Upcoming Event: Official Exhibitor at Ascend 2022 in Las Vegas | June 12th - 15th
Best Practices For Oracle Database Security
Oracle Database Security
Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp
Share on pinterest
Share on reddit
Share on email
Share on print
Learn how to proactively manage your access and admin rights to best protect your system and thwart security threats.

Trust no one. This isn’t just a reference to an old David Navarro album, it’s the best policy when it comes to setting security practices for your Oracle Database. Learn how to proactively manage your access and admin rights to best protect your system and thwart security threats.

What Built-in Tools Improve Oracle Database Security?

To fully ensure Oracle Database Security in your ecosystem, make use of the following components:

There are also best practices that help you keep your data safe.

How Can You Effectively Manage Passwords?

Administrators no longer store system credentials in unencrypted files or scripts. Now, the Secure Password Store feature lets you build a wallet file to safely store database logins and passwords.

Combine this measure with the following password protection tools:

Verify Password Complexity: The password verification function is a PL/SQL script labeled UTLPWDMG.SQL found it the directory at $ORACLE_HOME/rdbms/ admin. By default, it’s disabled.

Log into SQL*Plus with administrative privileges to run it. CONNECT SYS/AS SYSDBA

Enter password: password @$ORACLE_HOME/RDBMS/ADMIN/utlpwdmg.sql

You can change the default parameters to suit your needs. For example, case-sensitivity is enabled by default but may not be desirable if you prefer to minimize the complexity somewhat.

Account Lockout: By default, accounts are locked after 3 invalid attempts within a specified time frame. This thwarts brute-force cyberattacks. Here is the related parameter:

FAILED_LOGIN_ATEMPTS 3 PASSWORD_LOCK_TIME 10

The lock time argument is set to 10 days.

There’s a handy INACTIVE_ACCOUNT_TIME parameter to lock unused accounts (in days).

Should You Change Default Audit Settings?

Starting with Oracle 12c, the company introduced a Unified Audit Data Trail that contains the features of SYS.AUD$, SYS.FGA_LOG$and DVSYS.AUDIT_TRAIL$

This uber-function creates a comprehensive audit trail for detailed sleuthing (SYS.FGA_LOG$) and combing through Oracle Label Security and the Database Vault (DVSYS.AUDIT_TRAIL$).

What Tools Facilitate Strong Authentication Methods?

User authentication is paramount in distributed environments. Besides default authentication, Oracle Database is compatible with third-party protocols and services.

Here are some examples:

  • Kerberos: Authentication protocol designed primarily for a client-server model
  • Secure Socket Layer (SSL): Industry standard used to secure network connections
  • Remote Authentication Dial-In User Service (RADIUS): Client/server model-based security protocol enabling remote access and authentication

Control database access with system tools like Oracle wallet security, grant security, and virtual private databases. Note that remote database access requires secure key access via VPN or shell (SSH).

Manage Sensitive Data

Leaked sensitive data has repercussions for the company, customers and vendors. That’s why you should treat personal health information, intellectual property and proprietary information with extreme care.

First, identify its location. To search across multiple platforms, use a built-in utility, Oracle’s Transparent Sensitive Data Protection. DBAs administer databases while stakeholders own the data. Use the data masking feature to keep the data secure.

What Are Some Other Security Tools?

Database protection needs to receive equal billing with data security. Here are three tools that can make that happen:

  • Database Activity Monitoring: Though pricey, DAM tools are extremely useful. They give you real-time visibility of all database activity. DBAs receive a notification if suspicious activity occurs. Combined with a SIEM system, it lets you perform real-time threat analysis
  • Database Firewall: The database firewall gatekeeps inbound and outbound traffic and prevents SQL injection as well as unauthorized access
  • Database Traffic Encryption: Oracle Advanced Security Database has a data encryption tool, but third-party solutions can also be integrated

SoftArt Solutions follows best practices for Oracle Database Security on every implementation and project. Contact us for assistance with Oracle Database. We are an Oracle Gold Partner serving clients across numerous industries and geographies.

More
articles