Encrypting data is a useful tool to protect sensitive data be it at rest, in motion, or in use. For an Oracle Database, encryption may be done at the storage, application, network, and backup layers. Therefore, implementing database encryption can be time consuming and difficult as there are performance considerations and challenges such as effective key management for each encryption solution. This education webinar examines available Oracle Database encryption technologies and deployment options highlighting the benefits and potential pitfalls of each encryption solution.
Views: 6995 Integrigy
Oracle Business Intelligence Enterprise Edition (OBIEE) 11g is a powerful tool for accessing data, however this power means OBIEE security is imperative in order to protect the data. This educational webinar examines the security of all layers of the OBIEE technology stack: the OBIEE application, the WebLogic application server, and the repository database. In addition, security of the integration of OBIEE with Oracle E-Business Suite is reviewed. This webinar is based on Integrigy's free whitepaper "OBIEE Security Examined" available for download from integrigy.com.
Views: 7914 Integrigy
Java deserialization is a class of security vulnerabilities that can result in server-side remote code execution (RCE). As many Oracle products are based on Java, deserialization bugs are found in many Oracle environments especially those using Oracle WebLogic, Oracle Fusion Middleware, and Oracle E-Business Suite. As an example, in November 2015 Oracle released an out-of-cycle security fix (CVE-2015-4852) in order to fix a deserialization bug in Oracle WebLogic. This education webinar provides an understanding of Java deserialization vulnerabilities, the potential impact for Oracle environments, and strategies to protect an Oracle environment from this class of security vulnerabilities.
Views: 1724 Integrigy
Oracle’s Audit Vault product is increasing in popularity having been voted Database Trends and Reader’s Choice Best Database Security Solution for 2014. Oracle Audit Vault provides a comprehensive and flexible monitoring solution by consolidating audit data from Oracle and non-Oracle databases, operating systems, directory, file systems, and application log data. The Oracle Audit Vault delivers over one hundred (100) reports, including compliance reports, as well as provides the ability to easily modify and create new reports using BI Publisher. For auditors and IT security professionals, the Oracle Audit Vault presents significant new opportunities for Oracle database activity monitoring and security. This educational webinar is targeted for auditors and IT security professionals and reviews the Oracle Audit vault and how Integrigy’s log and audit Framework can be easily implemented using the Oracle Audit Vault.
Views: 2274 Integrigy
For those of you that missed this session at the recent Collaborate12 conference, please read on. Do you truly know why you should be regularly applying Oracle Critical Patch Updates? This session will provide an in-depth look and demonstration of different types of security vulnerabilities fixed by Oracle's quarterly Critical Patch Updates (CPU). Using information and exploit code that is published and readily available on the Internet, actual security bugs fixed in CPUs will be demonstrated to show how easily they may be used to compromise a database. The purpose of this session is to help you better appreciate the importance of keeping up to date with the Oracle Critical Patch Updates.
Views: 1743 Integrigy
Database activity monitoring (DAM) solutions can help organizations to satisfy complex database security and compliance challenges. However, many organizations are not fully utilizing these solutions and obtaining value in terms of identify potential security incidents or automating compliance activities. This educational webinar discusses how to implement DAM solution that will effectively improve database security and automate compliance workflows. The DAM solutions referenced include Imperva SecureSphere, IBM Guardium, and Oracle Audit Vault and Database Firewall. The speakers have implemented and optimized these DAM solutions for many organizations.
Views: 3857 Integrigy
In 2012, details of a vulnerability in the Oracle Database listener were published that allows an attacker to register with the database listener and to intercept and modify TNS network traffic between the client and database server. This “TNS Poison” attack allows an unauthenticated attacker with only network connectivity to compromise most database accounts. The fix to prevent TNS Poison attacks was announced in April 2012, but was not fixed by the Critical Patch Update securtiy patch. Instead, manual changes are required to the database listener prior to 12c. Even though this vulnerability is four years-old, Integrigy routinely identifies vulnerable Oracle databases during our security assessments – hence the purpose of this webinar. This education webinar demonstrates a TNS poison attack and how an Oracle database can be compromised without any database authentication. Required remediation steps for each database version are discussed as well as methods for checking if a database is protected or if it has been compromised.
