Oracle 11g: Secure Configuration Guide checklist
I will follow the following secure configuration guide checklist. You
can skip steps that they do not apply to your environment or it is not a
concern for your organization.
1. Install only what is required
2. Lock and expire default user accounts
3. Change default user passwords
4. Enforce password management
a. Complex password function
b. Use of Oracle Advanced Security such as Kerberos
5. Enable data Dictionary protection
If not set, any user with a DROP ANY TABLE will be able to maliciously
6. Grant necessary privileges only
7. Revoke unnecessary privileges from PUBLIC
PUBLIC acts as a default role granted to every user in an Oracle
So, any user can exercise privileges that are granted to PUBLIC.
Check the execute privileges on packages. The more powerful packages
that may potentially
8. Grant users role only if they need the role's privilege
9. Restrict permissions on run-time facilities: (Be more specific)
10. Authenticate clients properly
Set the pfile or spfile, the following configuration parameter:
11. Limit the number of operating system users
12. Utilize a firewall if you have to
13. Never poke a hole through a firewall
For example, don't leave open Oracle Listener's 1521 port to
make a connection to the Internet or vice versa.
14. Prevent unauthorized administration of the Oracle Listener
Set the listener.ora, the following security configuration
15. Check network IP addresses
Set the protocol.ora, the followings Oracle Net parameters.
16. Encrypt Network traftic
Using Oracle Advanced Security to encrypt or set sqlnet.ora
17. Harden the operating system
Such as FTP, TFTP, TELNET, etc. Besure to close both the UDP and
TCP ports for each
that is being disabled. Disabling one type of port and not the other
does not make the operating system more secure.
18. Apply all security patches and workarounds