Oracle Database 12c Enterprise Edition

Oracle Database 12c Enterprise Edition-Free PDF

  • Date:25 Oct 2020
  • Views:7
  • Downloads:0
  • Pages:17
  • Size:418.99 KB

Share Pdf : Oracle Database 12c Enterprise Edition

Download and Preview : Oracle Database 12c Enterprise Edition


Report CopyRight/DMCA Form For : Oracle Database 12c Enterprise Edition


Transcription:

Oracle Database 12c Enterprise,Guidance Supplement. 1 SECURE ACCEPTANCE PROCEDURES 1,1 1 PATCH AND CRITICAL UPDATES PPU CSU 1. 2 SECURE INSTALLATION PROCEDURES 2, 2 1 SECURE PREPARATION OF THE OPERATIONAL ENVIRONMENT 2. 2 2 INITIAL SETUP AND CONFIGURATION 5,2 3 PASSWORD CONFIGURATION 5. 3 OTHER PROCEDURES 6,3 1 INITIALIZATION PARAMETERS 6.
3 2 LOGON TRIGGER CONFIGURATION 7,3 3 NETWORK ENCRYPTION CONFIGURATION 13. 4 APPENDIX A REFERENCES 15, Doc No 1932 000 D105 Version 1 2 Date 6 March 2017 Page i of i. Oracle Database 12c Enterprise,Guidance Supplement. 1 SECURE ACCEPTANCE PROCEDURES, Secure acceptance procedures ensure that the correct version of the TOE has. been received by the customer as intended by the developer Oracle Database. 12c may be downloaded by registered users from the Oracle secure delivery. cloud at https edelivery oracle com, After accepting the license agreement and the export restrictions the user may.
then select the product pack Oracle Database and the platform Linux x86 64. and select Go The user may then select the product Oracle Database 12c. Release 1 12 1 0 2 0 Media Pack for Linux x86 64 and select Continue A list. of files appears A Readme button opens a window with further instructions for. the download A View Digest button opens a window with MD5 and SHA 1. digests for each of the zipped files The files may be downloaded by selecting. the Download button The user may then use a third party application to verify. the digest before proceeding to unzip and install the files. 1 1 PATCH AND CRITICAL UPDATES PPU CSU, Information on the January 2017 Patch Critical Patch Update can be found at. http www oracle com technetwork security advisory cpujan2017. 2881727 html, 1 To download the patch a user needs to access the Oracle support website. https support oracle com,2 Click Sign In, Note First time users must first register by clicking New User Register. 3 Select the Patches and Updates tab,4 Search by Patch Number name 24917069. 5 Click Search, Patch 24917069 Combo OJVM PSU 12 1 0 2 170117 and Database PSU.
12 1 0 2 170117, 6 Select the patch and click on the Readme button to access instructions. Follow the Readme instructions,7 Click Download to download the patch. 8 Click on p24917069 121020 Linux x86 64 zip, Additional information about the patch can be found in My Oracle Support at. https www oracle com technetwork topics security cpujan2017 2881727 html. Doc No 1932 000 D105 Version 1 2 Date 6 March 2017 Page 1 of 15. Oracle Database 12c Enterprise,Guidance Supplement. 2 SECURE INSTALLATION PROCEDURES, This section describes the steps necessary for secure installation of the TOE and.
the secure preparation of the operation environment in the evaluated. configuration,2 1 SECURE PREPARATION OF THE OPERATIONAL. ENVIRONMENT, The following assumptions are made with respect to the secure installation of. the TOE and its operational environment,Assumptions Description. Physical aspects, A PHYSICAL It is assumed that the IT environment provides the TOE with. appropriate physical security commensurate with the value of. the IT assets protected by the TOE,Personnel aspects.
A AUTHUSER Authorized users possess the necessary authorization to access. at least some of the information managed by the TOE. A MANAGE The TOE security functionality is managed by one or more. competent administrators The system administrative personnel. are not careless willfully negligent or hostile and will follow and. abide by the instructions provided by the guidance. documentation, A TRAINEDUSER Users are sufficiently trained and trusted to accomplish some. task or group of tasks within a secure IT environment by. exercising complete control over their user data,Procedural aspects. A NO GENERAL There are no general purpose computing capabilities e g. PURPOSE compilers or user applications available on DBMS servers other. than those services necessary for the operation administration. and support of the DBMS, A PEER FUNC All remote trusted IT systems trusted by the TSF to provide TSF. MGT data or services to the TOE or to support the TSF in the. enforcement of security policy decisions are assumed to correctly. implement the functionality used by the TSF consistent with the. assumptions defined for this functionality and to be properly. managed and operate under security policy constraints. compatible with those of the TOE, A SUPPORT Any information provided by a trusted entity in the IT. Doc No 1932 000 D105 Version 1 2 Date 6 March 2017 Page 2 of 15. Oracle Database 12c Enterprise,Guidance Supplement.
