Dear Readers,
My name is Franz Devantier, creator of this blog. I am an Oracle Certified
Professional (OCP DBA 11g) Security DBA.
I will be sharing with you the basic duties of an Oracle DBA, and also
some of the undocumented, and not so well known tasks.
I will make a deal with you: If you refer me to a company that needs
database support, from a few hours per week to full time, and I am able to sign
a contract with them.
Then I will give you 10% of the monthly
contract or deal price every month. When
the contract ends, and we re-sign the contract, I will again give you 10% of
the monthly contract price. This will go
on until the company no longer employs or contracts me or my agents to look
after their databases.
I can do this, because that 10% is my
marketing budget. When we re-sign the
contract, in the future, it may depend on you giving the thumbs up again, and
that is worth 10% of the monthly contract price, to be given to you as
commission.
Contact:
Franz
Security
Policies - Part 9
Change default user passwords.
The easiest way for the Oracle Database Server to be
compromised, is a default database account that still has a default password
associated with it.
Change default passwords of administrative users.
In Oracle Database 10g, you can use the same or different
passwords for the SYS, SYSTEM,SYSMAN, and DBSNMP administrative accounts. It is good practice to use different
passwords for each of them. Assign
strong, secure, and distinct passwords to these administrative accounts. If you use DBCA, then the defaults of SYS/CHANGE_ON_INSTALL and SYSTEM/MANAGER
are not allowed.
Change default passwords of all users.
In 10g, SCOTT no longer installs with the default password
of TIGER. SCOTT and DBSNMP are locked
and expired. The other default user
accounts install with a default password that is exactly the same as that user
account, for example you could log in as MDSYS/MDSYS.
If any of the default user accounts need to be activated,
then remember to assign a new secure password to each such user account.
Enforce password management.
It is best practice to apply basic password management
rules to your installation. Rules such
as the minimum length of a password, the history of passwords, ie it should be
at least three characters different to the previous password. The complexity of the password, as well as
checking that it is not the same as the user name is important.
It is good to use Oracle Advanced Security (Enterprise
Edition), with network authentication services such as Kerberos, token cards,
smart cards, or X.509 certificates.
Services like these enable stroing authentication of users to provide
better protection against unauthorized access to your data, and installation.
Franz Devantier,
Need a database health check, or a security audit?
devantierf@gmail.com
Classifieds
No comments:
Post a Comment