Security Check List or Security issue of Oracle Database
==========================================
1 : Change the password for SYS and SYSTEM.
2 : Lock, remove or change passwords for default unused accounts.
3 : Check privileges and limit SYS privilege.
4 : Set REMOTE_OS_AUTHENT init.ora parameter to FALSE
for avoiding remote users OS authentication.
5 : Protect the dictionary from unauthorized users.
such as Set O7_DICTIONARY_ACCESSIBILITY to FALSE.
6 : Revoke privileges from PUBLIC where not necessary
Such as for example for the UTL_FILE package.
7 : Verify database file security
8 : Limit the number of OS users on the database host
9 : Remove unnecessary services from the database host (e.g. FTP).
10: On a regular basis, check Metalink for Security alerts and patches.
or here http://www.oracle.com/technetwork/topics/security/alerts-086861.html
11. How well compartmentalized is your system ?
12. Do people have administrative passwords who really do not need them ?
13. Change passwords often, then monitor and audit. It is worth the extra time and
overhead.
14. Physical security is vital, as always. Your server is safely locked away, but
how about your backup tapes ?
15. If you needed to restore your system tomorrow, do you have everything you need
offsite ?
16. you can use Database Scanner 3.0 from Internet Security Systems (ISS: www.iss.net/products)
another one is here Secure.Data from Protegrity (www.protegrity.com)
Everything Changes
2 weeks ago
No comments:
Post a Comment