1 / 22

Database Security

Database Security. Security Vulnerabilities Vulnerability Management System (VMS) IAVA Process for Helpdesk. Database Security. TOPICS. Database Security. Security Vulnerabilities

vienna
Télécharger la présentation

Database Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. UBO/UBU Conference - TPOCS - 22-25 March 2010

  2. Database Security UBO/UBU Conference - TPOCS - 22-25 March 2010

  3. Security Vulnerabilities Vulnerability Management System (VMS) IAVA Process for Helpdesk Database Security TOPICS UBO/UBU Conference - TPOCS - 22-25 March 2010

  4. Database Security Security Vulnerabilities Whenever any vendor, be it Microsoft, Oracle, Veritas, or any other product used on the TPOCS and CCE servers, releases a vulnerability report or hotfix it is first tested in our lab environment UBO/UBU Conference - TPOCS - 22-25 March 2010

  5. Database Security Security Vulnerabilities Once the IAVA-A, IAVA-B, or IAVA-T status is announced, the fix is applied into the ATIC production environment UBO/UBU Conference - TPOCS - 22-25 March 2010

  6. Database Security Security Vulnerabilities Once the fix and IAVA status are confirmed, the information is released both in a spreadsheet report to the Service Managers and also as an update to the ATIC assets in the VMS system UBO/UBU Conference - TPOCS - 22-25 March 2010

  7. Security Vulnerabilities QUESTIONS UBO/UBU Conference - TPOCS - 22-25 March 2010

  8. Vulnerability Management System (VMS) UBO/UBU Conference - TPOCS - 22-25 March 2010

  9. Database Security • Vulnerability Management System (VMS) • The ATIC production system is listed as an MTF in the Vulnerability Management System • When updates or hot-fixes are approved and applied to the ATIC production system it will be reflected in the VMS UBO/UBU Conference - TPOCS - 22-25 March 2010

  10. Database Security • Vulnerability Management System (VMS) • IAVA notices that are Not Applicable to the TPOCS and CCE systems are listed as such in the VMS • This information should be visible to site administrators with VMS access UBO/UBU Conference - TPOCS - 22-25 March 2010

  11. Vulnerability Management System (VMS) VMS report are accessed from the VMS Home page. To access the VMS website: https://vms.disa.mil DISA provides VMS training, implementation and operational support to VMS users. Database Security UBO/UBU Conference - TPOCS - 22-25 March 2010

  12. Vulnerability Management System (VMS) QUESTIONS UBO/UBU Conference - TPOCS - 22-25 March 2010

  13. IAVA Process for Tier3 Helpdesk UBO/UBU Conference - TPOCS - 22-25 March 2010

  14. IAVA Processing IAVA report initiated by DHSS IAVA reviewed for relevance by CCE/TPOCS Tier3 Analyst. If IAVA references a software package not loaded on CCE/TPOCS servers it is marked as N/A CCE/TPOCS does not use application. If IAVA references a software package loaded on CCE/TPOCS servers, determination is made if the IAVA directly affects the CCE/TPOCS applications. UBO/UBU Conference - TPOCS - 22-25 March 2010

  15. IAVA Processing If the application referenced in the IAVA is loaded on CCE/TPOCS servers, but does not interact with CCE/TPOCS application (i.e., MS-Word, MS-Excel, Adobe Acrobat Reader, Windows 2000 Server) it is marked Apply Patch, Does not affect CCE/TPOCS. UBO/UBU Conference - TPOCS - 22-25 March 2010

  16. IAVA Processing If the application referenced in the IAVA is loaded on CCE/TPOCS servers and directly affects the CCE/TPOCS application (i.e. Oracle Database, MS-SQL Database), the IAVA is referred to the proper analyst for installation and testing to verify the patch does not “Break” CCE/TPOCS. If the patch does not “Break” CCE/TPOCS, it is marked Apply Patch, Does not affect CCE/TPOCS. If the patch does “Break” CCE/TPOCS, RITPO is informed not to apply the patch until a fix is in place for CCE/TPOCS. UBO/UBU Conference - TPOCS - 22-25 March 2010

  17. IAVA Processing QUESTIONS UBO/UBU Conference - TPOCS - 22-25 March 2010

  18. Oracle 10g/11g Server Patches UBO/UBU Conference - TPOCS - 22-25 March 2010

  19. Oracle 10g/11g Server Patches Installation Oracle releases patches every 3 months PSI will evaluate Oracle patches released. If it is compatible with TPOCS IAVA will instruct the local SA to apply the patch. The administrator/BOC on each TPOCS server site is responsible to install the patch. UBO/UBU Conference - TPOCS - 22-25 March 2010

  20. Client can be grabbed from http://www.oracle.com/technology/software/index.html Select “Runtime (218mb)” on installation. Copy tnsnames.ora and SQLnet.ora files from an existing TPOCS workstation and paste to the same folder from your workstation to connect to the Oracle server. Test connection using TPOCS or Oracle’s “Net Configuration Assistant”. If a user is not in the Administrator Group and needs to run TPOCS, the user must be grant read/write access to every node in C:\Oracle\ tree and C:\Program Files\Oracle\ tree. Oracle 10g Client Installation UBO/UBU Conference - TPOCS - 22-25 March 2010

  21. Oracle 10g Server Patches Installation QUESTIONS UBO/UBU Conference - TPOCS - 22-25 March 2010

  22. Thanks for Attending TPOCS Technical Training UBO/UBU Conference - TPOCS - 22-25 March 2010

More Related