General Security Principles
The following principles are fundamental to using any application securely:
- Keep Software Up To Date
- Keep Up To Date on Latest Security Information Critical Patch Updates
- Configuring Strong Passwords on the Database
- Following the Principle of Least Privilege
Parent topic: Security Guide
Keep Software Up To Date
One of the principles of good security practice is to keep all software versions and patches up to date. Ensure that you are current on CPUs.
Parent topic: General Security Principles
Keep Up To Date on Latest Security Information Critical Patch Updates
Oracle continually improves its software and documentation. Critical Patch Updates are the
primary means of releasing security fixes for Oracle products to customers with valid support contracts. They are released on the Tuesday
closest to the 17th day of January, April, July, and October. Oracle highly recommends that customers apply these patches as soon as they are released.
For more information see Oracle's CPU page (https://www.oracle.com/security-alerts/).
Parent topic: General Security Principles
Configuring Strong Passwords on the Database
Although the importance of passwords is well known, the following basic rule of security management is worth repeating:
Ensure all your passwords are strong passwords.
You can strengthen passwords by creating and using password policies for your organization. For guidelines on securing passwords and for additional ways to protect passwords, refer to the Oracle® Database Security Guide specific to the database release you are using.
Modify the following passwords to use your policy-compliant strings:
- Passwords for the database default accounts, such as SYS and SYSTEM.
- Passwords for the database application-specific schema accounts, such as HDM, HDI, and HMC.
- Password for the database listener. Do not configure a password for the database listener since this will enable remote administration. For more information, see the Removing the Listener Password section of Oracle® Database Net Services Reference 12c Release 2 (12.2.0.1).
Parent topic: General Security Principles
Following the Principle of Least Privilege
The principle of least privilege states that users should be given the least amount of privilege to perform their jobs. Overly ambitious granting of responsibilities, roles, grants — especially early on in an organization's life cycle when people are few and work needs to be done quickly — often leaves a system wide open for abuse. User privileges should be reviewed periodically to determine relevance to current job responsibilities.
Before executing the DDL scripts to create HMC schema, create a database user with the specified limited set of privileges. Database Administrator access should not be given to the user.
Parent topic: General Security Principles