Views: 2159 Integrigy
The Oracle E-Business Suite is usually an organization's most important application and the consequences of having it compromised could be catastrophic. However, often CIOs, project managers, and technical managers have little understanding of Oracle E-Business Suite security and compliance risks and issues. This session will provide a managerial level overview of how to properly secure the application and comply with requirements such as SOX, PCI, and HIPAA, including key questions to ask DBAs and IT Security.
Views: 276 Integrigy
In an Oracle E-Business Suite environment, there are a number of generic, privileged accounts at the database, application, and operating system layers. Often, there is little control or active management of accounts like APPS and SYSADMIN with passwords being loosely controlled and frequently shared. This session describes the risks associated with these accounts and ways to manage and control them.
Views: 790 Integrigy
An overview of the Oracle Critical Patch Update (CPU) for July 2011 and the impact on the Oracle Database. This presentation includes a discussion of individual security vulnerabilities fixed by the CPU.
Views: 3818 Integrigy
Oracle E-Business Suite 12.2 introduces a number of new security features, enhancements, and changes. This eLearning webinar examines each of these security features to describe the impact on your implementation and how you can best leverage each of them. The underlying E-Business Suite application server moving to Oracle WebLogic Server and the new required processes and methods for securing the application server layer of E-Business Suite.
Views: 2012 Integrigy
The second eLearning webinar in the series reviewing the security features and risks of Oracle Business Intelligence Enterprise Edition (OBIEE). The first eLearning Webinar reviewed the security features of all layers of the OBIEE technology stack: the OBIEE application, the WebLogic application server, and the repository database. This eLearning webinar reviews the Top Ten Security Risks for OBIEE and WebLogic. The basis of this eLearning Webinar is Integrigy's latest research and common security assessment findings for OBIEE.
Views: 421 Integrigy
Are you not applying, or maybe having difficulty in applying, Oracle security patches in a timely manner? Are you quarters or years behind on security patches? Due to lack of security patch support by Oracle for software versions older than eighteen months, or business constraints limiting patching, security patches often are not applied in a timely manner. This presentation discusses the common challenges in applying the security patches, strategies to overcome these challenges, and mitigating controls that might be used to protect against these security vulnerabilities in the Oracle Database and Oracle E-Business Suite.
Views: 857 Integrigy
Internal Auditors are trained to understand the financial aspects and the end user functionally of an ERP solution. However, most Internal Auditors have not been trained in the security features of an ERP system. This one hour auditing primer webinar will highlight the basic security that should be found within all implemented Oracle E-Business Suite (EBS) systems. Topics will include: (1) Compliance issues regarding PCI, HIPAA, SOX, (2) Protection of Sensitive Data within the Oracle EBS, (3) Best Practices for securing the Oracle EBS, (4) Concerns and risks with user privileges, excessive access, insecure access, and (5) Secure external access to Oracle EBS (iStore, iSupplier, iRecruitment, iSupport, etc.)
Views: 3138 Integrigy
Oracle Database security checklists and standards are focused on one database, not 1,000 databases. The significant challenge is when you have 100, 500, 1,000, or even 10,000 Oracle Databases in your organization to protect. In order to protect and securely maintain a thousand Oracle Databases requires an enterprise database security framework and database security program. This session will describe how to implement a database security program with all the necessary components to protect the databases in a large enterprise. The database security program will include configuration management, enterprise database user security, periodic access reviews and controls, routine security patching, and an enterprise database auditing strategy.
Views: 511 Integrigy
Credit card data breaches are headline news, thus organizations must properly protect credit card data or risk being tomorrow's headline. Oracle E-Business Suite implementations that "store, process, or transmit cardholder data" must comply with Payment Card Industry (PCI) security standards regardless of size or transaction volume. This presentation will review the credit card processing within the Oracle E-Business Suite and will provide detailed guidance for securing cardholder data and complying with PCI-DSS.
