Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

7/28/2009
06:31 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Oracle Database Vault Security Extended To JD Edwards Environments

Oracle Database Vault now includes extensible policies for use with Oracle's JD Edwards EnterpriseOne

REDWOOD SHORES, Calif. " July 28, 2009 News Facts

  • To further protect sensitive application data residing in an Oracle Database from unauthorized access by any database user, including privileged database administrators (DBA), Oracle Database Vault now includes extensible policies for use with Oracle's JD Edwards EnterpriseOne, Oracle announced today.

  • Oracle Database Vault enables JD Edwards EnterpriseOne customers to restrict access to application data by highly privileged users, enforce separation-of-duty within the Oracle database, prevent application by-pass and enforce enterprise security policies with multi-factor authorization.

    Securing JD Edwards Application Data Transparently

  • Requiring no special modifications to the JD Edwards EnterpriseOne applications, Oracle Database Vault defends transparently against unauthorized access to application data residing in the database as well as accidental or intentionally harmful database changes by users.

  • Specifically, the default Oracle Database Vault policies for JD Edwards EnterpriseOne will establish an: -- Application Protection Realm to prevent privileged users from accessing sensitive information; -- Configuration Protection Realm to protect the application meta data against unauthorized changes; and, -- Command Rule to authorize the JD Edwards application connections to the Oracle Database based on IP address and client application.

  • The default policies can be customized and further extended to take into account other factors such as time of day, day of week, authentication, and more.

  • Organizations can implement Oracle Database Vault to enforce separation of duties within the database. For example, Oracle Database Vault can block privileged users with DBA rights from reading or changing critical application data while allowing a DBA to perform daily operations such as database backup and recovery, tuning, and replication.

  • In addition to increasing the security of existing applications, Oracle Database Vault helps organizations meet regulatory mandates such as Sarbanes-Oxley (SOX), Payment Card Industry (PCI) Data Security Standard (DSS), Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), and similar global directives that call for separation-of-duties and other preventive controls to ensure data integrity and data privacy.

  • Oracle Database Vault is now certified with all JD Edwards EnterpriseOne application modules and releases version 8.12 and higher, Oracle's Siebel CRM, the Oracle E-Business Suite, and Oracle's PeopleSoft Enterprise.

    Supporting Quotes

  • "Oracle Database Vault delivers immediate value to JD Edwards EnterpriseOne customers by transparently protecting application data within the Oracle Database," said Vipin Samar, vice president of Database Security, Oracle. "Using Oracle Database Vault, organizations can better meet challenging global privacy mandates that call for limiting access to sensitive information by privileged users without costly application changes."

  • "With Oracle Database Vault, customers running their businesses on JD Edwards EnterpriseOne are enabled to protect mission critical data more effectively against insider threats and to meet regulatory compliance," said Oracle Group Vice President and General Manager, JD Edwards, Lenley Hensarling. Supporting Resources
  • Oracle Database Vault Data Sheet
  • Oracle Database Vault Resource Kit
  • Oracle Database Vault Online Demo
  • Oracle Security Inside Out Blog
  • Oracle's JD Edwards EnterpriseOne
  • Download a free, evaluation version of Oracle Database Vault. Terms, conditions and restrictions apply.

    Oracle Innovation Showcase For more than 32 years, Oracle has been a technology innovator, transforming the way business is conducted. To learn about Oracle's latest technologies, visit the Innovation Showcase during the 100 days before Oracle OpenWorld. See oracle.com/innovation for more information.

    About Oracle Database Security For more than 30 years, Oracle has led the industry in securing sensitive data. Oracle Database 11g addresses today's data security challenges from data encryption, access control, and data classification, to audit and compliance reporting, as well as secure deployments and data masking. The comprehensive portfolio of security options for Oracle Database 11g, including Oracle Advanced Security, Oracle Database Vault, Oracle Label Security, Oracle Data Masking, and Oracle Audit Vault, helps organizations to transparently safeguard against data breaches and to achieve regulatory compliance without requiring changes to existing applications. To learn more about how to protect data with Oracle Database 11g today, please visit: http://www.oracle.com/database/security.

    About Oracle Oracle (NASDAQ: ORCL) is the world's largest business software company. For more information about Oracle, please visit our Web site at http://www.oracle.com.

    Trademarks Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Mina Manchester Account Executive Blanc & Otus Public Relations for Oracle [email protected] Direct: 415.856.5182 Mobile: 415.395.6019 Twitter: minalmanchester

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    DevSecOps: The Answer to the Cloud Security Skills Gap
    Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
    Attackers' Costs Increasing as Businesses Focus on Security
    Robert Lemos, Contributing Writer,  11/15/2019
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Current Issue
    Navigating the Deluge of Security Data
    In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
    Flash Poll
    Rethinking Enterprise Data Defense
    Rethinking Enterprise Data Defense
    Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2019-6852
    PUBLISHED: 2019-11-20
    A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP har...
    CVE-2019-6853
    PUBLISHED: 2019-11-20
    A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server.
    CVE-2013-2092
    PUBLISHED: 2019-11-20
    Cross-site Scripting (XSS) in Dolibarr ERP/CRM 3.3.1 allows remote attackers to inject arbitrary web script or HTML in functions.lib.php.
    CVE-2013-2093
    PUBLISHED: 2019-11-20
    Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands.
    CVE-2015-3166
    PUBLISHED: 2019-11-20
    The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as d...