Securing the Environment

From Oracle FAQ

Many DBAs are complacent about patching -- for instance, only patching production instances, or not patching at all. For example, one study estimates that 60% of Oracle customers have at least one database running that still has unlocked, unexpired default accounts with default passwords.

Why should the environment be secured

Here are some of the reasons why the Oracle environment needs to be secured:

• Protect company data and revenue streams
• Protect customers
• Regulatory requirements (i.e. Sarbanes Oxley)
• Increased intrusion

Securing/ Hardening Procedures

All companies should have a securing or hardening procedure that is executed to secure the environment.

CPU Patches

Critical Patch Update (CPU).

Oracle Corporation issues vulnerability alerts and fixes on a quarterly basis. Dates are published on Metalink.