Series: Project Lockdown - A Phased Approach to Securing Your Database Infrastructure
Arup Nanda's classic primer on database security best practices for DBAs has been updated for Oracle Database 11g Release 2.
http://www.oracle.com/technetwork/articles/index-087388.html Imagine that you have just landed a new job as a DBA. On your first day, you hear rumors of an impending security audit driven by Sarbanes-Oxley requirements. You need to get to know your environment as soon as possible, so you know where to look and understand when to take immediate or preventive action.
Or imagine a less serious (yet still alarming) situation in which you have "inherited" database and server that you know have never been hardened, and an audit is on the horizon. You have to do something quickly to secure them, and there is no one to turn to. You're on your own.
Or, perhaps you are a seasoned DBA and have been looking after a database for a while. No audit is impending, but you are concerned about security in general and want to be assertive about it.
Regardless of the specific situation, you can safely make three assumptions:
1. You will have to work quickly. Whether or not an audit is imminent, you cannot afford to leave your environment in an unsecured state for anything but a short period of time (if at all).
2. You will have to work carefully and methodically because you are modifying the production database.
3. You will have to work on this project while performing other routine activities—taking care of the database, fighting fires, handling concerned customers, and so on.
Based on these presumptions, clearly you will need a phased approach to securing your database infrastructure, and one that makes use of the Oracle technology currently at your disposal. In this series, you will receive a blueprint of such a plan. I call it
Project Lockdown.
http://www.oracle.com/technetwork/articles/index-087388.html
