Extract(Read) > Transform(Test&Apply) > Load(Learn) Blog

January 9, 2007

Project Lockdown by Arup Nanda

Filed under: Oracle Security — H.Tonguç Yılmaz @ 2:52 pm

A great article by Mr.Arup Nanda, as usual, also one of the best series on Oracle I have ever read. Mr.Arup Nanda was named “DBA of the Year” by Oracle Magazine in 2003 and he is an Oracle ACE.

This article discusses a phased approach to securing your database infrastructure, here are the highlights;

Phase 1 – Duration: One Day
1.1 Remove Default Passwords
1.2 Configure Oracle Binary Permissions
1.3 Secure Other Executables
1.4 Use umask
1.5 Limit SYSDBA Login
1.6 Create a Listener Password
1.7 Protect the Listener
1.8 Trim Sweeping Privileges
1.9 Change DBSNMP Password

Phase 2 – Duration: One Week
2.1 Remove utl_file_dir
2.2 Limit OS Authentication
2.3 Disable Remote OS Authentication
2.4 Secure SQL*Plus Using Product Profile
2.5 Rein In SQL*Plus
2.6 Wrap Sensitive Code
2.7 Convert Derived Grants to Direct Grants
2.8 Limit Tablespace Quotas
2.9 Monitor Listener Logs for Attempted Break-Ins
2.10 Audit and Analyze User Access

Phase 3 – Duration: One Month
3.1 Remove Passwords from Scripts
3.2 Remove Password from RMAN
3.3 Move DBA Scripts to Scheduler
3.4 Lock Down Objects
3.5 Create Profiles of Database Users
3.6 Create and Analyze Object Access Profiles
3.7 Enable Auditing for Future Objects
3.8 Restrict Access from Specific Nodes Only

Phase 4 – Duration: One Quarter
4.1 Enable Fine Grained Auditing
4.2 Activate a Virtual Private Database
4.3 Mask Sensitive Columns
4.4 Encrypt Sensitive Data
4.5 Secure Backups
4.6 Mine History from Archived Logs
4.7 Conclusion

Continue reading the whole article.

Also you may want to check Mr.Arup Nanda’s below two articles, one of the all time most read articles on Oracle Technology Network published articles;

Oracle Database 10g: The Top 20 Features for DBAs

Oracle Database 10g: Top Features for DBAs Release 2 Features Addendum

3 Comments »

  1. […] Filed under: Oracle 10g New Features — H.Tonguç Yılmaz @ 7:58 am In my Project Lockdown by Arup Nanda post I mentioned Mr.Arup Nanda’s below two articles, one of the all time most read articles […]

    Pingback by "What's New in" series on http://tahiti.oracle.com « H.Tonguç YILMAZ Oracle Blog — April 17, 2007 @ 7:58 am | Reply

  2. […] 11G database on OTN Mr.Arup Nanda is again preparing one of his great top features series for 11g Amis Blogs on 11g new features […]

    Pingback by Welcome 11g « H.Tonguç YILMAZ Oracle Blog — August 9, 2007 @ 12:04 pm | Reply

  3. Encrypting Tablespaces – http://www.oracle.com/technology/oramag/oracle/09-jan/o19tte.html

    Comment by H.Tonguç Yılmaz — December 31, 2008 @ 7:39 am | Reply


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: