Securing the Environment
From Oracle FAQ
Many DBAs are complacent about patching -- for instance, only patching production instances, or not patching at all. For example, one study estimates that 60% of Oracle customers have at least one database running that still has unlocked, unexpired default accounts with default passwords.
Why should the environment be secured[edit]
Here are some of the reasons why the Oracle environment needs to be secured:
- Protect company data and revenue streams
- Protect customers
- Regulatory requirements (i.e. Sarbanes Oxley)
- Increased intrusion
Securing/ Hardening Procedures[edit]
All companies should have a securing or hardening procedure that is executed to secure the environment.
CPU Patches[edit]
Critical Patch Update (CPU).
Oracle Corporation issues vulnerability alerts and fixes on a quarterly basis. Dates are published on Metalink.