Assumptions Description, environment and used to support the provision of time and date. information used in audit capture user authentication and. authorization that is used by the TOE is correct and up to date. Connectivity aspects, A CONNECT All connections to and from remote trusted IT systems and. between separate parts of the TSF are physically or logically. protected within the TOE environment to ensure the integrity and. confidentiality of the data transmitted and to ensure the. authenticity of the communication end points,Table 1 Assumptions. The following subsections provide additional guidance required to meet the. secure preparation of the operational environment,2 1 1 OE ADMIN. OE ADMIN Those responsible for the TOE are competent and trustworthy individuals. capable of managing the TOE and the security of the information it. Users of the Oracle DB12 database must ensure that only known competent. trusted employees are made responsible for managing the security of the. database and the data contained therein Employees should be subject to. background checks and undergo Oracle DB12 database training before being put. into a position of trust,2 1 2 OE INFO PROTECT, OE INFO Those responsible for the TOE must establish and implement procedures.
PROTECT to ensure that information is protected in an appropriate manner In. particular, All network and peripheral cabling must be approved for the. transmittal of the most sensitive data transmitted over the link. Such physical links are assumed to be adequately protected. against threats to the confidentiality and integrity of the data. transmitted using appropriate physical and logical protection. techniques, DAC protections on security relevant files such as audit trails. and authorization databases shall always be set up correctly. Users are authorized to access parts of the data managed by the. TOE and are trained to exercise control over their own data. Adherence to ISO IEC 11801 standards is required for the implementation of. cabling associated with any device connected to the network which includes an. Oracle DB12 database implementation Both copper and fibre optic cabling are. Doc No 1932 000 D105 Version 1 2 Date 6 March 2017 Page 3 of 15. Oracle Database 12c Enterprise,Guidance Supplement. Users of the Oracle DB12 database must ensure that all implementations are. fully planned prior to system installation and configuration All access controls. must be put in place before the database is populated. The Oracle DB12 database must be implemented using a least privilege. approach Users may only be permitted access to the data to which access is. required in order to perform assigned functions Only those users fully trained in. the use of the Oracle DB12 database and who have been advised of their. privileges and responsibilities may be given access. 2 1 3 OE NO GENERAL PURPOSE, OE NO There will be no general purpose computing capabilities e g compilers. GENERAL or user applications available on DBMS servers other than those. PURPOSE services necessary for the operation administration and support of the. Installers of the database must ensure a fresh installation of the underlying. operating system has been implemented and hardened in accordance with the. organization s best practices prior to database installation Access to the. operating system must be strictly controlled and no other services may be. installed on the database server,2 1 4 OE PHYSICAL.
OE PHYSICAL Those responsible for the TOE must ensure that those parts of the TOE. critical to enforcement of the security policy are protected from. physical attack that might compromise IT security objectives The. protection must be commensurate with the value of the IT assets. protected by the TOE, Installers are instructed to only install the Oracle DB12 database in locations. that provide physical security against possible attack in accordance with the. organization s policy Security should be increased in accordance with the value. of the data to be protected within the database,2 1 5 OE IT I A. OE IT I A Any information provided by a trusted entity in the environment and used. to support user authentication and authorization used by the TOE is. correct and up to date, Prior to configuring an Oracle DB12 database with an external authentication. mechanism the implementers must ensure that every entry in the. authentication system is correct and up to date,2 1 6 OE IT REMOTE. OE IT If the TOE relies on remote trusted IT systems to support the. REMOTE enforcement of its policy those systems provide that the functions and. any data used by the TOE in making policy decisions required by the TOE. are sufficiently protected from any attack that may cause those functions. Doc No 1932 000 D105 Version 1 2 Date 6 March 2017 Page 4 of 15. Oracle Database 12c Enterprise,Guidance Supplement.
