This discussion is archived
1 2 Previous Next 19 Replies Latest reply: Jan 24, 2013 9:18 AM by jgarry Go to original post RSS
  • 15. Re: how to secure oracle database
    BillyVerreynne Oracle ACE
    Currently Being Moderated
    933663 wrote:
    how to secure oracle database,
    I am having the oracle database which will be packed as package in a machine and will be delivered to client place , need to ensure that the client will not access the database by any means.
    Not possible. As simple as that. As Aman so rightly said - nothing in the s/w world is fully secure and break proof.

    You provide a 3rd party with code/database to run on their hardware? It will run in the wild. It can be compromised and broken into. Often quite easily.

    An approach to consider is using virtualisation - where you supply a virtual machine container that has o/s and database and data. Where o/s is secured, network is secured, and secure database is running behind these (virtual) walls. Do not supply any credentials to the 3rd party to gain o/s access to the VM (secure even the boot loader used). Ditto with sysdba credentials for the database.

    This approach automatically removes sysdba access as an automatic access point, that a 3rd party has when running your database on their h/w and their o/s.
  • 16. Re: how to secure oracle database
    936666 Newbie
    Currently Being Moderated
    Thanks Aman
  • 17. Re: how to secure oracle database
    EdStevens Guru
    Currently Being Moderated
    933663 wrote:
    how to secure oracle database,
    I am having the oracle database which will be packed as package in a machine and will be delivered to client place , need to ensure that the client will not access the database by any means.

    Even he breaks the password (he should not break but despite client has broken the password) and went inside the database, he should not be able to see the databases Procedures ,views,functions and triggers.
    Can we Encrypt this,if so can client will be able to decrypt the same?

    Is there a way to secure the database from the client not to access the database.

    Thanks!
    What is the real concern here?
    That the client will be able to see proprietary, trade-secrete code?
    That the client will make modifications and negate your ability to support the product?
    Surely you are not concerned about the data -- after all, it's THEIR data.

    As said by others, you cannot 100% guarantee "security". And as said, there are things you can do to reduce certain risks. But you have to clearly define the risks and objectives. "Need to 'secure the database'" is NOT a clearly defined objective. And you have to accept that some things are covered by legal contract, not technical solutions. Bottom line is, if I have physical access to the computer's power switch and console, I own the database and can get in.
  • 18. Re: how to secure oracle database
    Osama_Mustafa Oracle ACE
    Currently Being Moderated
    To secure database you should follow some simple steps before spend money on products, you need to educate your users and teach me how to deal with system, the second thing is don't ever grant privileges users doesn't need ( escalate privileges) , don't install OS services you don't need or use just the basic and the necessary services only should be available on operating system, monitor your users by enable auditing , after doing all that you can start spend money on products such as database vault , Audit vault and Encryption, aper to question also you want to encrypt your data which is good oracle provide you data masking , tablespace encryption and backup encryption.But don't forget the basics
  • 19. Re: how to secure oracle database
    jgarry Guru
    Currently Being Moderated
    See http://www.petefinnigan.com/weblog/archives/00001360.htm and google: hardening oracle database.
1 2 Previous Next

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points