Oracle Security, audit procedure and checklist, 5 basic controls

Need to audit an Oracle Database or Application; here is simple guidance, 5 basic controls that you should monitor.

1. Password Management

• Default Passwords, should be changed
• Required Passwords, should be enabled
• Password Composition, should be contain character, numeric and combination
• Password Expiration, should be expire within period e.g. 30 days
• Password History, should be not repeated after period e.g. 12 password.

2. User Management

• Administrator Account, should be secured. All administrator account should be stated clearly and who’s responsible with it.
• Default user account, should be removed or deactivated
• Vendor / third party account, should be monitored
• Dormant Account, should be maintained.

3. Security Feature

• Account Lockout, should be enabled
• Idle Session Timeout, should be enabled.

4. Utilities

• Shutdown and Restart, should be restricted
• Access to Utilities, should be restricted
• Host Based Authentication, should be considered.

5. Log & Auditing

• Auditing, should be enabled or considered if performance is an issue
• Log Management, should be enabled or considered if performance is an issue
• File Permission, should be restricted
• Program Permission, should be restricted.