Securing Oracle Databases CSS-DSG JTrumbo Audit Recommendations Make sure databases are current with patches. Ensure all current default accounts & passwords (for example, scott/tiger) are disabled or changed
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
No excuses on this. The Lab Director has dictated
that patches will be applied in a timely manner.
Reasonable downtime must be planned & granted to
See The Database Hackers Handbook, Litchfield/Anley/Heasman/Grindlay for complete list.
NOTE*** some db installations, (mysql), auto start with the default pwds. These must be changed IMMEDIATELY, as a hack can occur within minutes.
Accounts that do not update the database can be the exception to complex password/expiration requirements, with the exception of any read only accounts that has access to SYS tables.