Multimedia Classroom
Title: Technology
graphic
Button Home
Button About Us
Button For Alumni
Button For Everyone
Administrative Systems
Backup/Restore Services
Desktop Computer Support
Home Computing
ITS Training
New Media Lab
Out of Office E-mail Message
VPN
Button For Students
Button Teaching & Research
 

ITS Oracle Database Security

Wesleyan ITS is committed to security for the Oracle databases. 

All Wesleyan Oracle databases sit behind firewalls, and are inaccessible from the outside world.

The following security precautions are taken for all Oracle databases:

Oracle Network layer:

  • The default ports are not used.
  • The default network domain is not used.
  • Remote database administration takes place over a secured virtual private network (VPN).
  • Database links to other databases are added when necessary.  Database links do not directly access the main data schemas of other databases; rather, a database account is formed for that database link to log into, and individual permissions are specifically granted.

Operating System and database software layer:

  • For both Windows and UNIX operating systems, the file and directory permissions are set to allow only system and database administrators access to the Oracle database files, software, and directories.
  • Oracle security patches are applied as they become available.
  • Oracle software patches are applied as they become available.

Oracle database creation:

      When creating a new database:
  • Oracle administrative passwords are changed immediately.
  • Non-essential Oracle system accounts are locked.
  • Database profiles are created and assigned to every account.
  • Customized monitoring hooks are created.

Oracle database layer:

  • Database profiles are established to limit the number of consecutive failed logins.  When an account reaches this limit, the account is locked until freed by the DBA.  There are different profiles for different types of accounts.
  • Database permissions are granted on a schema basis.  Database schemas have only the privileges necessary in order to function.
  • A database trigger is used to audit all suspicious login activity.  This is checked daily.
  • Oracle database auditing is used to audit all non-successful logins. This is checked daily.
  • User accounts are periodically removed as they become inactive.
  • Database administrative functions are restricted to the database administrators.
graphic
graphic
graphic