Since 1999     References  |  Search more  | Oracle Syntax  | Free Online Oracle Training

    Home      .Services     Login       Start Learning     Certification      .                 .Share your BELIEF(s)...


. Online Accounting        .Copyright & User Agreement   |
    .Vision      .Biography     .Acknowledgement

.Contact Us      .Comments/Suggestions       Email2aFriend    |


Oracle 11g New Features

Online Oracle Training


Oracle 11g: Secure Configuration Guide checklist


I will follow the following secure configuration guide checklist. You can skip steps that they do not apply to your environment or it is not a concern for your organization.

1. Install only what is required

2. Lock and expire default user accounts

3. Change default user passwords

4. Enforce password management
    a. Complex password function
    b. Use of Oracle Advanced Security such as Kerberos

5. Enable data Dictionary protection
    If not set, any user with a DROP ANY TABLE will be able to maliciously drop a

    dictionary table.

6. Grant necessary privileges only

7. Revoke unnecessary privileges from PUBLIC
    PUBLIC acts as a default role granted to every user in an Oracle database.
    So, any user can exercise privileges that are granted to PUBLIC.
    Check the execute privileges on packages. The more powerful packages that may potentially

    be misused include:

8. Grant users role only if they need the role's privilege

9. Restrict permissions on run-time facilities: (Be more specific)

    call dbms_java.grant_permission('SCOTT','','<<ALL FILES>>','read');

    call dbms_java.grant_permission('SCOTT','','<<c:\mydirectory>>','read');

10. Authenticate clients properly
     Set the pfile or spfile, the following configuration parameter:

11. Limit the number of operating system users

12. Utilize a firewall if you have to

13. Never poke a hole through a firewall
     For example, don't leave open Oracle Listener's 1521 port to make a connection to the Internet or vice versa.

14. Prevent unauthorized administration of the Oracle Listener
     Set the listener.ora, the following security configuration parameter.

15. Check network IP addresses
     Set the protocol.ora, the followings Oracle Net parameters.

16. Encrypt Network traftic
     Using Oracle Advanced Security to encrypt or set sqlnet.ora parameters.

17. Harden the operating system
     Such as FTP, TFTP, TELNET, etc. Besure to close both the UDP and TCP ports for each  service that is being disabled. Disabling one type of port and not the other does not make the operating system more secure.

18. Apply all security patches and workarounds



Good Luck!


Web web site