All the methodologies presented later in this chapter are useless if access to the operating system is not secure or the physical hardware is not in a secure location. The following list contains a few of the elements outside of the database itself that need to be secure before the database can be considered secure:
Operating system security: Even if the Oracle database is running on its own dedicated hardware with only therootandoracleuser accounts enabled, operating system security must be reviewed and implemented. Ensure that the software is installed with therootaccount; the Oracle Database XE installation application will create theoracleuser and thedbagroup (the default group for theoracleuser) and change the permissions accordingly. In an advanced security scenario, you may consider using another account instead oforacle, as the owner of the software and the database files, to eliminate an easy target for a hacker. Ensure that the software and the database files are readable only by theoracleaccount and thedbagroup. The default installation of Oracle Database XE ensures that this is the case, but it would be a good security task to check on a regular basis that this is still the case.
Turn off the SUID (also known as set UID, or running withrootprivileges) bit on files that don’t require it. Don’t send passwords (operating system or Oracle) to users via e-mail in plain text. Finally, remove any system services that are not required on the server to support the database, such as telnet and FTP. If your Oracle Database XE installation is on a developer’s workstation, consider dedicating another workstation in your production environment.
This is by no means an exhaustive list. Thoroughly review the security documents for your host operating system to ensure that only authorized users can access your server and Oracle Database XE installation.
Securing backup media: Ensure that the database backup media—whether it is tape, disk, or CD/DVD-ROM—is accessible by a limited number of people. A secure operating system and robust, encrypted passwords on the database are of little value if a hacker can obtain backup copies of the database and load them onto another server. The same applies to any server that contains data replicated from your database. You can also encrypt the backups themselves so that backups that fall into the wrong hands cannot be used. Oracle Database XE supports Transparent Data Encryption to ensure that direct access to the database operating system files, as well as backups of the database operating system files, cannot reveal the contents of encrypted columns without the encryption keys.
Background security checks: Screening of employees that deal with sensitive database data—whether it is a DBA, an auditor, or an operating system administrator—is a must.
Security education: Ensure that all database users understand the security and usage policies of the IT infrastructure. Requiring that users understand and follow the security policies emphasizes the critical nature and the value of the data to the company. A well-educated user will be more likely to resist attempts by a hacker using social-engineering skills to access data without proper authorization.
Controlled access to hardware: All computer hardware that houses the database should be located in a secure environment that is accessible only with badges or security access codes.
Please check back next week for the second part of this series.