DBMS Security Setting
The chapters in this part explain risk analysis, risk impact, and solutions related to DBMS security setting.
Data Dictionary Protection Setting Check
Risk Analysis
The data dictionary contains critical information related to the physical and logical structure, object definitions, space allocations, users, rules, privileges, and auditing. It must be protected from unauthorized users and external access. Without protection, anyone could delete the contents of the data dictionary using commands like DROP ANY TABLE.
Risk Impact
Data dictionary information can be deleted.
Solution
Not applicable as Tibero does not have this feature.
Listener logging Setting Check
Risk Analysis
If listener logging is not enabled, it is impossible to detect malicious use of Listener commands or Brute Force attacks aimed at discovering the Listener password by attackers.
Risk Impact
Cause of infringement incidents or failures become difficult to identify.
Solution
Set $TB_HOME/instance/$TB_SID/log/lsnr/trace_list.log file as default.
tbdsn.tbr Setting and Protection Check
Risk Analysis
Listener is a process that monitors connection requests from clients. The client connects to the database through the Listener. The Listener configuration file is read when the Listener starts, enabling client access. If accessed by malicious users, they could remotely modify the Listener’s configuration.
Risk Impact
Risks such as buffer overflow, information leakage, and file tampering for malicious purposes may occur.
Solution
Listener does not exist in Tibero due to architecture differences from Oracle.
Backup Management
Risk Analysis
Backup management is essential to prepare for failures and external intrusions.
Risk Impact
Recovery is impossible if a database failure occurs.
Solution
Establish a backup policy to periodically store backups or copies on other media, and in the event of service interruption or modification, such as system maintenance, upgrade, or migration, backup copies are kept until the nearest point in time.
Log Management
Risk Analysis
In case of a infringement accident, manage logs of queries performed by accounts as well as logs related to the system and application.
Risk Impact
Cause of infringement incidents or failures become difficult to identify.
Solution
Store and manage various logs generated by the database through a remote management system for at least three months to allow a thorough analysis in case any unusual events occur.
Use of PSM Package
Risk Analysis
PL/SQL packages such as UTL_FILE and UTL_SMTP have vulnerabilities that can affect the system and database. Therefore, Public's permission to use this package should be restricted.
Risk Impact
A risk of unauthorized access to the file system or the external leakage of internal files may occur.
Solution
Remove the execute permission from the public for the following packages if not in use.
UTL_HTTP, UTL_FILE, DBMS_RANDOM, DBMS_LOB, DBMS_SQL, DBMS_JOB,
DBMS_OBFUSCATION_TOOLKITRevoke the execute permission from the public for the following packages if not in use.
SQL> REVOKE EXECUTE ON <Package_name> FROM PUBLIC;Last updated