Security Checklist: 10 Basic Steps to Make Your Database Secure from Attacks
(Doc ID 1545816.1)
Last updated on OCTOBER 06, 2021
Applies to:
Oracle Cloud Infrastructure - Database Service - Version N/A and laterOracle Database Backup Service - Version N/A and later
Oracle Database Cloud Exadata Service - Version N/A and later
Oracle Database Cloud Service - Version N/A and later
Oracle Database - Enterprise Edition - Version 8.1.7.0 to 12.1.0.2 [Release 8.1.7 to 12.1]
Information in this document applies to any platform.
Goal
This article provides a quick checklist to help enforce database security.
It serves as a starting point to help DBAs address basic security risks, and provides pointers to further reading and additional discussion.
Ask Questions, Get Help, And Share Your Experiences With This Article
Would you like to explore this topic further with other Oracle Customers, Oracle Employees, and Industry Experts?
Click here to join the discussion where you can ask questions, get help from others, and share your experiences with this specific article.
Discover discussions about other articles and helpful subjects by clicking here to access the main My Oracle Support Community page for Database Security
Click here to join the discussion where you can ask questions, get help from others, and share your experiences with this specific article.
Discover discussions about other articles and helpful subjects by clicking here to access the main My Oracle Support Community page for Database Security
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Goal |
| Solution |
| Step 1: Change passwords for SYS and SYSTEM |
| Step 2: Lock, expire, and change passwords for default or unused accounts |
| Step 3: Restrict access to the Oracle home and installation files |
| Step 4: Review database user privileges |
| Step 5: Revoke privileges from PUBLIC where not necessary |
| Step 6: Protect the data dictionary from unauthorized users |
| Step 7: Set security related parameters to their recommended values |
| a. remote_os_authent = false |
| b. sec_case_sensitive_logon = true |
| c. global_names = true |
| d. unset parameter utl_file_dir |
| Step 8: Protect listener and network connections |
| Automatic instance registration and CVE-2012-1675 |
| Encrypt sqlnet connections using network encryption. |
| Step 9: Protect the database host |
| Step 10: Check Oracle websites for Security Alerts and critical patches |
| Other Items to Consider |
| Further Reading |
| Online Discussion (My Oracle Support Community) |
| References |