Abstract
In this paper we summarize good practices on how to achieve compliance for an Oracle database in combination with an ERP system. We use an integrated approach to cover both the management of vulnerabilities (preventive measures) and the use of logging and auditing features (detective controls). This concise overview focusses on the combination Oracle and SAP and it’s dependencies, but also outlines security issues that arise with other ERP systems. Using practical examples, we demonstrate common vulnerabilities and coutermeasures as well as guidelines for the use of auditing features.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
SAP AG, TCP/IP Ports Used by SAP Applications: https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/ docs/library/uuid/4e515a43-0e01-0010-2da1-9bcc452c280b
Portscanner nmap: http://nmap.org
Oracle Auditing Tools: http://www.cqure.net/
SAP AG, SAP Security Guide: http://help.sap.com/saphelp_nw04/helpdata/en/ed/18cc38e6df4741a26 4bddcd4f98ae2/frameset.htm
SAP AG, SAP Note 1140644: http://service.sap.com/notes
ISO/IEC 27001:2005(E)
SAP AG, SAP Note 105047: http://service.sap.com/notes
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2009 Vieweg+Teubner | GWV Fachverlage GmbH, Wiesbaden
About this chapter
Cite this chapter
Hölzner, S., Kästle, J. (2009). Managing vulnerabilities and achieving compliance for Oracle databases in a modern ERP environment. In: Pohlmann, N., Reimer, H., Schneider, W. (eds) ISSE 2008 Securing Electronic Business Processes. Vieweg+Teubner. https://doi.org/10.1007/978-3-8348-9283-6_31
Download citation
DOI: https://doi.org/10.1007/978-3-8348-9283-6_31
Publisher Name: Vieweg+Teubner
Print ISBN: 978-3-8348-0660-4
Online ISBN: 978-3-8348-9283-6
eBook Packages: Computer ScienceComputer Science (R0)