1 Reply Latest reply: Jul 19, 2012 11:34 PM by JustinCave RSS

    Oracle Security Policy

    user8610659
      Hi,

      Can anyone help me with a good doc id , that describes about the standard security policy that should be implemented in oracle production database ...


      Also suggest on th impact of below mentioned process:

      1) changing the Listener Port No.

      2) Change Recieve and send buffer size in listener.ora file ..

      3) Change in Archive Size From 40Mb to 20Mb
        • 1. Re: Oracle Security Policy
          JustinCave
          It doesn't really make sense to talk about a "standard security policy". The security policy depends on a whole host of factors-- the size of the organization, the application architecture, the sensitivity of the data, etc. A policy that makes sense for a small company building a PHP application that stores non-sensitive information wouldn't make sense for a Fortune 500 company building applications that house sensitive military data.
          1) changing the Listener Port No.
          The impact on security? Not much. You could potentially prevent an attacker doing a port scan from finding the listener but that's security through obscurity. The port number isn't secret so it's unlikely to slow an attacker down much.
          2) Change Recieve and send buffer size in listener.ora file ..
          The impact on security? None. It may affect performance (either positively or negatively). Why do you think that's a good idea?
          3) Change in Archive Size From 40Mb to 20Mb
          Do you mean to say changing the size of the redo logs? It may affect performance either positively or negatively. What leads you to believe that change would be appropriate?

          Justin