In the following list are a few things that need to be considered outside of the database:
Operating system security Unless the Oracle database is running on its own dedicated
hardware with only the root and oracle user accounts enabled, operating system security
must be reviewed and implemented. Ensure that the software is installed with the oracle
account and not the root account. You may also consider using another account instead
of oracle as the owner of the software and the database files, to eliminate an easy target
for a hacker. Ensure that the software and the database files are readable only by the
oracle account and the group that oracle belongs to. Other than the Oracle executables
that require it, turn off the SUID (set UID, or running with root privileges) bit on files that
don??™t require it. Don??™t send passwords (operating system or Oracle) to users via e-mail
in plain text. Finally, remove any system services that are not required on the server to
support the database, such as telnet and ftp.
Securing backup media Ensure that the database backup media??”whether tape, disk, or
CD/DVD-ROM??”is accessible by a limited number of people. A secure operating system
and robust, encrypted passwords on the database are of little value if a hacker can obtain
backup copies of the database and load them onto another server. The same applies to
any server that contains data replicated from your database.
Background security checks Screening of employees that deal with sensitive database
data??”whether it be a DBA, auditor, or operating system administrator??”is a must.
Pages:
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472