Oracle database security policy analysis of ii)

The ORACLE tutorial you are looking at is :Oracle database security policy analysis (2). Security of the SQL*DBA command:

If you do not have an SQL*PLUS application, you can also use SQL*DBA to make SQL look-up permission related commands that can only be assigned to the Oracle software owner and users of the DBA group, since these commands are granted special system permissions.

(1) startup
(2) shutdown
(3) connect internal

Security of database files:

The owner of Oracle software should set the permissions for these database files ($ORACLE_HOME/dbs/*.dbf) to 0600: the owner of the files is readable and writable, and users in the same group or other groups do not have write permissions. The owner of the Oracle software should have a directory that contains the database files, and for added security, it is recommended that users of the same and other groups be given back readable access to these files.

Network security:

Here are a few additional considerations when dealing with network security.

(1) use the password on the network on the remote users can be encrypted or unencrypted way to type the password, when you use the unencrypted way to type the password, your password is likely to be illegal users intercepted, resulting in the destruction of the security of the system.

(2) control of DBA permissions on the network you can control DBA permissions on the network in the following two ways:

A is set to deny remote DBA access;
B sets a special password for DBA via orapwd.

2. Establish a security policy:

System security policy:

(1) manage database users database users are the way to access Oracle database information, so the security of manage database users should be well maintained. According to the size of the database system and the work required to management database users, database security managers may be only have create alter, or drop database users of a particular user, or 1 set of users, with the rights that should be paid attention to is that only those who are trustworthy person should have management database user permissions.

(2) user identity confirmation database users can confirm their identity through the operating system, network services, or database. The advantages of user identity authentication through the host operating system are:

A users can connect to the database faster and more easily;
B centralizes control over user identification through the operating system: if the operating system is connected to the database user information, Oracle does not need to store and manage user names and passwords.
C user access database and operating system audit information 1 to.

(3) operating system security

The A database administrator must have operating system permissions for the create and delete files;
Database users like B 1 should not have operating system access to create or delete for database-related files;
C if the operating system can assign roles to database users, the security manager must have operating system permissions to modify the security area of the operating system account.