Home > Ask the Oracle Experts > Questions & Answers
Ask The Oracle Expert: Questions & Answers
EMAIL THIS

Basic database security guidelines

Dan Norris EXPERT RESPONSE FROM: Dan Norris

Pose a Question
Other Oracle Categories
Meet all Oracle Experts
Become an Expert for this site
>
QUESTION POSED ON: 09 April 2004
I am very much impressed by your profile and thank you very much for your desire to share knowledge.

Can you briefly outline simple guidelines to ensure that the security requirements are made a part of any Oracle upgrade plan? Please provide a brief checklist to be given to customers, so that the project managers/management doesn't overlook this aspect.

The question of implementing database security is complex. The security has to be looked into at the OS layer, network layer, database settings, the application code, application server layer and implementation with third party tools. Even for experts, they may not have a complete understanding of the other areas, other than their area of expertise. In such a scenario, how to prepare the project plan and implement the same? How to make the learning curve simple for all the interested parties, so that the overall objective is fulfilled?


>
EXPERT RESPONSE
The most important part about securing a new database or new application is to develop a security model very early in the development process (make sure it is part of the requirements gathering process) and adhere to it throughout development and deployment. There's relatively little that can be done to secure anything just before it is deployed when compared to what can be done if security is considered early in the project.

I've read one book on Oracle security and it has some good general pointers, though I don't think it was worth the high price. The book is "Oracle security: Step-by-step" by Pete Finnigan, published by SANS and available at https://store.sans.org/store_item.php?item=80.

There's another book by Marlene L. Theriault and Aaron Newman (both highly respected and knowledgeable people) from Oracle Press named "Oracle security handbook." I have not reviewed it and it was published in 2001, but most security principles do not "expire," so I would expect that this book will still have many good tips. It has received good reviews on Amazon: http://www.amazon.com/exec/obidos/tg/detail/-/0072133252/ref=cm_bg_d_5/002-1148334-4877611?v=glance.

From a high level perspective, security is always about risk. If you think that your system is impenetrable, think again. Someone else will always be building a better mousetrap. Database security should be reviewed periodically and any available updates or patches should be applied. I find it helpful to consult the Oracle security alerts section on OTN regularly at http://otn.oracle.com/deploy/security/alerts.htm (You can also subscribe to have them eemailed to you at that URL.)


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice

HomeNewsTopicsTipsAsk the ExpertsWebcastsWhite PapersProductsBlogs
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts