Oracle Database Security Policy Analysis (2)

Oracle Database Security Policy Analysis (2)

Oracle Database Security Policy Analysis (2)

The ORACLE tutorial is: Oracle Database Security Policy Analysis (2 ). SQL * DBA command security:

If you do not have an SQL * PLUS application, you can also use SQL * DBA for SQL query permission-related commands that can only be assigned to the Oracle software owner and DBA group users, these commands are granted special system permissions.

(1) startup
(2) shutdown
(3) connect internal

　　Database file security:

The owner of Oracle software should have these database files ($ ORACLE_HOME/dbs /*. dbf) set the permission to use these files to 0600: The file owner is readable and writable. users in the same group and other groups do not have the write permission. The owner of Oracle software should have a directory containing database files. To increase security, it is recommended that users in the same group and other groups have the permission to read these files.

　　Network Security:

When dealing with network security, the following are additional considerations.

(1) remote users who use passwords on the internet can enter the password in encrypted or unencrypted mode. When you enter the password in unencrypted mode, your password may be intercepted by illegal users, which may damage the security of the system.

(2) DBA permission control on the network you can control DBA permissions on the network in two ways:

A is set to deny remote DBA access;
B uses orapwd to set a special password for the DBA.

　　2. Establish security policies:

　　System Security Policy:

(1) managing database users is a way to access Oracle database information. Therefore, the security of database users should be well maintained. According to the size of the database system and the workload required to manage the database users, the database security manager may only have a special user for create, alter, or drop database users, or a group of users with these permissions, it should be noted that only those who are trustworthy should have the permissions to manage database users.

(2) user identity confirmation database users can perform identity authentication through the operating system, network service, or database. The advantages of user identity authentication through the host operating system include:

A users can join the database more quickly and conveniently;
B. Centralized Control of user identity confirmation through the operating system: If the operating system and database user information are consistent, Oracle does not need to store and manage user names and passwords;
C. The audit information of the user accessing the database is consistent with that of the operating system.

(3) Operating System Security

Database A administrators must have the operating system permissions for the create and delete files;
B generally, database users should not have the operating system permissions for create or delete database-related files;
C. If the operating system can assign roles to database users, the security administrator must have the operating system permission to modify the security zone of the operating system account.

<