
	Home > Ask the Oracle Database / Applications Experts > Questions & Answers > Basic database security guidelines

Ask The Oracle Expert: Questions & Answers

EMAIL THIS

Basic database security guidelines

EXPERT RESPONSE FROM: Dan Norris

		Pose a Question

		Other Oracle Categories

		Meet all Oracle Experts
		Become an Expert for this site

QUESTION POSED ON: 09 April 2004
I am very much impressed by your profile and thank you very much for your desire to share knowledge.
Can you briefly outline simple guidelines to ensure that the security requirements are made a part of any Oracle upgrade plan? Please provide a brief checklist to be given to customers, so that the project managers/management doesn't overlook this aspect.

The question of implementing database security is complex. The security has to be looked into at the OS layer, network layer, database settings, the application code, application server layer and implementation with third party tools. Even for experts, they may not have a complete understanding of the other areas, other than their area of expertise. In such a scenario, how to prepare the project plan and implement the same? How to make the learning curve simple for all the interested parties, so that the overall objective is fulfilled?

The most important part about securing a new database or new application is to develop a security model very early in the development process (make sure it is part of the requirements gathering process) and adhere to it throughout development and deployment. There's relatively little that can be done to secure anything just before it is deployed when compared to what can be done if security is considered early in the project.

I've read one book on Oracle security and it has some good general pointers, though I don't think it was worth the high price. The book is "Oracle security: Step-by-step" by Pete Finnigan, published by SANS and available at https://store.sans.org/store_item.php?item=80.

There's another book by Marlene L. Theriault and Aaron Newman (both highly respected and knowledgeable people) from Oracle Press named "Oracle security handbook." I have not reviewed it and it was published in 2001, but most security principles do not "expire," so I would expect that this book will still have many good tips. It has received good reviews on Amazon: http://www.amazon.com/exec/obidos/tg/detail/-/0072133252/ref=cm_bg_d_5/002-1148334-4877611?v=glance.

From a high level perspective, security is always about risk. If you think that your system is impenetrable, think again. Someone else will always be building a better mousetrap. Database security should be reviewed periodically and any available updates or patches should be applied. I find it helpful to consult the Oracle security alerts section on OTN regularly at http://otn.oracle.com/deploy/security/alerts.htm (You can also subscribe to have them eemailed to you at that URL.)

Digg This!

StumbleUpon

Del.icio.us

RELATED RESOURCES

	2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
	Search Bitpipe.com for the latest white papers and business webcasts
	Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Oracle White Papers: Fusion Middleware

SEARCH

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2003 - 2009, TechTarget \| Read our Privacy Policy