Oracle Database Server
This section lists a series of simple steps that can greatly improve the security of the core Oracle DBMS.
Accounts
Perhaps the easiest way to compromise an Oracle server is to guess a username and password. Oracle provides excellent user management facilities and these facilities can be used to dramatically improve security. This section shows you how.
Lock and Expire Unused Accounts
All unused accounts should be locked and expired. You can do this using the Database Configuration Assistant tool.
New Account Creation
Define a user account naming standard, such as first initial/lastname; for example, jsmith. When creating new accounts this naming standard should be used. All new user account creation should be authorized by a designated Security Officer.
Passwords
Your Oracle installation is only as strong as the weakest password. This section can help you to eliminate weak passwords from your server.
Change Default Passwords
The passwords of all default accounts should be changed. Special attention should be paid to the SYS, SYSTEM, CTXSYS, MDSYS, DBSNMP, and OUTLN accounts. New passwords can be set using SQL*Plus using the “ALTER USER username IDENTIFIED BY newpassword” statement.
Define and Enforce a Good Password Policy
Passwords should be easy to remember but difficult to guess. Password length should be at least 10 characters or more and be alphanumeric. This should be enforced using a password verification function. Once the function is created for ...
Get The Database Hacker's Handbook: Defending Database Servers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
