securitywing

You are here: Home / IS Audit / Oracle Security Basics

Oracle Security Basics

by Leave a Comment

Popularity has a price to pay since everything on this world has its face value. And Oracle database software is no different than that. In this post, you may expect to have some basic idea on Oracle security and its risks. The features of Oracle that has security risks are:

  • System tables
  • Passwords
  • Privileges
  • Oracle Listener

basics of oracle database security

System Tables:as you know that the heart of the database is its table, which servers the main purpose of a database-storing data. The most important tables to protect are the systems tables such as SYS.USER_TABLES, SYS.USER_VIEWS, SYS.USER_OBJECTS, SYS.USER_TRIGGERS , SYS.USERS_CONSTRAINTS etc.


 list of system tables in oracle

As an information security professional, you need to assume that all these tables are secured and you need to audit Oracle security and privileges roles to make sure the privacy of the data. If you Oracle database are hosted in a Windows system, you can sue Oracle audit tool in order to automate the security checking process and you can find such tool at Oracle audit tool page of cqure.net site .

Passwords: After installing Oracle, you need to change the default password of Oracle, in addition to changing passwords; you can implement a strong password policy such as enforcing minimal length, complexity, lockout, expiration and avoiding reuse of passwords.

Privileges: Oracle has several types of privileges including system and object privileges, which are basically used to allow certain users to access certain objects in a database (for example tables are objects). You need to look out for misconfigured privileges in order to prevent unauthorized or unwanted persons from viewing you sensitive data.

Oracle Listener: the purpose of the listener service is to receive users’ requests and transfer them to the requested database. By default, Oracle use TCP port 1521 as a listening port. An Oracle administrator must need to change this port so as an attacker cannot make any easy guess. Remember that the listener is the first point of entry to a database and if it is not secured, it can reveal sensitive information about your database and the host operating system.

So, the basic steps you can take to make Oracle secure from its well-known vulnerabilities and threats are to change the listening port, audit the system tables and check the privilege levels for each users

Related Posts:

Leave a Reply

Your email address will not be published.

    • Syras is a telecommunication and IT security professional with over 10 years of experience in this field. He has been running his personal blog Securitywing.com since 2010. He has the following IT and Project management certifications:

      • CISA(Certified Information Systems Auditor)
      • MCSE(Microsoft Certified System Engineer)
      • CCNA(Cisco Certified Network Associates)
      • Prince2( Project Management)

Copyrights

Protected by Copyscape Duplicate Content Detection Software

Securitywing.com reserves the copyrights of all of its published articles.No contents of this site is permitted to be published to anywhere else in the Internet.If any contents are found in any other websites, securitywing reserves the rights to file a DMCA complaint. But you have the right to use the link of any relevant article of this site to point from your website if you consider that it might improve the quality of your article.

Tags

android audit backup basics browser check cisco cloud computer configuration data database email encryption firewall hsrp ids iis informaiton internet intrusion it linux load balancing malware microsoft network protection putty redundancy risk router security security tips server ssh test tools vpn vrrp web webserver website windows wordpress