GUVENLIK

1- TCP.VALIDNODE_CHECKING kullanıp sadece izin verdiğimiz ip adreslerinin database ulaşmasını sağlayalım
INVITED_NODES bağlanmasına izin verilenler
EXCLUDED_NODES bağlanmasına karşı çıkılanlar

edit sqlnet.ora

tcp.validnode_checking = yes
tcp.invited_nodes = (192.168.2.2, 192.168.2.3)
# tcp.excluded_nodes = (192.168.2.4)

2- Database logon trigerı yazalım.

CREATE OR REPLACE TRIGGER check_session_connection
AFTER LOGON ON DATABASE
DECLARE
cursor c_session is
select sys_context(‘userenv’,’session_user’) username,
s.module, s.program
from v$session s
where sys_context(‘userenv’,’sessionid’)=s.audsid;
r_session c_session%rowtype;
BEGIN
OPEN c_session;
FETCH c_session into r_session;
IF upper(r_session.module) like (‘%EXCEL%’) THEN
raise_application_error (20901,’Excel – go away.’);
END IF;
IF upper(r_session.module) like (‘%ACCESS%’) THEN
raise_application_error (20902,’Access – go away.’);
END IF;
CLOSE c_session;
END;

3- password verify function ile profile değiştirip passwordleri komplex hale getirelim.
SQL> @?/rdbms/admin/utlpwdmg.sql
SQL> alter profile default limit password_verify_function verify_function;

4- Database linklerin 10g R2 ile güvenliğini artıralım. Sys.link$ sorgulandığında database linkini fix user ile create ederseniz passwordu görebilirsiniz.

5- Audit user logon bilgileri

set newpage 2
set heading off

select count(*) Num,
substr(username,1,10) username,
substr(terminal,1,12) terminal,
substr(os_username,1,15) os_username,
substr(to_char(timestamp,’DD-MON-YY’), 1,9) timestamp
from dba_audit_session
where returncode0
and timestamp > sysdate-7
group by username,
terminal,
os_username,
to_char(timestamp,’DD-MON-YY’);

Advertisements

About oracledocuments

Zekeriya Beşiroğlu, It joined the Bilginc IT Academy in July 2000. In the meantime, the Oracle Education, Oracle Data Base Management System and Oracle Internet Technologies, Oracle development technologies such as the training of Oracle products is responsible for training as consultants. During this task, since 1 April 2008 with 293 Oracle training in total, in 2150 Oracle customers successfully submitted. Oracle 10g New York in November 2002 have received training and education in Turkey was the first time the consultants. 20 April 2008 on education in Turkey 11g is the first who was a consultant. Oracle Real Application Cluster Expert advisor is certified is the first . Http://zekeriyabesiroglu.blogspot.com and Http://www.oracleforum.info owner and manager of the site. Its own has more than one hundred articles. In addition, creation and improvement of training materials are also related to work. Oracle products are used, database management and reporting Academy eruditely It also is working on. From the date of 1 January 2009 will continue to work as the Technical Director
This entry was posted in Uncategorized and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s