Hi every one,
This is my third week working at a DBA job, i have worknig with oracle 91, 10g and 11g for nearly three years managing RAC and doing lots of PL/SQL (for the last 2 years :-S)but i havent ¿securize? neither the OS or the database, so im a little lost since this evening, at work, my responsible have asked me to see how to securize things...so as users can't ¿snip? around.
I have googled for a while and found this interview to Arup Nanda
"What are some of the most fundamental security precautions that companies can take to protect their Oracle database?
Arup Nanda: Securing Oracle is not difficult, but some companies don't follow the most basic steps. Actually it only takes a little bit of diligence and systematic thinking. The first is making sure that the Listener service is kept up to date and that a password is set on it. Companies also fail to realize that by using *_Oracle's SQL*NAT function_*, you can create a simple firewall for the database at no additional cost. Lastly, Oracle's row-level security feature provides access control at the individual row level. Rather than opening up an entire table to any individual user who has any privileges on the table, row-level security restricts access to specific rows in a table."
and i asked my self what is this SQL*NAT function.
Can anyone please explain to me?, if so, i'll be very thankfull. And if someone can give a hand explaining to me some first step on securizing OS or database it would be just great.
Thanks to all, and sorry if i make some gramatical/ortographical mistakes. Thanks a lot.
erm, i have just see where i have posted this ... sorry i will try to reallocate this post.
Edited by: user12302245 on 20-ene-2011 8:12
you can not secure the OS using oracle. As a DBA I assume your responsiblities would be to restrict the access to database. You can control many logon parameters using the fine grain auditing. Search for "fine grain auditing on oracle". You should find more information about what you are looking for.
finally the solution was another.
The point was creating a client user with another group (not oinstall) so as those users couldn't rm files/dirs of oracle or messing around the oracle software ... i wasn't able to see it, i was too nervous :-s
many thanks for your posts rkrishna ^^. If i need to securize database i have something to start with :-D.
Nicolas, This one of the steps we use to secure our peoplesoft environment. We restrict access to the db from our appservers and process schedulers using fine grain auditing. You are right, maybe someone in the dba group might be able to help her better.