Solved

Top Level Oracle RDBMS Security

Posted on 2013-05-22
2
431 Views
Last Modified: 2013-06-07
1) Aside from:
- applying the latest security patches,
-ensuring you enforce strong passwords and password policies (non default passwords for DB accounts),
- assign only the appropriate permissions to those database accounts,
- ensure the database files are only accessible on the hosting server by the appropriate admin,

What other security best practices are there (specific to the oracle database product not the hosting OS) that should be considered?


2) Where exactly can you see where the RMAN backup is being written to?
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 11

Accepted Solution

by:
mohammadzahid earned 250 total points
ID: 39189400
set dictionary accessibility parameter to setting that can only get viewed by DBA.
I think parameter is o7_dictionary_accessibility (look up Oracle documentation on setting parameters)
0
 
LVL 23

Assisted Solution

by:David
David earned 250 total points
ID: 39189477
My contribution would be to ensure all personally identifiable information (PII) was identified, and encrypted, wherever the data was at rest:  in a tablespace, file system, dump file, backup file, etc.  Don't forget to protect (or preferably eliminate) storage of reports and data extractions that are in clear text.

Then, secondarily, go after the PII data in motion:  networks, devices, etc.

You would do well to look into the DoD standards and templates for evaluating a system.  There are checklists which can show levels of severity, so that I can persuade my accountant what must be focused upon.
0

Featured Post

MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Database Owner 3 43
SQL Query Works in SQL 2008 & 2012 But Not SQL 2016 15 98
emailing registered email addresses in phpmyadmin 5 63
Batch convert csv to xlsx 10 51
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
A Stored Procedure in Microsoft SQL Server is a powerful feature that it can be used to execute the Data Manipulation Language (DML) or Data Definition Language (DDL). Depending on business requirements, a single Stored Procedure can return differe…
This video explains at a high level about the four available data types in Oracle and how dates can be manipulated by the user to get data into and out of the database.
This video shows information on the Oracle Data Dictionary, starting with the Oracle documentation, explaining the different types of Data Dictionary views available by group and permissions as well as giving examples on how to retrieve data from th…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question