Solved

Oracle security maintenance and monitoring

Posted on 2013-05-21
4
335 Views
Last Modified: 2013-07-15
I have been asked to identify some best practice "post implementation" (i.e. DB servers in production) routine security maintenance and monitoring tasks that a good DBA should be performing on routine basis. I was thinking along the lines of ensuring latest patches applied, occasional vetting DB level accounts and permissions once per quarter, ensuring no config changes have been made outsid change cotnrol etc. Can you give some pointers on any self audits you do to routinely reverify the security configuration of your Databases, and how often you do such checks.
0
Comment
Question by:pma111
  • 2
4 Comments
 
LVL 35

Expert Comment

by:YZlat
ID: 39184283
enable and configure auditing
0
 
LVL 23

Accepted Solution

by:
David earned 500 total points
ID: 39184304
1.  There are templates available to audit a system for irregularities, such as directory permissions, grants, your "routine" hardening.  I am partial to the DoD's STIG guidance, searchable on the web.  A STIG audit might be (should be?) run as part a new deployment, or similar change to your production environment.

2.  If you can run OEM, or Grid Control, there are many, useful event and threshold triggers scripted in.  Quest's FOGLIGHT is similar, and others.  I am far more productive, letting my system alert me to a problem, rather than to manually run maintenance scripts and scan the output.

3.  What does the customer require -- and is willing to pay for?  We all have to decide what risk (versus cost) is acceptable.

4.  My personal fave:  when was the last time the different recovery plans and scripts were tested?  A "typical" DBA might check that backups completed -- but that's a small part of the picture.  You should be able (and willing) to stand up your environment, in full, and to ensure that the time and effort was acceptable to management and client.
0
 
LVL 3

Author Comment

by:pma111
ID: 39184561
I appreciate there are hare hardeninig guides for when building systems, but I was more after what security checks you still need to perform after build stage when its put into production. It cant be a case of build in line with best practice and "set it and forget it".
0
 
LVL 23

Expert Comment

by:David
ID: 39326820
Many, many directions for that point to be pursued <smiles>.  All systems may be hacked, given sufficient resources.  Perhaps the biggest gap after a breech is to determine not just that data may have been changed, but to validate that no latent bugs were planted.  For example, the users' profiles have a package to control password rules.  During a backup recovery, who checks to confirm that the package hasn't changed?
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Querying data from 3 SQL tables 2 36
Email query results in HTML 6 31
corrupt Databases 9 65
join a table with user_tab_columns in oracle 3 50
Creating and Managing Databases with phpMyAdmin in cPanel.
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
This video explains at a high level with the mandatory Oracle Memory processes are as well as touching on some of the more common optional ones.
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question