1. Eliminate Default Passwords From All Oracle Databases
This may seem like a minor problem, but you’d be surprised at how many Oracle databases and products have at least one default password remaining. Default passwords can leave your databases vulnerable to attacks, so we recommend following this guide from Oracle to check for any potential default passwords – and changing any default administrative passwords to strong, hard-to-guess passwords.
2. Implement Policies For Strong Passwords & Regular Password Changes
Everyone with access to your Oracle database – whether as an admin or an end user – must have a strong, hard-to-guess, regularly-updated password. You can set your own standards for Oracle password complexity. We recommend:
- Requiring a password length of 13 characters minimum
- Requiring uppercase & lowercase letters, special characters (! @ $ %, etc.) and numbers for passwords
- Preventing reuse of old passwords
- Enabling account lockouts if a password is entered incorrectly more than 3-5 times
These policies help protect all Oracle users, and keep your databases secure.
3. Organize Regular Security Training & Education Programs
According to IBM, more than 60% of security threats come from inside your office. Sometimes this is due to malicious behavior by an employee – but much more commonly, it’s due to employees falling for phishing scams, sharing passwords inappropriately, and other such errors.
For that reason, you should hold regular security training & education programs for all Oracle users, and help them recognize things like phishing scams, emailed files that could contain malware, and other subjects that will help protect your Oracle databases.
4. Regularly Patch & Update Your Oracle Databases
As a database administrator, you should be doing your very best to update and patch your Oracle databases as frequently as possible. Running an outdated or unpatched Oracle system exposes you to numerous vulnerabilities.
Work with your team to ensure that you always patch your Oracle products and databases as quickly as possible once an update has been released, and you’ll be able to reduce your risk of data breaches.
5. Follow The POLP (Principle Of Least Privilege) To Minimize Risk
POLP is a method of access control that provides each individual database user with only the permissions they need for their job functions – and nothing more.
For example, a sales manager who needs access to a database but does not need to modify its contents may be granted read-only access to the database – there is no need to provide this user with the ability to modify files if they are not using it.
By limiting access in this way, you can help reduce the risk of data loss and also prevent accidental losses related to users mismanaging the data contained in your Oracle database.
6. Log All Database Activity & Perform Regular Audits For Suspicious Activity
Regular audits of database activity can help you identify suspicious activity, unauthorized users, changes and modifications to the database, and much more. By logging database activity and reviewing it frequently, you can notice any potential security issues quickly – and ensure that your data is locked down to prevent further intrusion or data loss.
Need Help With Oracle Database Security? Contact CDSI Now!
At CDSI, we specialize in Oracle database security. We can conduct a comprehensive audit of your databases, uncover hidden vulnerabilities, and provide a report with security suggestions that will ensure your valuable data is completely locked down. Contact us now to schedule a consultation, and get started with your Oracle database audit.
