cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Communication channel between application systems (ERP/SAP) and database

Go to solution
Private_Member_155709
Explorer

on ‎04-05-2011 12:18 PM

0 Kudos

Hi,

We have an audit finding that Communication channel between application systems (ERP/SAP) and database are not encrypted.

1. Is it a standard practice to have an encripted channel.

2. If so, how can we achieve the channel encription.

3. If not how can we justify to the auditors that we are not keeping encription channel between database and application.

Regards,

Suhail Qadri

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

markus_doehr2
Active Contributor
‎04-05-2011 12:26 PM
0 Kudos

> 1. Is it a standard practice to have an encripted channel.

This depends on your requirements, some industries require encryption, others not.

> 2. If so, how can we achieve the channel encription.

Check Note 973450 - Oracle Advanced Security: Network encryption

> 3. If not how can we justify to the auditors that we are not keeping encription channel between database and application.

>

Has someone physical access to the network? Is it a separated (isolated) network?

Markus

Show replies
Show replies
Private_Member_155709
Explorer
‎04-05-2011 12:39 PM
0 Kudos

Hi Markus,

Ours is a Real Estate Organisation, The database and application server are on the same VLAN in same datacenter, actually both are active-active HP cluster. What is the general practice in this scenario.

Regards,

SUhail Qadri

markus_doehr2
Active Contributor
‎04-05-2011 12:44 PM
0 Kudos

It's very difficult to give a general statement about what is "common practice". What is the reason why your auditors think that encryption between APP and DB is necessary?

I'm not working in RE to give a statement whether this is necssary or not, technically it's certainly possible.

Markus

Private_Member_155709
Explorer
‎04-07-2011 1:43 PM
0 Kudos

Hi Markus,

Thanks for the reply,

Can you brief us through some pro's and con's of encripting the channel between application and database.

Regards,

markus_doehr2
Active Contributor
‎04-07-2011 2:25 PM
0 Kudos

> Can you brief us through some pro's and con's of encripting the channel between application and database.

I suggest you read the note mentioned and for further information use the Oracle documentation.

Markus

audunlea_hansen
Active Participant
‎04-12-2011 7:13 PM
0 Kudos

Hi!

We have used the note Markus mention, and encryption works fine for us.

Remember to set required for encryption and choose an alogorythm that are valid for all of your systems.

If You are using rman catalog in another database, remember to activate/install ASO on client side here too.

Regards

Audun

DBA

who likes encrypted communications

Answers (0)

Ask a Question