Oracle Database Security Audit
We offer Oracle database configuration security audit as a (Windows or UNIX) system configuration security audit extension, on which Oracle runs.
The objective is to review Oracle databases configuration and to evaluate it’s data security. In addition to founded weaknesses audit also includes technical recommendations for their removing.
Supported Oracle versions
Oracle RDBMS Server (versions 9 – 12)
we also support all main operation systems needed for DB Oracle server operation
Security audit needs short configuration data collection (less than 1 hour) on an audited server – remote access is sufficient. Data collection is made with database administrator’s assistance via a privileged account (usually with usage of DBA). Collected configuration data are processed outside a customer’s seat.
Audit scope
Oracle database system configuration security audit usually includes following areas:
| ID | Area |
|---|---|
| 1. | DB Oracle version, patchset, CPU |
| 2. | Installation, Important Files Access Rights |
| 3. | Protocol Net8 Configuration |
| 4. | Database Parameters |
| 5. | Data files, Control files, Redo log files |
| 6. | Auditing – Basic Parameters |
| 7. | Auditing – Audited Events |
| 8. | Scheduled Tasks |
| 9. | User Profiles – Password Parameters |
| 10. | Problematic User Accounts |
| 11. | DB Roles |
| 12. | System Privileges |
| 13. | Object Privileges |
| 14. | Critical DB objects |