CIS Releases Security Benchmarks for Oracle Database 11g
Benchmarks are available for download at no cost
The Center for Internet Security (CIS) last week released its security configuration benchmarks for Oracle Database 11g. The benchmarks are available for download at no cost at http://www.cisecurity.org/bench_oracle.html.
According to the CIS, the benchmarks were compiled based on testing of an Oracle Database 11g installed on a Red Hat Enterprise Server 5. Leviathan Security Group's Adam Cecchetti headed the process.
The benchmarks give recommendations for procedures and settings designed to secure an Oracle Database 11g environment's installation, setup and operation against "conventional threats," the CIS said in a press release. The benchmarks also extend to backups, archive logs, and more.
"The Oracle Database 11g benchmark is a compilation of security configuration actions and settings that harden Oracle databases against unauthorized access, data loss, malware and other threats," according to CIS CEO Bert Miuccio in a prepared statement. "This benchmark represents a prudent level of due care for helping ensure that Oracle Database 11g security satisfies compliance requirements."
The CIS describes the release as a "consensus-driven" standard that has been developed with and accepted by security professionals in a wide range of industries, including government and education. As with other CIS benchmarks, the Oracle Database 11g benchmarks have both Level 1 and Level 2 recommendations and are available in PDF or, for CIS members, XML format.
For more information, go to http://www.cisecurity.org.