General Security Principles
The following principles are fundamental to using any application securely.
- Keep software up to date
- Stay updated on the latest security information critical patch updates
- Configure strong passwords on the database
- Follow the “principle of least privilege"
Parent topic: Security Guide
Keep software up to date
One of the principles of good security practice is to keep all software versions and patches up to date. Ensure that you are current on CPUs.
Parent topic: General Security Principles
Stay updated on the latest security information critical patch updates
Oracle continually improves its software and documentation. Critical Patch Updates are the primary means of releasing security fixes for Oracle products to customers with valid support contracts. They are released on the Tuesday closest to the 17th day of January, April, July and October. We highly recommend customers apply these patches as soon as they are released.
Parent topic: General Security Principles
Configure strong passwords on the database
Although the importance of passwords is well known, the following basic rule of security management is worth repeating: make sure your passwords are strong!
You can strengthen passwords by creating and using password policies for your organization. For guidelines on securing passwords and for additional ways to protect passwords, see the specifics to the database release that you are using.
You should modify the following passwords to use your policy-compliant strings:
- Passwords for the database default accounts, such as SYS and SYSTEM.
- Passwords for the database application-specific schema accounts, such as HDM.
- Password for the database listener. You should not configure a password for the database listener as that will enable remote administration. For more information, see the Removing the Listener Password section of Oracle® Database Net Services Reference 12c Release 2 (12.2)
Parent topic: General Security Principles
Follow the “principle of least privilege"
The principle of least privilege states that users should be given the least amount of privilege to perform their jobs. Being overzealous with how you grant responsibilities and roles — especially early on in an organization's life cycle when people are few and work needs to be done quickly — often leaves a system wide open for abuse. User privileges should be reviewed periodically to determine if they are still relevant for the current job responsibilities.
Create the database by following the steps listed in the Oracle Healthcare Translational Research Installation Guide.
Parent topic: General Security Principles