As a DBA, it is your responsibility to secure your organization's database from unauthorized access.
In this article I am going to suggest some guidelines that is mandatory to have for all oracle databases.
1. Data Integrity:
Always keep a check on integrity of the data in the database. Before adding any sort of data whether important or unimportant your system must ensure that the data is valid and correct. Data Integrity prevents data from becoming invalid always returns correct results.
2. Use Access Control System:
Always grant enough or appropriate privileges to users and those privileges should be given to only those users who require them to accomplish their tasks. Excessive grant of unnecessary privileges can compromise the security of your database.
3. Role Based Authentication:
You can also grant role based authentication. You can segregate the roles into administrator, programmer, operator, user and so on. Permission to perform a certain task should be based on the privileges granted to that role. Also maintain a log of each role to keep track of each role's activities.
4. Password Protection:
Make your database root account password protected. Also maintain password for each user account in the database.
5. Use Oracle Views:
Views provide a powerful and flexible security mechanism for the database. By using views you can hide parts of database from certain users. The user is not aware of the parts missing from the view.
6. Back Up your database appropriately:
Backup your database and archive logs correctly, so that you can recovery it in case of failure. Do test your backup from time to time.
7. Maintain Log Files:
Maintain your database log files if you can.This will help you keep track of client's activities.
8. Disable Remote Access:
If it is feasible for your company, ensure that no users can get remote access to your database system. This will reduce the risk of network attacks from unauthorized or malicious users.
Subscribe to:
Post Comments (Atom)
2 comments:
hi murali, this is anil, ur x at dbora... good posts.. but they look too basic yaar.... and some points are missing the actual cause...say for example data integrity and database security are two separate entities.... backups and recovery are another piece of oracle efforts... log files..which logs are you taking about... is that listner logs... or REDO logs....if its ,can you plz explain how can we trace users activities from REDO logs, (really I m not sure , yaar).... disabling remote access is not possible in many cases...believe me....write something about password change policy, database auditing (is a part of implementing database security), hmmmm what else....monitoring listener logs for identifying malicious attempts or login attempts from suspicious machine at suspicious times....
ok if your next article is about Advanced Database Security, dont forget to write about RLS (Row level security) and VPD ( Virtual Private Databases)...good luck buddy....
nice 1 here mr murali....@bommaredy..though i'm new into database administration but i know users activities can be audited..d method i dont know yet..well through redo logs..hmmm i feel through the udump or something should do..
Post a Comment