Suggestions on Oracle Security Construction

The following article mainly introduces the construction of Oracle Security. In fact, the construction of Oracle Security is a very tricky task. If you want to be a qualified enterprise-level system, I personally think the related tax system should have the following Oracle Security features:

High Availability

Access Control for sensitive data.

D. audit capability for user behavior monitoring.

Effectiveness and scalability of User Account Management

Security check

The security construction of an enterprise-level system is not limited to the setup and control of software technology. We can even say that technology is only in the position of complementing and improving existing security. Generally, the following security checks should be performed according to the importance.

Physical Layer Control

Controlling physical contact is the first step in the security construction of Oracle. It is also the most effective and should be given priority.

Authoritative security research shows that 70% of Information System data losses and attacks are caused and initiated by "Insiders" who have access to a certain system and its data.

For example, authorization personnel can enter the data center, management personnel passwords should not be recorded in a conspicuous place, leave the personal terminal to lock the screen, and so on. These suggestions seem trivial. However, without such awareness, even if we use the best security technology and complex data separation technology, when a person can access the server to be protected, when a person can steal a password to access the data to be protected, all security construction will be a decoration.

The treasure of a thousand miles is destroyed by the ant nest. A solid dam will not collapse due to the impact of external floods, but it will collapse into the hidden insects.

Therefore, the best way is not to bring the ant financial near the dam.

Security Process Construction

After implementing security construction, a detailed and effective Process Control must be established ). We should pay attention to the effectiveness.

Sometimes you may hear complaints. In a system that enhances security construction, the maintenance staff's division of labor is too small, resulting in a decline in the system's response capability, increased maintenance costs, and reduced management efficiency. In the past, a person could make changes within 10 minutes, but now it takes 3 or 4 people to complete the changes, which takes 1-2 days.

We should give priority to establishing an Oracle Security process that meets the enterprise's needs.

Universal Security Measures

It is not just an Oracle database system. As a disruptive IT system, the following security measures should be taken.

1. Install only the required software

Each software has defects. For Oracle database software, custom installation only selects the required components to avoid errors. This is particularly important in Oracle Security, A component with potential security vulnerabilities if it is not installed. Then it will not affect the entire system.

2. Default User locked or disabled

For the Oracle database system, a series of default users are generated during installation. After the database is installed, these users should be filtered by function, locked or invalidated.

3. Change the default password of an available user

Users that cannot be locked or are invalid must change the default password. For example, SYS users with SYSDBA permissions and SYSTEM users with DBA permissions should change the default password. The effective control of password length and complexity will be discussed later.

4. Restrict Operating System Access Permissions

The Oracle database system depends on the operating system. If the operating system is infiltrated, the security of the Oracle database will be eliminated by modifying the configuration file and other methods.

5. Regularly update the Security patch released by the manufacturer

Over time, manufacturers usually launch a series of security patches to make up for the security risks of existing systems.

For Oracle databases, you should regularly view the following URLs to obtain the latest Oracle security warnings and solutions.

Security Construction of Oracle Database itself

In general, Oracle database is the most complete database product in terms of industry security. Among the international standards for database Oracle Security, Oracle has passed 14 tests and is the most comprehensive and comprehensive product among all database products. Oracle's C2 operating systems (such as commercial UNIX and VMS Operating Systems) not only meet the NCSC C2 security standards, but also have officially passed the NCSC C2 standard test. The B1-level operating system not only meets the NCSC B1-level security standards, but also has passed the NCSC B1-level standard test.

Oracle provides the following security measures:

Identity Authentication): identifies the identity of an individual

Data Access confidentiality Confidentialty): ensures the confidentiality of sensitive data access.

Integrity): ensures that data is not tampered.

Authorization: ensures the ability of authorized users to query and modify data.

Access Control): determines the Access capability to the specified data.

Audit Capability Auditing): provides the ability to monitor user behavior.

Private): provides the Privacy of sensitive data access.

High Availability (Availability): ensures the ability of data and systems to provide uninterrupted services.

Proxy management capabilities: provides centralized management of user accounts.

The following describes the security measures of Oracle in the application system.