Print this - Gartner: Don't let security slip over Oracle apps - Software - Breaking Business and Technology News at silicon.com

To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/security/0,39024655,39155901,00.htm

Gartner: Don't let security slip over Oracle apps
Be "more aggressive"...

By Munir Kotadia

Published: Wednesday 25 January 2006

Analyst group Gartner has warned IT managers to be "more aggressive" when protecting their Oracle applications because, according to Gartner, they are not getting enough help from the database giant.

Gartner published an advisory on its website just days after Oracle's latest quarterly patch cycle, which included a total of 103 fixes with 37 related to flaws in the company's database products. Some of the flaws carry Oracle's most serious rating, which means they're easy to exploit and an attack can have a wide impact.

According to the advisory, which was posted on Monday by Gartner analyst Rich Mogull, "the range and seriousness of the vulnerabilities patched in this update cause us great concern... Oracle has not yet experienced a mass security exploit but this does not mean that one will never occur".

Mogull said that because Oracle has historically been seen as having very strong security and many of Oracle's products are located "deep within the enterprise", IT managers often neglect their patching duties.

Mogull, who advises managers to pay more attention to securing their Oracle applications, added: "Moreover, patching is sometimes impossible, due to ties to legacy versions that Oracle no longer supports. These practices are no longer acceptable."

He said IT managers should:

Immediately shield these systems as well as possible, using firewalls, intrusion prevention systems and other technologies.
Apply available patches as rapidly as possible.
Use alternative security tools, such as activity-monitoring technologies, to detect unusual activity.
Put pressure on Oracle to change its security management practices.

Oracle did not immediately respond to requests for comment.

In response to the Oracle patch release, Symantec raised its ThreatCon global threat index to Level 2, which means an outbreak is expected. It typically does that after a patch release because malicious hackers might use the fixes as a blueprint for attacks.

CNET News.com's Joris Evers contributed to this report

Munir Kotadia writes for ZDNet Australia

Site Navigation:

Quick Sitemap Links:

Home

Membership Centre

About Us

Search

FAQ

News

Management news

Software news

Hardware news

Networks news

IT Services news

Comment & Analysis

Blogs

White Papers

Jobs

Resources

Videos

Verticals

CIO Jury

CxO Extra

Research

Special Reports

Advertising Features

White Papers

Data Management white papers

Desktops, Laptops & OS white papers

Enterprise Applications white papers

IT Management white papers

Network & Communications white papers

Professions & Industries white paper

Security white papers

Servers & Server OS white papers

Software & Web Development white papers

Storage white papers

CNET Networks UK

CNET Networks in Europe

CNET Networks in the United States

CNET Networks in Asia Pacific