Views: 2451 Integrigy
Do you believe any of the following statements? - The Oracle E-Business Suite (OEBS) application and database are secure out-of-the-box. - Implementing the Security Best Practices as published by Oracle will make your OEBS fully secure. - Your IT security team understands the security issues inherent with the OEBS. The one hour educational webinar discusses these and other security myths are discussed along with practical guidelines for securing your Oracle E-Business Suite environment.
Views: 601 Integrigy
To protect sensitive data (i.e. Social Security numbers) in Oracle E-Business Suite environments, numerous Oracle technologies and third-party products promise to be your next silver bullet. Compliance requirements, such as Payment Card Industry Data Security Standard (PCI-DSS), SOX, and HIPAA, require these types of solutions and technologies be implemented in order to protect sensitive data. However, implementing these technologies is challenging and there are significant limitations and often certification issues to be considered. During this hour-long webinar we will discuss best practices and share some client success stories for encryption, scrambling, and security auditing. Solutions range from simple SQL scripts to expensive add-on products. The following topics will be covered: (1) An overview of Oracle E-Business Suite data security challenges (2) Sensitive data protection compliance requirements -- PCI-DSS, SOX, HIPAA (3) Best practices and solutions for encrypting sensitive data (4) Best practices and solutions for scrambling data in test and development environments (5) Best practices and solutions for auditing sensitive data access
Views: 655 Integrigy
Oracle E-Business Suite (EBS) 11i and 12.0 security patches and other security improvements are no longer being provided by Oracle since these products are now under Sustaining Support. After January 2016 for 11i and October 2015 for 12.0, Critical Patch Update (CPU) security patches are not available for these versions. There are significant security risks when running a desupported EBS version due to unpatched critical security vulnerabilities and outdated technology stack components. This educational webinar examines the security impact for unsupported EBS environments and how to effectively mitigate the security risks when it is not possible to apply CPU patches and other security upgrades.
Views: 412 Integrigy
When you externally deploy to a DMZ Oracle E-Business Suite Internet enabled modules such as iSupplier, iRecruitment, or iStore, you have potentially exposed your entire environment to the Internet including all your financial and HR data. This educational webinar discusses the risks and dangers associated with externally deploying the Oracle E-Business Suite and common mistakes found in such deployments.
Views: 357 Integrigy
Oracle Databases are a target of cyber attacks by hackers looking to obtain sensitive data such as credit card numbers and personally identifiable information used in identify theft. Even though databases are not externally accessible, they are still a target as most cyber attacks penetrate the network perimeter and look for high value targets within your internal network. Based on lessons learned from recent high-profile cyber attacks, a framework and techniques for detection and prevention of these cyber attacks against database will be presented.
Views: 247 Integrigy
This webinar is a repeat of our successful session at the recent Collaborate16 conference. Go beyond database security features and step-by-step instructions to learn how to effectively and efficiently secure and protect Oracle Databases supporting PeopleSoft. This presentation discusses best practices how to implement these security capabilities to achieve optimal database security. Starting with a discussion of common database security risks and attack vectors, learn why and how your databases are under attack by both insiders and outsiders and the processes, tools, and techniques frequently used to compromise Oracle Databases. The goal of this presentation is to show you database security in a different light in order for you to understand the most effective approach to securing your PeopleSoft environment and highlight limitations and issues you may encounter.
Views: 409 Integrigy
Achieving PCI compliance and staying PCI compliant is a big task for any business, especially when the default settings within Oracle E-Business Suite do not meet the list of requirements set forth by the Payment Card Industry's Data Security Standard (PCI DSS) 3.0. Oracle E-Business Suite implementations that "store, process, or transmit cardholder data" must comply with PCI DSS regardless of size or transaction volume. While credit card processing may only be a minor feature within your Oracle E-Business Suite, the entire application must be fully compliant with PCI DSS if any cardholder information is present. This educational webinar walks you through the PCI requirements for compliance and introduces you to an Oracle-validated integration for payment security - a provider that removes Oracle E-Business Suite from PCI scope through encryption and tokenization.
