REAL-LIFE DATABASE SECURITY MISTAKES

Maclean Liu(刘相兵

You did everything by the book, followed the database security checklists, and implemented security best practices, but one day you find significant security issues in one of your databases. How did this happen? Common database security mistakes can impact every aspect of the Oracle Database and include reappearing default passwords, misapplied Oracle Critical Patch Update security patches, and wayward privileges and grants. After auditing hundreds of databases, I have compiled a list of common database security mistakes and potentials causes of each mistake.
The information contained here is generalized across Oracle Database versions platforms and may not be applicable for a specific version or platform. The scenarios and situations described are from actual Integrigy clients, although the client processes and actions may not always be considered best practice
DATABASE SECURITY MISTAKES OVERVIEW
Database security decays over time due to complexity, usage, application changes, upgrades, published security exploits, etc. This decay increases security risk for the database and can introduce new security issues into the environment. After initial installation of the database and application, the database security posture tends to be at the lowest point as no hardening has been performed and often security patches are missing. Usually prior to go-live, the security posture of the database and application are improved through security tasks performed such as hardening and applying recent security patches. However, after go-live, database security begins to decay as new security vulnerabilities are discovered, security patches are not immediately applied, and changes are made to the database and application configuration during the normal process of maintenance and troubleshooting. As database security decays, the likelihood of security mistakes increase, especially in complex environments.

游客，如果您要查看本帖隐藏内容请回复

hwqhx

先看看。看是否有用
谢谢