This section lists a series of simple steps that can greatly improve the security of the core Oracle DBMS.
Perhaps the easiest way to compromise an Oracle server is to guess a username and password. Oracle provides excellent user management facilities and these facilities can be used to dramatically improve security. This section shows you how.
All unused accounts should be locked and expired. You can do this using the Database Configuration Assistant tool.
Define a user account naming standard, such as first initial/lastname; for example, jsmith. When creating new accounts this naming standard should be used. All new user account creation should be authorized by a designated Security Officer.
Your Oracle installation is only as strong as the weakest password. This section can help you to eliminate weak passwords from your server.
The passwords of all default accounts should be changed. Special attention should be paid to the SYS, SYSTEM, CTXSYS, MDSYS, DBSNMP, and OUTLN accounts. New passwords can be set using SQL*Plus using the “ALTER USER username IDENTIFIED BY newpassword” statement.
Passwords should be easy to remember but difficult to guess. Password length should be at least 10 characters or more and be alphanumeric. This should be enforced using a password verification function. Once the function is created for ...