Oracle Security, audit procedure and checklist, 5 basic controls
Need to audit an Oracle Database or Application; here is simple guidance, 5 basic controls that you should monitor.
1. Password Management
- Default Passwords, should be changed
- Required Passwords, should be enabled
- Password Composition, should be contain character, numeric and combination
- Password Expiration, should be expire within period e.g. 30 days
- Password History, should be not repeated after period e.g. 12 password.
2. User Management
- Administrator Account, should be secured. All administrator account should be stated clearly and who’s responsible with it.
- Default user account, should be removed or deactivated
- Vendor / third party account, should be monitored
- Dormant Account, should be maintained.
3. Security Feature
- Account Lockout, should be enabled
- Idle Session Timeout, should be enabled.
- Shutdown and Restart, should be restricted
- Access to Utilities, should be restricted
- Host Based Authentication, should be considered.
5. Log & Auditing
- Auditing, should be enabled or considered if performance is an issue
- Log Management, should be enabled or considered if performance is an issue
- File Permission, should be restricted
- Program Permission, should be restricted.
Trackback URL for this post: