There are various online resources that can help in securing the Oracle configurations like NIST, CISecurity, SAN, etc. There are various reasons why one still encounters Oracle servers with vulnerabilities. For instance, lack of adequate security teams is one reason why the databases experience misconfiguration. There is no third party or internal security professionals who can keep a tab on the database security. Thus, the security issues often go unnoticed. Another reason is that most of the organizations do not involve the DBAs with security problems. These professionals take care of the performance and availability of the databases but they might not be proficient enough to take care of the security configurations. Despite that fact that excellent online resources for implementing Oracle security configurations are available, these are not properly followed.
Here are some configurations which can be implemented for securing the Oracle database:
Locking default accounts:
Oracle accounts with default privileges pose the greatest threats that are frequently encountered. However, this is one of the issues that can be fixed without much trouble. Once it is installed Oracle has various numbers of default accounts and each one has a default preset value. Once the database is installed, the DBCA (database configuration assistant) locks most of the default user accounts, automatically and also expires them. The SYSTEM account is also altered by the DBCA and it is converted to the value that was mentioned in the installation routine.
It should be mentioned here that in case the database is manually installed then the DBCA does not execute. As a result the default user accounts are neither locked nor do they expire. The passwords and usernames are the same by default. This is the first thing that a hacker will try to use so that he can connect to the database. Thus, it is essential to secure each account with a strong password. In case these are not necessary they should be locked and made to expire.
Databases must use a strong SID
SID (Oracle system ID) is an exclusive value that is required so that the clients can connect to the Oracle database. Since it has to be exclusive, there cannot be more than one database with similar SIDs on a particular Oracle server. While creating a SID, there are certain parameters to which one should stick to. For instance, it should not be a dictionary word, there should be at least 10 characters and one should be a special character. If all these elements are present in Oracle SID it would be difficult for a hacker to get through to your database. It is important that the database is properly secured or else it will also affect the Oracle Business Intelligence system.
Oracle Critical Patch Updates should be applied properly
Oracle CPU can have a significant effect on the databases. Extensive regression testing has to be carried out to make sure that there would be no impact on the functionality of the databases. Critical Patch Updates or CPUs are updated by Oracle on a quarterly basis. The company also releases a special bulletin page describing the vital updates and advisories. All you need to do is install the latest one so that you get all the security patches from the very beginning.
Passwords for Oracle logins
Oracle has an impressive password management for the logins. However, these are seldom applied for the default account profiles. With the helps of this, a login can be applied to only one profile. However, in case an Oracle profile is not specified while creating the login it would be assigned directly to the default Oracle profile.
These tips can be successfully used to secure an Oracle database.
Author Bio: Vincent Simpson is a professional who has worked with Oracle Business Intelligence system. In this article he mentions useful tips which can be used to secure an Oracle Database.