Oracle Database Security Policy Analysis (ii) _oracle

The Oracle tutorial being looked at is: Oracle Database Security Policy Analysis (ii). Security for the SQL*DBA command:

If you do not have a sql*plus application, you can also use SQL*DBA to do SQL check permissions, which can only be assigned to users of the Oracle software owner and the DBA group, because these commands are granted special system permissions.

(1) Startup
(2) Shutdown
(3) Connect internal

　　Security for database files:

ORACLE software owners should use these database files ($ORACLE _home/dbs/*.dbf) to set the permissions for these files to 0600: The owner of the file is readable and writable, and users of the same group and other groups do not have permission to write. The owner of the Oracle software should have a directory containing the database files, and for added security, it is recommended to reclaim the readable permissions of the same group and other groups of users for these files.

　　Network security:

Here are a few additional questions to consider when dealing with network security.

(1) The use of passwords on the network in the remote users can be encrypted or unencrypted way to type the password, when you use unencrypted way to type the password, your password is likely to be intercepted by illegal users, resulting in the destruction of the system security.

(2) DBA Authority control on the network you can control DBA authority on your network in the following two ways:

A is set to deny remote DBA access;
B set a special password for the DBA via ORAPWD.

　　second, the establishment of security policy:

　　System security Policy:

(1) The Management database user database user is accesses the Oracle database information the way, therefore, should maintain the management database user's security very well. According to the size of the database system and the amount of work required to manage the database users, the database Security Manager may only have create,alter, or a special user of the drop database user, or a group of users with these permissions, and it should be noted that Only those individuals who are trustworthy should have permission to administer database users.

(2) User identification database users can through the operating system, network services, or databases for identity verification, through the host operating system for user authentication advantages are:

A users can be faster and more easily linked to the database;
B centralized control of user identity through the operating system: if the operating system is consistent with database user information, Oracle does not need to store and manage user names and passwords;
C users enter the database and operating system audit information consistent.

(3) Operating system security

A database administrator must have the operating system permissions of the Create and delete files;
B General database users should not have create or delete the database files related to the operating system permissions;
C if the operating system can assign roles to database users, the security manager must have operating system permissions to modify the operating system account security zone.

<