manage object privileges
- Fine Grained Access Control and Virtual Private Databases (VPD):
the use of functions to implement security policies at the row level regardless of how data is accessed (through SQL*Plus, Toad,
or an application). The database server enforces the security policy
- Oracle Label Security for more sophisticated row level security
- Data Encryption to provide an additional layer of protection
Oracle Security Case Studies
||Oil & Gas
||Oracle Database Health Check
||An oil and gas company had several key applications (Payroll, Benefits, Gas Measurement/Analysis and
Well Data) running on Oracle databases. The client requested an overall review of the health of all of
Celeritas interviewed the application owners, collected information about the configuration and management of
the systems, and provided prioritized recommendations for each system. The areas of focus were
security, manageability, supportability, backup/recovery and performance.
||Sarbanes-Oxley - NERC 1200 Compliance
A large electrical utility requested help with building a plan and implementing solutions in
order to satisfy their Sarbanes-Oxley and NERC 1200 compliancy issues.
Celeritas provided project management, technical leads and implementation services in the areas of
security, auditing, change control, disaster recovery and other IT policy in order to address this need.
||Sarbanes-Oxley Security Implementation
||A local financial services company required assistance with the recommendations and deployment of
Oracle environment configuration changes in order to satisfy their Sarbanes-Oxley requirements.
Celeritas reviewed their Sarbanes-Oxley audit results, developed a plan to address open issues, and
implemented the plan.
The implementation included Oracle database auditing, password policies and modifications to user access
and rights. The database auditing included auditing of successful and unsuccessful connections to the database,
commands executed by privileged users, and privileged commands executed by other users.
Password policies forced expiration of passwords and defined password reusability rules. Database roles were created
to manage access to database objects.
Contact Us |
Oracle Consulting |
Clustering/HA Systems |
Shared Services |
Sarbanes Oxley |
System Administration |
Copyright © 2006-2012 - Celeritas Technologies, LLC - All Rights Reserved
One or more products are covered under one or more of the following patents:
US Patent Nos. 6,343,290, 6,725,032, and 7,090,457. Other patents pending.