Project Lockdown
A phased approach to securing your database infrastructure
by Arup Nanda 
Download the PDF version of this article
Imagine that you have just landed a new job as a DBA. On your first day, you hear rumors of an impending security audit driven by Sarbanes-Oxley requirements. You need to get to know your environment as soon as possible, so you know where to look and understand when to take immediate or preventive action.
Or imagine a less serious (yet still alarming) situation in which you have "inherited" database and server that you know have never been hardened, and an audit is on the horizon. You have to do something quickly to secure them, and there is no one to turn to. You're on your own.
Or, perhaps you are a seasoned DBA and have been looking after a database for a while. No audit is impending, but you are concerned about security in general and want to be assertive about it.
Regardless of the specific situation, you can safely make three assumptions:
- You will have to work quickly. Whether or not an audit is imminent, you cannot afford to leave your environment in an unsecured state for anything but a short period of time (if at all).
- You will have to work carefully and methodically because you are modifying the production database.
- You will have to work on this project while performing other routine activities—taking care of the database, fighting fires, handling concerned customers, and so on.
Based on these presumptions, clearly you will need a phased approach to securing your database infrastructure, and one that makes use of the Oracle technology currently at your disposal. In this series, you will receive a blueprint of such a plan. I call it Project Lockdown.
This project is divided into four distinct phases, each of which are achievable and provide measurable improvements within a specific period of time: one day, one week, one month, and one quarter:
(These durations are merely estimates; depending on your installation, you may need more or less than the prescribed amount of time.) At each phase you will learn specifically what you need to do via code samples, examples, and task checklists.
Before beginning this project, I suggest that you read this brief security primer for common terms and concepts.
Because these activities vary widely by Oracle version, only activities relevant to Oracle versions 9.2.0.x (Oracle9i Database Release 2) through 10.2.x (Oracle Database 10g Release 2) will be discussed. Where possible and appropriate, obvious differences across operating systems will be addressed.
As always, the content provided here is for instructional purposes only and is not validated by Oracle; use it at your own risk! Under no circumstances should you consider it to be part of a consulting or services offering.
Arup Nanda (arup@proligence.com) has been an Oracle DBA for more than 12 years, handling all aspects of database administration—from performance tuning to security and disaster recovery. He is a coauthor of PL/SQL for DBAs (O'Reilly Media, 2005). He was Oracle Magazine's DBA of the Year in 2003.
Send us your comments
| 
Bookmark
