Less_11OracleDatabaseSecurity.pptVIP

Oracle Database Security Objectives After completing this lesson you should be able to do the following: Apply the principal of least privilege Manage default user accounts Implement standard password security features Audit database activity Database Security A secure system ensures the confidentiality of the data it contains. There are several aspects of security: Restricting access to data and services Authenticating users Monitoring for suspicious activity Database SecurityFull Notes Page Apply the Principle of Least Privilege Protect the data dictionary Revoke unnecessary privileges from PUBLIC Restrict the directories accessible by users Limit users with administrative privileges Restrict remote database authentication Protect the Data Dictionary Protect the data dictionary by ensuring the following initialization parameter is set to FALSE: This configuration prevents users with ANY TABLE system privileges from accessing data dictionary base tables. A FALSE setting also prevents user SYS from logging in as anything other than SYSDBA The default value of this parameter is FALSE. If you find it set to TRUE, ensure there is a good business reason. Revoke Unnecessary Privilegesfrom PUBLIC Revoke all unnecessary privileges and roles from the database server user group PUBLIC. Many built-in packages grant EXECUTE to PUBLIC. Execute on the following packages should usually be revoked from PUBLIC: UTL_SMTP UTL_TCP UTL_HTTP UTL_FILE DBMS_OBFUSCATION_TOOLKIT Example: Revoke Unnecessary Privileges from PUBLIC - Full Notes Page Restrict the Operating System Directories Accessible by the User The UTL_FILE_DIR configuration parameter: Designates which directories are available for PL/SQL file I/O Enables database users to read or write from the listed directories on the database server Limit Users with Administrative Privileges Restrict the following types of privileges: Grants of system and object privileges SYS-privileged connections: SYSDBA and SYSOPER DBA-type priv