Views: 199 Integrigy
When you "In-Source Your IT Audit", auditing security risks within the Oracle E-Business Suite is critical as application controls can be easily circumvented due to poor IT general controls and security vulnerabilities within the application. This webinar will discuss ten top security risks within the Oracle E-Business and how to audit these security risks. Based on two of Oracle's "best practice" security documents and interspersed with practical real world steps in complying with these practices, industry experts Jeffrey T. Hare, CPA CISA CIA from ERP Risk Advisors and Stephen Kost from Integrigy provide insightful knowledge on Oracle E-Business Suite security risks.
Views: 4347 Integrigy
Are you contemplating moving your Oracle E-Business Suite (EBS) to the cloud? Have you considered the various needs such as implementing upgrades, testing, auditing and security? Are you comfortable with your cloud vendors best practices and security protocols? Have you thought about what information you need to ensure your EBS is configured correctly and properly secure? This educational webinar examines methods and techniques that can be used to “trust but verify” that your Oracle E-Business Suite environment is installed, configured, and operated securely in the cloud.
Views: 265 Integrigy
In celebration of AppSentry's ten year anniversary, Integrigy's July webinar is open Q&A on Oracle E-Business Suite security. Integrigy's Oracle security experts answer client questions regarding Oracle E-Business Suite security. Topics include auditing, encryption, APPLSYSPUB password, and personalizations.
Views: 461 Integrigy
Achieving PCI compliance and staying PCI compliant is a big task for any business, especially when the default settings within Oracle E-Business Suite do not meet the list of requirements set forth by the Payment Card Industry's Data Security Standard (PCI DSS) 3.0. While credit card processing may only be a minor feature within your Oracle E-Business Suite, the entire application must be fully compliant with PCI DSS if any cardholder information is present. This educational webinar walks you through the PCI requirements for compliance including reviewing possible encryption solutions. You will then are introduced CardConnect, an Oracle-validated integrator for payment security that removes Oracle E-Business Suite from PCI compliance through tokenization.
Views: 191 Integrigy
This is the first in a series of webinars by ERP Risk Advisors and Integrigy Corporation presenting on the hidden security threats found in the Oracle E-Business Suite. Internal auditors often focus on the financial aspects, segregation of duties, and application controls when auditing an Oracle E-Business Suite environment. However, many hidden security threats and risks can be found in most Oracle E-Business Suite environments. This one hour educational webinar looks at the hidden security threats and risks often overlooked during most audits.
Views: 569 Integrigy
In complex Oracle E-Business Suite environments, controlling privileged users and restricting direct database access are examples of the security challenges that organizations must solve in order to have a secure and compliant implementation. This educational webinar examines how Oracle Database Vault can be used to mitigate complex security challenges within Oracle E-Business Suite environments.
Views: 241 Integrigy
The auditing and logging capabilities within the Oracle E-Business Suite and Oracle Database are sophisticated and able to satisfy most organizations' security and compliance requirements. However, the auditing and logging setup and usage of the data can be complex and error-prone. This educational webinar outlines the auditing and logging capabilities available at different layers of the application and provides recommendations how to configure auditing and logging to capture critical application and security events. This webinar is based our whitepaper "The Guide to Auditing and Logging in the Oracle E-Business Suite."
Views: 1508 Integrigy
In a PeopleSoft environment, there are a number of generic, privileged accounts at the database, application, and operating system layers. Often, there is little control or active management of accounts like PS, PSADMIN, SYSADM, Oracle, SYS and SYSTEM with passwords being loosely controlled and frequently shared. This e-Learning webinar describes the risks associated with these accounts and ways to manage and control them.
