Series: Project Lockdown
A phased approach to securing your database infrastructure
Imagine that you have just landed a new job as a DBA. On your first day, you hear rumors of an impending security audit driven by Sarbanes-Oxley requirements. You need to get to know your environment as soon as possible, so you know where to look and understand when to take immediate or preventive action.
Or imagine a less serious (yet still alarming) situation in which you have "inherited" database and server that you know have never been hardened, and an audit is on the horizon. You have to do something quickly to secure them, and there is no one to turn to. You're on your own.
Or, perhaps you are a seasoned DBA and have been looking after a database for a while. No audit is impending, but you are concerned about security in general and want to be assertive about it.
Regardless of the specific situation, you can safely make three assumptions:
Based on these presumptions, clearly you will need a phased approach to securing your database infrastructure, and one that makes use of the Oracle technology currently at your disposal. In this series, you will receive a blueprint of such a plan. I call it Project Lockdown.
This project is divided into four distinct phases, each of which are achievable and provide measurable improvements within a specific period of time: one day, one week, one month, and one quarter:
Before beginning this project, I suggest that you read the brief security primer below for common terms and concepts.
Because these activities vary widely by Oracle version, only activities relevant to Oracle versions 9.2.0.x (Oracle9i Database Release 2) through 11.2.x (Oracle Database 11g Release 2) will be discussed. Where possible and appropriate, obvious differences across operating systems will be addressed.
As always, the content provided here is for instructional purposes only and is not validated by Oracle; use it at your own risk! Under no circumstances should you consider it to be part of a consulting or services offering.
Arup Nanda, an Oracle ACE DIrector, has been an Oracle DBA for more than 12 years, handling all aspects of database administration—from performance tuning to security and disaster recovery. He is a coauthor of PL/SQL for DBAs (O'Reilly Media, 2005). He was Oracle Magazine's DBA of the Year in 2003.