• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

securitywing

Menu
  • About
  • Must Read
      • IIS Performance Boost
      • RFID Security
      • Web App Security Testing
      • How to Secure Home Network
      • Prevent Cross-Site Scripting Attacks
      • Renew Self-Signed Certificates
      • Penetration Testing Tools
      • VPN Concentrator
      • Forensic Investigation Tools
      • Digital Certificates
      • Cloud Security Issues
      • Advanced Evasion Prevention
      • Firewall Types
      • Tips to Prevent Data Exfiltration
      • Classified Info Handling
      • MySQL Security
      • Definition of 7 Types of Malware
      • VOIP Security
      • Why Antivirus Software Fails
      • 15 Network Security Vulnerabilities
      • Web App Security
      • IT Security Standards
      • Types of Virtualization
      • Android Security
      • Digital Signature
      • Advanced Malware Protection
    • Close
  • Consultancy
  • Contact

Oracle Security Basics

by wing

Popularity has a price to pay since everything on this world has its face value. And Oracle database software is no different than that. In this post, you may expect to have some basic idea on Oracle security and its risks. The features of Oracle that has security risks are:

  • System tables
  • Passwords
  • Privileges
  • Oracle Listener

basics of oracle database security

System Tables:as you know that the heart of the database is its table, which servers the main purpose of a database-storing data. The most important tables to protect are the systems tables such as SYS.USER_TABLES, SYS.USER_VIEWS, SYS.USER_OBJECTS, SYS.USER_TRIGGERS , SYS.USERS_CONSTRAINTS etc.


 list of system tables in oracle

As an information security professional, you need to assume that all these tables are secured and you need to audit Oracle security and privileges roles to make sure the privacy of the data. If you Oracle database are hosted in a Windows system, you can sue Oracle audit tool in order to automate the security checking process and you can find such tool at Oracle audit tool page of cqure.net site .

Passwords: After installing Oracle, you need to change the default password of Oracle, in addition to changing passwords; you can implement a strong password policy such as enforcing minimal length, complexity, lockout, expiration and avoiding reuse of passwords.

Privileges: Oracle has several types of privileges including system and object privileges, which are basically used to allow certain users to access certain objects in a database (for example tables are objects). You need to look out for misconfigured privileges in order to prevent unauthorized or unwanted persons from viewing you sensitive data.

Oracle Listener: the purpose of the listener service is to receive users’ requests and transfer them to the requested database. By default, Oracle use TCP port 1521 as a listening port. An Oracle administrator must need to change this port so as an attacker cannot make any easy guess. Remember that the listener is the first point of entry to a database and if it is not secured, it can reveal sensitive information about your database and the host operating system.

So, the basic steps you can take to make Oracle secure from its well-known vulnerabilities and threats are to change the listening port, audit the system tables and check the privilege levels for each users

Related Posts:

  • 20 Types of Database Security to Defend Against Data Breach
  • Database Security Issues and Countermeasures
  • Oracle Audit Setting Commands
  • MySQL Security Settings Checklist and Issues
  • Wordpress Backup & Restore:Database and Home Directory

Filed Under: IS Audit Tagged With: database

Primary Sidebar

CISSP Sample Test

Take a CISSP Sample Test

CISA IT governance Sample test



Twitter Follow @securitywing

Categories

  • AWS
  • containers
  • Internet Security and Safety
  • IS Audit
  • IT Security Exams
  • Network Security Tips
  • Off Track
  • Telecom
  • Tutorial

Pages

  • About
  • Best IT Security Certification Exam
  • CISA IT governance Sample test
  • CISA Sample Test
  • CISSP Sample Test Online
  • Consultancy
  • Contact

Popular Posts

  • 3 Steps to Install Miniku...
  • How to Renew Self-Signed...
  • How to Configure AAA (TAC...
  • How to Setup AWS CloudFro...
  • 8 Effective Ways to Impro...
  • 63 Web Application Securi...
  • How to install a new Goda...
  • 3 Easy Steps to Create an...
  • How to Configure SNMP in...
  • Yahoo Mail Security Setti...

Footer

Copyrights

Protected by Copyscape Duplicate Content Detection Software

Securitywing.com reserves the copyrights of all of its published articles.No contents of this site is permitted to be published to anywhere else in the Internet.If any contents are found in any other websites, securitywing reserves the rights to file a DMCA complaint. But you have the right to use the link of any relevant article of this site to point from your website if you consider that it might improve the quality of your article.

Tags

antivirus audit AWS backup browser check cisco cloud computer cyber data database encryption firewall home hsrp ids informaiton internet intrusion it kubernetes linux load balancing malware network protection putty risk router security security tips server ssh SSL switch tools virus vpn vulnerability web webserver website windows wordpress

Copyright © 2010-2023 ·All Rights Reserved · SecurityWing.com