Views: 111 Integrigy
The upgrade from Oracle E-Business Suite (EBS) 11i to R12 is a unique opportunity to improve the security of your implementation by resolving existing security issues, configuring R12 securely, and taking advantage of new security features in R12. This one hour education session will highlight R12 security changes and discuss a framework for a security focused R12 upgrade project. Topics will include (1) 11i and R12 differences and changes that impact security (2) R12 security enhancements and new features (3) Improving security throughout the R12 upgrade process
Views: 1365 Integrigy
Oracle 12c database, recently certified with the Oracle E-Business Suite, delivers several new important security features that will be of value to Oracle E-Business Suite professionals needing to meet security and compliance requirements. This educational webinar reviews these features within the context of best practices for Oracle E-Business Suite security and include improvements to data redaction, auditing and encryption as well as new features to assist with SYSDBA segregation of duties, tracking database last logons, enforcing password complexity, and granting read-only object privileges.
Views: 313 Integrigy
To protect sensitive data, like Social Security numbers, in Oracle E-Business Suite environments, numerous Oracle technologies and third-party products exist that all promise to be your next silver bullet. However, implementing these technologies is challenging and there are significant limitations and often certification issues. Best practices and client success stories with encryption, scrambling, and auditing are discussed with solutions ranging from simple SQL scripts to expensive add-on products.
Views: 180 Integrigy
Oracle E-Business Suite end-user account passwords may be decrypted and used to commit fraud or bypass application controls. This inherent security weakness in the application can be fixed in most implementations, however, it seldom is. Continuing our webinar series on the Hidden Security Threats in Oracle E-Business Suite, this one hour educational webinar highlights the threats associated with this decryption of passwords, demonstrates how easily it can be exploited, and provides the steps required to fix it.
Views: 362 Integrigy
Oracle Multitenant was built to consolidate databases. The provisioning and management advantages of using pluggable databases greatly simplify database operations. However, accidental or intentional acts can create security breaches with pluggable databases. This education webinar reviews the features and functionality introduced by the multitenant option. We then discuss changes to basic database security when using the multitenant option. Auditing and using Advanced Security Option (ASO) with pluggable databases is discussed and finally recommended best practices for security when using pluggable databases are presented.
Views: 137 Integrigy
Oracle is aggressive in desupporting products - most product versions are desupported within 18 months of release except for terminal releases. Oracle Database 184.108.40.206 and Oracle E-Business Suite versions 11.5.x and 12.0.x will be desupported by the end of this year. After Extended Support ends, security patches are not available for products in Sustaining Support. Running desupported versions have a security impact due to the lack of security patches and other reasons. This educational webinar reviews the current support state for the Oracle Database and Oracle E-Business Suite and examines the security impact of desupport for these Oracle products.
Views: 103 Integrigy
The third eLearning webinar in the series reviewing the security features and risks of Oracle Business Intelligence Enterprise Edition (OBIEE). The first eLearning Webinar reviewed the security features of all layers of the OBIEE technology stack: the OBIEE application, the WebLogic application server, and the repository database. The second eLearning webinar reviewed the Top Ten Security Risks for OBIEE. This last eLearning webinar in the series examines WebLogic and its Top Ten Security Risks.
Views: 392 Integrigy
Within the Oracle E-Business Suite, numerous pages and forms allow a privileged end-user to enter SQL statements, operating system commands, or modify the application configuration. Continuing our webinar series on the Hidden Security Threats in Oracle E-Business Suite, this one hour educational webinar explores the risks associated with sensitive administrative pages and how these pages can be used to circumvent application controls. We look at what sensitive administrative pages are, how they can be used to manipulate data or commit fraud, how you can determine who has access to these pages, and what is required to mitigate the threat.
Views: 170 Integrigy
Do you believe any of the following statements? The Oracle database is secure out-of-the-box. All of the database passwords are documented. Once set, the database passwords remain stable and do not change. Database upgrades include the latest security patches. This educational webinar discusses these and other security myths along with practical guidelines for securing your Oracle Database.
