Oracle数据库安全.pptVIP

Implementing Oracle Database Security Objectives After completing this lesson, you should be able to do the following: Describe your DBA responsibilities for security Implement security by applying the principle of least privilege Manage default user accounts Implement standard password security features Describe database auditing Describe Virtual Private Database (VPD) Industry Security Requirements Legal: Sarbanes-Oxley Act (SOX) Health Information Portability and Accountability Act (HIPAA) California Breach Law UK Data Protection Act Auditing Security RequirementsFull Notes Page Separation of Responsibilities Users with DBA privileges must be trusted. Consider: Abuse of trust Audit trails protect the trusted position. DBA responsibilities must be shared. Accounts must never be shared. The DBA and the system administrator must be different people. Separate operator and DBA responsibilities. Database Security A secure system ensures the confidentiality of the data that it contains. There are several aspects of security: Restricting access to data and services Authenticating users Monitoring for suspicious activity Database SecurityFull Notes Page Principle of Least Privilege Install only required software on the machine. Activate only required services on the machine. Give OS and database access to only those users that require access. Limit access to the root or administrator account. Limit access to the SYSDBA and SYSOPER accounts. Limit users’ access to only the database objects required to do their jobs. Applying the Principle of Least Privilege Protect the data dictionary: Revoke unnecessary privileges from PUBLIC: Restrict the directories accessible by users. Limit users with administrative privileges. Restrict remote database authentication: Apply the Principle of Least Privilege Full Notes Page Managing Default User Accounts DBCA expires and locks all accounts, except: SYS SYSTEM SYSMAN DBSNMP For a manually created database, lock and expire any unu