DBMS Security Setting

The chapters in this part explain risk analysis, risk impact, and solutions related to DBMS security setting.

Data Dictionary Protection Setting Check

Risk Analysis

The data dictionary contains critical information related to the physical and logical structure, object definitions, space allocations, users, rules, privileges, and auditing. It must be protected from unauthorized users and external access. Without protection, anyone could delete the contents of the data dictionary using commands like DROP ANY TABLE.

Risk Impact

Data dictionary information can be deleted.

Solution

Not applicable as Tibero does not have this feature.

Listener logging Setting Check

Risk Analysis

If listener logging is not enabled, it is impossible to detect malicious use of Listener commands or Brute Force attacks aimed at discovering the Listener password by attackers.

Risk Impact

Cause of infringement incidents or failures become difficult to identify.

Solution

Set $TB_HOME/instance/$TB_SID/log/lsnr/trace_list.log file as default.

tbdsn.tbr Setting and Protection Check

Risk Analysis

Listener is a process that monitors connection requests from clients. The client connects to the database through the Listener. The Listener configuration file is read when the Listener starts, enabling client access. If accessed by malicious users, they could remotely modify the Listener’s configuration.

Risk Impact

Risks such as buffer overflow, information leakage, and file tampering for malicious purposes may occur.

Solution

Listener does not exist in Tibero due to architecture differences from Oracle.

For further details on tbdsn.tbr protection check, refer to " Configuration File Protection Check” and “TIP(Tibero InitializeParameter) File Access Permission Setting”.

Backup Management

Risk Analysis

Backup management is essential to prepare for failures and external intrusions.

Risk Impact

Recovery is impossible if a database failure occurs.

Solution

Establish a backup policy to periodically store backups or copies on other media, and in the event of service interruption or modification, such as system maintenance, upgrade, or migration, backup copies are kept until the nearest point in time.

Log Management

Risk Analysis

In case of a infringement accident, manage logs of queries performed by accounts as well as logs related to the system and application.

Risk Impact

Cause of infringement incidents or failures become difficult to identify.

Solution

Store and manage various logs generated by the database through a remote management system for at least three months to allow a thorough analysis in case any unusual events occur.

Use of PSM Package

Risk Analysis

PL/SQL packages such as UTL_FILE and UTL_SMTP have vulnerabilities that can affect the system and database. Therefore, Public's permission to use this package should be restricted.

Risk Impact

A risk of unauthorized access to the file system or the external leakage of internal files may occur.

Solution

Remove the execute permission from the public for the following packages if not in use.

UTL_HTTP, UTL_FILE, DBMS_RANDOM, DBMS_LOB, DBMS_SQL, DBMS_JOB, 
DBMS_OBFUSCATION_TOOLKIT

Revoke the execute permission from the public for the following packages if not in use.

SQL> REVOKE EXECUTE ON <Package_name> FROM PUBLIC;

PreviousPrivilege Management NextConfiguration File Check

Last updated 5 months ago

DBMS Security Setting

The chapters in this part explain risk analysis, risk impact, and solutions related to DBMS security setting.

Data Dictionary Protection Setting Check

Risk Analysis

Risk Impact

Data dictionary information can be deleted.

Solution

Not applicable as Tibero does not have this feature.

Listener logging Setting Check

Risk Analysis

If listener logging is not enabled, it is impossible to detect malicious use of Listener commands or Brute Force attacks aimed at discovering the Listener password by attackers.

Risk Impact

Cause of infringement incidents or failures become difficult to identify.

Solution

Set $TB_HOME/instance/$TB_SID/log/lsnr/trace_list.log file as default.

tbdsn.tbr Setting and Protection Check

Risk Analysis

Risk Impact

Risks such as buffer overflow, information leakage, and file tampering for malicious purposes may occur.

Solution

Listener does not exist in Tibero due to architecture differences from Oracle.

For further details on tbdsn.tbr protection check, refer to " Configuration File Protection Check” and “TIP(Tibero InitializeParameter) File Access Permission Setting”.

Backup Management

Risk Analysis

Backup management is essential to prepare for failures and external intrusions.

Risk Impact

Recovery is impossible if a database failure occurs.

Solution

Log Management

Risk Analysis

In case of a infringement accident, manage logs of queries performed by accounts as well as logs related to the system and application.

Risk Impact

Cause of infringement incidents or failures become difficult to identify.

Solution

Store and manage various logs generated by the database through a remote management system for at least three months to allow a thorough analysis in case any unusual events occur.

Use of PSM Package

Risk Analysis

PL/SQL packages such as UTL_FILE and UTL_SMTP have vulnerabilities that can affect the system and database. Therefore, Public's permission to use this package should be restricted.

Risk Impact

A risk of unauthorized access to the file system or the external leakage of internal files may occur.

Solution

Remove the execute permission from the public for the following packages if not in use.

UTL_HTTP, UTL_FILE, DBMS_RANDOM, DBMS_LOB, DBMS_SQL, DBMS_JOB, 
DBMS_OBFUSCATION_TOOLKIT

Revoke the execute permission from the public for the following packages if not in use.

SQL> REVOKE EXECUTE ON <Package_name> FROM PUBLIC;

PreviousPrivilege Management NextConfiguration File Check

Last updated 5 months ago