Views: 663 Integrigy
Starting with version 12.1 and continuing with 12.2, the Oracle E-Business Suite delivers a considerable amount of new web service and mobile functionality (provided through REST) as core functionality. As this new functionality replicates much the same features as the traditional forms user interface, and can be now deployed through a DMZ, it needs to be properly secured. This presentation summarizes the new mobile and web services functionality and review their security features as well as recommend best practices for using them securely.
Views: 101 Integrigy
When you externally deploy Oracle E-Business Suite Internet enabled modules such as iSupplier, iRecruitment, or iStore, you have potentially opened your entire environment to the Internet including all your financial and HR data. There are specific risks and inherent weaknesses in an Oracle E-Business Suite external deployment that must be properly addressed to prevent data loss or malicious use. This education webinar follows our previous webinar "Into the Fire - The Risks of Deploying Oracle E-Business to the Internet" (available upon request at [email protected]) and will discuss additional steps required for a secure implementation beyond the Oracle recommended configuration, including deploying a web application firewall, a reverse proxy, and encryption.
Views: 341 Integrigy
In order to protect sensitive data, like Social Security numbers and credit cards data in an Oracle E-Business Suite (EBS) environment, encryption is the ideal solution. However, there are only limited encryption options supported and certified with Oracle EBS. This educational webinar reviews the encryption solutions available and supported for an Oracle EBS environment and provides best practices for encrypting and protecting sensitive data in the Oracle EBS database.
Views: 645 Integrigy
A review of the Oracle Critical Patch Update (CPU) for October 2011 and the impact on the Oracle E-Business. This presentation includes a discussion of individual security vulnerabilities fixed by the CPU and information on the CPU patches.
Views: 426 Integrigy
Credit card data breaches are headline news, thus organizations must properly protect credit card data or risk being tomorrow's headline. Oracle E-Business Suite implementations that "store, process, or transmit cardholder data" must comply with the new Payment Card Industry (PCI) Data Security Standard (DSS) 3.0 security standards regardless of size or transaction volume. PCI is focused on securely handling cardholder data, but also has a significant emphasis on General IT security. The difficultly with the Oracle E-Business Suite and achieving PCI compliance is that even though credit card processing may be only a one minor feature, the entire application installation must be fully PCI compliant due to the tight-integration and data model of the Oracle E-Business Suite. This webinar reviews the credit card processing within the Oracle E-Business Suite and provides general guidance for the Oracle E-Business Suite implementations on securing cardholder data and complying with relevant PCI DSS 3.0 requirements.
Views: 319 Integrigy
The upgrade from Oracle E-Business Suite (EBS) 11i to R12 is a unique opportunity to improve the security of your implementation by resolving existing security issues, configuring R12 securely, and taking advantage of new security features in R12. This one hour education session highlights R12 security changes and discuss a framework for a security focused R12 upgrade project. Topics include 11i and R12 differences and changes that impact security, R12 security enhancements and new features, and improving security throughout the R12 upgrade process.
Views: 305 Integrigy
When you externally deploy Oracle E-Business Suite Internet enabled modules such as iSupplier, iRecruitment, or iStore, you have potentially opened your entire environment to the Internet including all your financial and HR data. This educational webinar will discuss the risks and dangers associated with externally deploying the Oracle E-Business Suite and the steps required for a secure configuration including configuration of the responsibility governor and the URL firewall. Security measures that can be implemented to improve your security will also be discussed.
Views: 741 Integrigy
A review of the Oracle Critical Patch Update (CPU) for April 2011 and the impact on the Oracle E-Business. This presentation includes a discussion of individual security vulnerabilities fixed by the CPU and information on the CPU patches.
Views: 159 Integrigy
Enforcement of the European Union’s General Data Protection Regulation (GDPR) began on May 25, 2018, and this extensive new privacy law impacts all Oracle E-Business Suite environments that contain any personal information of EU residents. GDPR mandates good IT security practices and there are significant fines in the case of a breach or misuse of personal information. This educational webinar will review the current state of GDPR in context of an Oracle E-Business Suite environment and provide recommendations for securing the application in order to comply with the GDPR requirements based on lessons learned from the past year.
Views: 4 Integrigy