||Oracle Tips by Burleson
Chapter 7 Oracle Network Security
Listener logging is turned on in listener.ora.
This is important for identifying attempts to guess the password.
External procedures are removed from the
If external procedures are necessary, they are
in a different listener.
Node filtering is turned on and is configured
properly so that only trusted clients can connect.
A procedure is in place to check the listener
log for attempted break-ins regularly.
Ideally, the database server should never be
exposed to the firewall. That perhaps brings the one requirement to
the very top of the list – Do have a firewall! However, if the
database server is exposed to the firewall for business reasons,
then the following checklist applies.
this bare minimum-security checklist, you can secure the network
from a majority of attempted break-ins and achieve the policies
HIPAA has laid out. For most situations, these measures are
adequate. However, bear in mind that a house is as stable as the
foundation upon which it is built. If the underlying network is
built or managed unsafely, security of the Oracle Network is only as
good as that of the
Only the ports listened to by the listener are
open on the firewall.
Connection Manager is set up and configured to
allow only acceptable connections from trusted sources.
Application/Webserver and database server are
both inside the DMZ.
Oracle Advanced Security is setup.
Encryption is configured for Oracle Net.
Checksumming is configured for Oracle Net.
The above text is
an excerpt from:
Oracle Privacy Security Auditing
Final Word on Oracle Security
This is the only authoritative
book on Oracle Security, Oracle Privacy, and Oracle Auditing written
by two of the world’s leading Oracle Security experts.
This indispensable book is only $39.95 and has an
immediate download of working security scripts: