Securing the Environment

From Oracle FAQ
Jump to: navigation, search

Many DBAs are complacent about patching -- for instance, only patching production instances, or not patching at all. For example, one study estimates that 60% of Oracle customers have at least one database running that still has unlocked, unexpired default accounts with default passwords.

[edit] Why should the environment be secured

Here are some of the reasons why the Oracle environment needs to be secured:

  • Protect company data and revenue streams
  • Protect customers
  • Regulatory requirements (i.e. Sarbanes Oxley)
  • Increased intrusion

[edit] Securing/ Hardening Procedures

All companies should have a securing or hardening procedure that is executed to secure the environment.

[edit] CPU Patches

Critical Patch Update (CPU).

Oracle Corporation issues vulnerability alerts and fixes on a quarterly basis. Dates are published on Metalink.