to provide false results, The implementers of the Oracle DB12 database must ensure that any system. that connects to the database and provides input to the database s security. policy decision making must be implemented securely and protected from. possible physical attack,2 1 7 OE IT TRUSTED SYSTEM. OE IT The remote trusted IT systems implement the protocols and mechanisms. TRUSTED required by the TSF to support the enforcement of the security policy. These remote trusted IT systems are managed according to known. accepted and trusted policies based on the same rules and policies. applicable to the TOE and are physically and logically protected. equivalent to the TOE, The Oracle DB12 database implementation team must ensure that any system. that connects to the database must be implemented securely and protected. from possible physical attack Only remote systems that are under control of. those implementing the database and subject to the same physical and access. control security policies should be allowed to access the database. 2 2 INITIAL SETUP AND CONFIGURATION, Administrators should perform the initial setup and configuration of the TOE in. accordance with the instructions provided in the following chapters from the. Oracle Database Installation Guide 12c Release 1 12 1 for Linux. Chapter 4 Oracle Database Preinstallation Tasks, Chapter 5 Configuring Users Groups and Environments for Oracle.
Chapter 7 Installing Oracle Database,Chapter 8 Oracle Database Postinstallation Tasks. 2 3 PASSWORD CONFIGURATION, Administrators are required to manually enable the password complexity. checking function using the Ora12c strong verify function Instructions on. enabling this function can be found in the Oracle Database Security Guide 12c. Release 1 12 1 under Chapter 3 Configuring Authentication Enabling. Password Complexity Verification page 3 17, Doc No 1932 000 D105 Version 1 2 Date 6 March 2017 Page 5 of 15. Oracle Database 12c Enterprise,Guidance Supplement. 3 OTHER PROCEDURES, This section describes the user accessible functions and privileges that should be.
controlled in a secure processing environment and includes the security critical. information and security critical actions required for secure use of the TOE. 3 1 INITIALIZATION PARAMETERS, The following steps must be completed for the TOE to operate in the evaluated. configuration, a To connect to the DBMS as a privileged user such as a database. administrator the following parameters shall be set in the appropriate. initialization file,O7 dictionary accessibility FALSE. Remote login passwordfile EXCLUSIVE, b The following parameter ensures that a user must have SELECT privilege. on a table when executing an UPDATE or DELETE statement that. references table column values in a WHERE or SET clause. sql92 security TRUE, c The audit trail parameter in the appropriate initialization parameter.
file shall be assigned in the following ways,audit trail DB. d The following parameter enables session auditing. audit session, e The following parameters revoke default PUBLIC privileges. revoke execute on DBMS JOB from Public,revoke execute on DBMS JAVA from public. revoke execute on DBMS XMLGEN from public,revoke execute on utl smtp from public. revoke execute on utl tcp from public,revoke execute on utl http from public.
revoke execute on utl file from public,revoke execute on dbms random from public. revoke execute on SYS OWA OPT LOCK from public,revoke execute on XDB DBMS XDB from public. revoke execute on CTXSYS DRILOAD from public,revoke execute on MDSYS PRVT IDX from public. revoke execute on SYS DBMS CDC DPUTIL from public, Doc No 1932 000 D105 Version 1 2 Date 6 March 2017 Page 6 of 15. Oracle Database 12c Enterprise,Guidance Supplement.
Oracle Database 12c Enterprise Edition Guidance Supplement Evaluation Assurance Level EAL EAL2 Doc No 1932 000 D105 Version 1 2 6 March 2017 Oracle Corporation 5000 Oracle Parkway Redwood Shores California 94065 Prepared by EWA Canada 1223 Michael Street Suite 200 Ottawa Ontario Canada K1J7T2 Oracle Database 12c Enterprise Edition Guidance Supplement Doc No 1932 000 D105 Version

Related Books