on 04-05-2011 12:18 PM
Hi,
We have an audit finding that Communication channel between application systems (ERP/SAP) and database are not encrypted.
1. Is it a standard practice to have an encripted channel.
2. If so, how can we achieve the channel encription.
3. If not how can we justify to the auditors that we are not keeping encription channel between database and application.
Regards,
Suhail Qadri
> 1. Is it a standard practice to have an encripted channel.
This depends on your requirements, some industries require encryption, others not.
> 2. If so, how can we achieve the channel encription.
Check Note 973450 - Oracle Advanced Security: Network encryption
> 3. If not how can we justify to the auditors that we are not keeping encription channel between database and application.
>
Has someone physical access to the network? Is it a separated (isolated) network?
Markus
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi!
We have used the note Markus mention, and encryption works fine for us.
Remember to set required for encryption and choose an alogorythm that are valid for all of your systems.
If You are using rman catalog in another database, remember to activate/install ASO on client side here too.
Regards
Audun
DBA
who likes encrypted communications
User | Count |
---|---|
95 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.