April 1995 Network Security “This is a good time for Comdisco to be evaluating it”, Coons said. By the time they are ready to implement it, MCI and the other carriers should have their usage-based pricing available. Oracle Secures C/S Lisa Armstrong Oracle claims that its product, Secure Network Services, is the first secure network encryption software for the client/server environment. “Security was traditionally a (US) government issue, but with electronic commerce, global data distribution and the threat of hackers, security is now a corporate imperative”, said Alan Tottle, Oracle’s vice president of network and management products. “Oracle’s Secure Network Services offers state-of-the-art protection for a corporation’s most valuable asset - its data.” Secure Net Services will allow users of public networks, such as the Internet, to safeguard their data from wandering eyes, tamperers and all forms of cyber pirates. The product incorporates licensed RSA Data Security public key encryption and digital signature authentication technology and dwells on both the client and server. It can be used in conjunction with any Oracle-supplied, customer-written or third party application that works with Oracle. Data travelling between servers or between a client and a server is fully encrypted and secures SQL statements, data values, passwords, remote procedure calls and replication information. Secure Network Services supports multiple network protocols and works with Oracle7 as well as Oracle Open Gateway technology, allowing data transmitted to DB2, Rdb, IMS and SQL/400 databases to be secured. “Oracle Secure Network Services is an uncomplicated solution for securing client/server network traffic”, said Dr Richard Raffenetti, a technical staff specialist at Argonne National Laboratory in Chicago. “We installed it on top of SQL*Net and it worked without a hitch.” Secure Network Services is currently available as an add-on to SQL*Net, Redwood Shores, California-based Oracle’s connectivity software at a price of USS200. Network Review - Part 2 Chris Sheffield This is the second instalment of a document which summarises the findings from a number of network reviews performed during the last three years by a team of technical computer auditors managed by Chris Sheffield from Touche Ross. The first instalment covered common problems which the network review highlighted with the network management and support functions and with logical access and physical security. The overall conclusion from the article was that due to the rapid growth of networking technologies, controls and procedures which we would expect to find in these areas are weak. In particular, network security is often poor due to a general lack of security awareness within the user community and due to poor security administration by the network management and support functions. Security administration is often considered a low priority by network support staff, but due to the increase in the use of WAN links, remote network access via modems and Internet connections, it is vital that an organization’s network is secured and subject to an effective security policy. The network review encompasses a number of key auditable areas, and during this part the general findings from the review of the following areas will be discussed: Network fault tolerance and resilience ’ Networking strategy ’ Network configuration and performance Network fault tolerance and resilience A traditional approach to the audit of computer networks would normally focus on network security as this is perceived as the area with the greatest risk to the organization. It is accepted that both logical access and physical security are important, but an area which is becoming equally as important is the reliability and availability of the networks. 01995 Elsevier Science Ltd

Oracle Secure C/S

Download PDF Report

Upload
lisa-armstrong
View
212
Download
0

Embed Size (px)

Citation preview

April 1995 Network Security

“This is a good time for Comdisco to be evaluating it”, Coons said. By the time they are ready to implement it, MCI and the other carriers should have their usage-based pricing available.

Oracle Secures C/S

Lisa Armstrong

Oracle claims that its product, Secure Network Services, is the first secure network encryption software for the client/server environment. “Security was traditionally a (US) government issue, but with electronic commerce, global data distribution and the threat of hackers, security is now a corporate imperative”, said Alan Tottle, Oracle’s vice president of network and management products.

“Oracle’s Secure Network Services offers state-of-the-art protection for a corporation’s most valuable asset - its data.”

Secure Net Services will allow users of public networks, such as the Internet, to safeguard their data from wandering eyes, tamperers and all forms of cyber pirates. The product incorporates licensed RSA Data Security public key encryption and digital signature authentication technology and dwells on both the client and server. It can be used in conjunction with any Oracle-supplied, customer-written or third party application that works with Oracle.

Data travelling between servers or between a client and a server is fully encrypted and secures SQL statements, data values, passwords,

remote procedure calls and replication information. Secure Network Services supports multiple network protocols and works with Oracle7 as well as Oracle Open Gateway technology, allowing data transmitted to DB2, Rdb, IMS and SQL/400 databases to be secured.

“Oracle Secure Network Services is an uncomplicated solution for securing client/server network traffic”, said Dr Richard Raffenetti, a technical staff specialist at Argonne National Laboratory in Chicago. “We installed it on top of SQL*Net and it worked without a hitch.”

Secure Network Services is currently available as an add-on to SQL*Net, Redwood Shores, California-based Oracle’s connectivity software at a price of USS200.

Network Review - Part 2 Chris Sheffield

This is the second instalment of a document which summarises the findings from a number of network reviews performed during the last three years by a team of technical computer auditors managed by Chris Sheffield from Touche Ross.

The first instalment covered common problems which the network review highlighted with the network management and support functions and with logical access and physical security. The overall conclusion from the article was that due to the rapid growth of networking technologies, controls and procedures which we would expect to find in these areas are weak. In particular, network security is often poor due to a general lack of security awareness within the user community and due to poor security

administration by the network management and support functions. Security administration is often considered a low priority by network support staff, but due to the increase in the use of WAN links, remote network access via modems and Internet connections, it is vital that an organization’s network is secured and subject to an effective security policy.

The network review encompasses a number of key auditable areas, and during

this part the general findings from the review of the following areas will be discussed:

Network fault tolerance and resilience

’ Networking strategy

’ Network configuration and performance

Network fault tolerance and resilience

A traditional approach to the audit of computer networks would normally focus on network security as this is perceived as the area with the greatest risk to the organization. It is accepted that both logical access and physical security are important, but an area which is becoming equally as important is the reliability and availability of the networks.

01995 Elsevier Science Ltd