Security experts have been promoting the virtues of layered security for years. The favoured analogy is that of a bank where walls, doors, security guards, steel bars, etc. all form component layers that individually provide some security, but together create an impenetrable vault. On closer examination this analogy is flawed. In the bank, security is highest at the centre, in the immediate vicinity of the gold, while in the world of IT, the layers seem to be strongest at the periphery and weak at the core. If the data at the centre of an organisation is its most valuable asset, it seems totally inadequate to rely on the packaged elements of standard databases to provide the necessary security. In the unlikely event that the database has been correctly installed and configured, data centres are more concerned with the applications running smoothly than the security of the data. Consultants who understand the complexities of databases such as Oracle and at the same time appreciate good security policy are rare in the extreme. Pentest Limited is fortunate to have consultants with this rare mixture of skills, able to create appropriate access rules without compromising the businesses most critical applications.
Oracle Security Services
Auditing Oracle RDBMS and applications has become an essential task to ensure the confidentiality, integrity and availability of business data. Pentest can provide skilled consultants with the necessary Oracle and security expertise to carry out this planned service.
Pentest offers a number of Oracle specific security services including:
- database security assessment service (DSAS)
- complete database and application review
- penetration testing of Oracle databases and applications
- advice on security policy
- advice on auditing
- interpretation of audit results
With the exception of the DSAS service these services are all offered as pre-defined packaged consultancy or can be tailored to the specific requirements of the client. To ensure complete confidentiality, all Oracle security services can be performed on site enabling the in-house Oracle support team to work closely with Pentest's experienced consultants in highlighting the most significant issues within the environment At the client's request, a full breakdown of remedial actions can be provided which includes estimates of effort and impact analysis. Pentest can offer guidance to the incumbent support team on rectifying any issues.
Often, information security weaknesses are introduced by a failure to have a coherent strategy for both the application and database development. Pentest can help to guide the business's Oracle security strategy thereby ensuring that any new Oracle installations are secure from the outset.
Pentest can assist in establishing appropriate Oracle audit trails without unduly compromising the performance of the system. This task is often considered an unnecessary burden on the application, however, Pentest are experienced in efficiently creating database and business processes to monitor and act on the results.
Pentest offers a thorough, yet adaptive range of security services to help customers address vulnerabilities in their network or applications. Services include: Secure Coding Workshops, SAST tools, Manual Penetration Testing and Security Audits.
We’re delighted with the Database Security Assessment Service (DSAS) and continue to make use of the knowledge and flexibility demonstrated by the Pentest Consultants