Evaluated Configuration for - Oracle

Evaluated Configuration for

Oracle Database 11g Release 2 (11.2.0.2)

November 2011

Security Evaluations Oracle Corporation 500 Oracle Parkway Redwood Shores, CA 94065

1

Evaluated Configuration for Oracle Database 11g Release 2 (11.2.0.2) November 2011 Issue 0.3.1

Evaluated Configuration for Oracle Database 11g Release 2 (11.2.0.2)

November 2011

Author: Saad Syed, modifications made by Courtney Cavness, Trang Huynh Contributors: Peter Goatly, Shaun Lee, Sebastian Mayer This document is based on the equivalent document for Oracle11g Release 1, Issue 0.7 [ECD_10] used in the last Common Criteria Evaluation of Oracle11g. The contributions of the many authors of the precursors to this document are acknowledged.

Copyright ? 1999, 2009, 2011 Oracle Corporation. All rights reserved. This documentation contains proprietary information of Oracle Corporation; it is protected by copyright law. Reverse engineering of the software is prohibited. If this documentation is delivered to a U.S. Government Agency of the Department of Defense, then it is delivered with Restricted Rights and the following legend is applicable:

RESTRICTED RIGHTS LEGEND Use, duplication or disclosure by the Government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of DFARS 252.227-7013, Rights in Technical Data and Computer Software (October 1988). Oracle Corporation, 500 Oracle Parkway, Redwood City, CA 94065. The information in this document is subject to change without notice. If you find any problems in the documentation, please report them to us in writing. Oracle Corporation does not warrant that this document is error free.

Oracle is a registered trademark and Oracle Database 11g, Oracle9i, PL/SQL, Oracle Enterprise Manager, Oracle Call Interface, SQL*Plus, SQL*Loader, Oracle Net and Oracle Label Security are trademarks or registered trademarks of Oracle Corporation. Other names may be trademarks of their respective owners.

2

Evaluated Configuration for Oracle Database 11g Release 2 (11.2.0.2) November 2011 Issue 0.3.1

Contents

1 Introduction........................................................................................................5

1.1 Intended Audience........................................................................................................................................5 1.2 Organization.................................................................................................................................................6 1.3 Format..........................................................................................................................................................6 1.4 Physical Delivery of the TOE .........................................................................................................................6 1.5 Electronic Delivery of the TOE ......................................................................................................................7 1.6 Verification of guidance documentation......................................................................................................8 1.7 Overview of Security Functionality ...............................................................................................................9

2 Physical Configuration and Procedural Requirements ...............................11

2.1 Physical Environmental Assumptions.........................................................................................................11 2.2 Supporting Procedures ...............................................................................................................................12

3 Host Configuration ..........................................................................................16

3.1 Operating System.......................................................................................................................................16 3.2 Network Services ........................................................................................................................................20 3.3 Client Applications......................................................................................................................................20

4 Oracle Configuration.......................................................................................22

4.1 O-RDBMS Server.........................................................................................................................................22 4.2 Oracle Network Services.............................................................................................................................28 4.3 Unsupported features in the evaluated configuration ...............................................................................29

3

Evaluated Configuration for Oracle Database 11g Release 2 (11.2.0.2) November 2011 Issue 0.3.1

5 Step by Step Guide...........................................................................................32

5.1 Operating System Installation / Configuration ..........................................................................................32 5.2 Oracle Database 11g Server Installation / Configuration ..........................................................................32 5.3 Installation of Patch Set for Oracle Database 11g (11.2.0.2) ....................................................................34 5.4 Installation of Critical Patch Updates July 2011 and October 2011 ........................................................34 5.5 Configuration of Oracle Database 11g RDBMS..........................................................................................35 5.6 Configuration of Real Application Clusters (RAC).......................................................................................37 5.7 Client Installation .......................................................................................................................................38 5.8 Oracle Client Applications ..........................................................................................................................38

A Password Profile Controls ..............................................................................40

A.1 Password for Enterprise Users....................................................................................................................40 A.2 Rationale ....................................................................................................................................................41 A.3 ProfileA.......................................................................................................................................................42 A.4 ProfileB .......................................................................................................................................................43 A.5 Modifying utlpwdmg.sql ............................................................................................................................44

B TOE Components ...........................................................................................46

C Logging Trigger Examples .............................................................................48

C.1 Restricting session establishment by time of day and day of week ...........................................................48 C.2 install.sql ....................................................................................................................................................53 C.3 deinstall.sql ................................................................................................................................................54 C.4 audit_trail.sql .............................................................................................................................................55 C.5 package.sql................................................................................................................................................55

D References........................................................................................................62

4

Evaluated Configuration for Oracle Database 11g Release 2 (11.2.0.2) November 2011 Issue 0.3.1

CHAPTER

1

Introduction

The Target of Evaluation (TOE) is the Oracle Database 11g Release 2 (11.2.0.2)

Object-Relational Database Management System (O-RDBMS) Standard and Enterprise Edition. The TOE is hosted on the following operating system platforms, all of which have been evaluated for compliance with the Controlled Access Protection Profile [CAPP], which is required by the TOE: Oracle Enterprise Linux Edition Version 5 (Update 5) Red Hat Enterprise Linux 5 (Release 5) SuSE Linux Enterprise Server 11 This Evaluated Configuration for Oracle Database 11g document explains the manner in which the TOE must be configured along with the host operating system and network services so as to provide the security functionality and assurance as required under the Common Criteria for Information Technology Security Evaluation [CC]. The assumptions and procedures stated in the document are all (by and large) intended to remove potential vulnerabilities or attack paths from the TOE in its environment. The Evaluation Assurance Level for the TOE is EAL4 augmented with ALC_FLR.3. The Protection Profile used for the evaluation of the TOE is the Database Management Systems in Basic Robustness Environments, Version 1.3 [BR-DBMSPP]. The Security Target used for the evaluation of the TOE is [ST]. Note: This guide supersedes any other guidance documentation in case of conflicting statements.

1.1 Intended Audience

The intended audience for this document includes evaluators of the TOE, system integrators who will be integrating the TOE into systems, and accreditors of the systems into which the TOE has been integrated.

5

Evaluated Configuration for Oracle Database 11g Release 2 (11.2.0.2) November 2011 Issue 0.3.1

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download