Tuesday, February 26, 2013

How to keep your Oracle database secure?

Every database contains sensitive data of an organization. So it is important to secure and protect database from attackers. Similarly if you are storing your confidential data in Oracle database, you should know how to keep it secure. So let's discuss how you can make your Oracle database more secure.
Securing User Access by choosing a secure password
  1. Default passwords are easy to hack so change them and choose a complex password.
  2. Use different password for each schema.
  3. Use longer passwords consist of mixed letters.
  4. Change your password time to time.
  5. At the time of installation of Oracle, you can decide how much time a user can enter incorrect password before getting his account deactivated.
  6. Store your password in unreadable format in Oracle database.
Securing User accounts
  1. Don't provide unnecessary privileges to database users.
  2. Restrict the SYSTEM and OBJECT privileges.
  3. Restrict the number of users who can create, modify or delete database object.
  4. Grant CREATE ANY JOB, EXP_FULL_DATABASE and BECOME USER privilege only to those users who needs them.
  5. Grant CREATE PUBLIC SYNONYM and DROP PUBLIC SYNONYM only to trusted users.
Securing Roles
  1. Application developer should not be granted user role.
  2. Create global roles for enterprise users.
  3. Define role according to the job responsibility of user.
Securing Data
  1. Protect the data dictionary as any modification in it can drastically affect the database performance.
  2. To protect data dictionary, set 07_DICTIONARY_ACCESSIBILITY = FALSE.
  3. Limit the number of user accessing OS.
  4. Provide the path or file to the database carefully so that no body can modify it.
  5. Only DBA should have access of files and their paths.
  6. Use transparent data encryption technique to protect your data.
Securing Installation and Configuration
  1. Before the installation of Oracle database on UNIX system, set the Oracle owner account umask value to 022.
  2. Don't install unnecessary products.
  3. Use custom installation feature to avoid unnecessary installation.
  4. Lock the default user account after installation of Oracle database.
Securing the Network
  1. Use Enterprise Manager Database Control while monitoring listener activity.
  2. No need of setting a password in the listener.ora file.
  3. Prevent Oracle listener from unauthorized access.
  4. Use firewall to prevent your database from outside access.
  5. Configure firewall to accept data only from safe sources.

No comments:

Post a Comment