Locking Down the Grid

Core to security in Oracle's upcoming 10g grid technology will be a component called Oracle Internet Directory.

Core to security in Oracle Corp.s upcoming 10g grid technology will be a component called Oracle Internet Directory, an LDAP directory with an Oracle database back-end that leverages the databases scalability, high availability and security features, according to Oracle Chief Security Officer Mary Ann Davidson.

In an interview with eWEEK, Davidson said that Oracle Internet Directory, which is also a component in Oracle9i, is part of identity and access management features of 10g that are "particularly critical for grid."

"Without identity management, you cant reap the benefits of the flexibility of grid computing," she said. 10gs identity and access management features will enable enterprises to provision users and network resources in one central place, as well as to define what applications and systems given users are allowed to access. From one spot, administrators will be able to provision, deprovision, create credentials for users, specify new applications, add new server resources and allow for resources to participate in single sign-on, Davidson said.

Having an easy way to identify and provision users and resources will be critical to the success or failure of grid computing, which in Oracles view relies on the quick and easy provisioning of computing resources as needs dictate. As it is, security experts and users fear that the pools of low-cost commodity servers promised in 10g will actually be cesspools of security vulnerabilities.

"Any distributed architecture is by nature, as more nodes are attached and more ports opened, more prone to security risk," Craig Read, IT director at MTrilogix Inc., in Toronto, and president of the Toronto Oracle Users Group, said in an e-mail interview. "If a company does not have a coherent plan to manage database and application security [and many dont], 10g will make their lives miserable."

Indeed, the idea of adding a multitude of commodity Lintel (Linux/Intel) server grid nodes at a pop should be a daunting one to DBAs, said Aaron Newman, CTO and co-founder of Application Security Inc., in New York. "Theres a question that now that you have 50 grid computers rather than one grid computer, you have a little more work to lock down 50 instead of one," he said. "Which leads to the fact that you need to automate the process at this point. Theres an ever-growing need with 10g to automate and find tools to help you lock all these things down. Youre going to be dealing with a lot more systems."

Davidson said that such fears are groundless and that Oracles grid technology is inherently more secure than most enterprise infrastructures. "Grid natively in a way has some defensibility, because if a resource fails or is compromised, you have failover," she said. "Its transparent, and you can get other resources without having to unplug the box and cable everything.

"Another aspect of security is when we deliver our products, part of our overall release criteria is to make things secure by default," Davidson said. "Theres a construct of, Is it installed securely, and is it hardened properly?"

Other familiar security ghosts have been lurking in the halls of grid, such as the perennial problem of public privileges or grants. This long-standing security vulnerability ships with almost every major database, including Oracle, Microsoft Corp.s SQL Server and Sybase Inc. databases.

ASIs Newman said that his research shows the grants often harbor PL*SQL injection—executable code that can be maliciously exploited. The problem is, you cant just turn off the grants—particularly in a production environment—without running the risk of breaking something.

The specter of public grants rose once again at OracleWorld last week during a security panel that included Davidson, Newman and Gartner Inc. analyst John Pescatore. One audience member managed to stump the panel when he asked how he could turn off the grants in Oracle9i without breaking anything.

"The gentleman had obviously run [ASIs security scanning tool] and gotten those reports back," Newman said. "If he turns them off, it might break something. Even Oracle says, We dont know what will happen if you turn that off. Ninety-nine percent can be turned off without a problem. It depends on what youre running."