Database Security has always been a concern for a Database Administrator. However, Oracle
Database is very much secure, even then there are gaps which has to be filled by DBA to
make Oracle Database Secure.
Oracle Database Security involves many aspects like security at OS Level, Network Level, S/W
level etc. Here, I am listing 10 best practices for Oracle Database Security.
Same in case of O/S software, Check for Database Server vendor site and apply security patches
recommended by vendor.
CONNECT_TIMEOUT is another help for DBA to make sure Database connection from client
to server completes in give seconds. DBA has to add CONNECT_TIMEOUT parameter in to
$TNS_ADMIN/listener.ora file to specifies the time, in seconds, for a client to establish an
Oracle Net connection to the database instance.
ADMIN_RESTRICTIONS_{LISTENER_NAME}=ON
For example,
ADMIN_RESTRICTIONS_LISTENER=ON
This will make a change in "lsnrctl status" output from "Security ON: Local OS
Authentication" (default) to "Security OFF"
LSNRCTL> change_password
Old password:
New password:
Reenter new password:
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
Password changed for LISTENER
The command completed successfully
Now, DBA will see "Security ON: Password" in "lsnrctl status" , but now you need a password
to check listener status. Here password is 123.
LSNRCTL> STATUS
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.2.0 - Production
Start Date 06-MAY-2013 09:52:38
Uptime 0 days 0 hr. 16 min. 28 sec
Trace Level off
Security ON: Password
SNMP OFF
To disable XDB, remove or comment out the line in init.ora/spfile.ora that reads
*.dispatchers='(PROTOCOL=TCP) (SERVICE=sidXDB)'
6 rows selected.
SQL> @ $ORACLE_HOME/rdbms/admin/utlpwdmg.sql
Function created.
Profile altered.
Function created.
AUDIT_TRAIL = OS
Set parameter AUDIT_FILE_DEST to the directory where the audit records should be
stored.When not set,AUDIT_FILE_DEST defaults to $ORACLE_HOME/rdbms/audit. In this
example, the database places audit records in directory /u01/app/oracle/admin/audit.
AUDIT_FILE_DEST = /u01/app/oracle/admin/audit
Restart the database for these parameters to take effect.Note, the database generates some audit
records by default, whether or not AUDIT_TRAIL is enabled. For example, Oracle automatically
creates an operating system file as an audit record when a user logs in as SYSDBA or as
INTERNAL.
There could be some more tips for making Database Secure. Please suggest if you know few
more.