Create Strong Network Security Policy for Database Server
For the most part, network security will probably be out of the control of most database administrators but there are a few Oracle and SQL Server configurations that you can set to help protect your server from malicious users. As a database administrator who will be called out in the wee hours of the morning to repair the damage when someone hacks into a database, you should be aware of the security surrounding your installations. You may not have much control but at least you can understand the issues pertaining to perimeter security.
As a database administrator, you should insist that your database Server installation is protect by a firewall. Even after all the recent attacks against SQL Server, some companies still have not place all of their Oracle and SQL Server installations behind a properly configured firewall. This basic level of protection will prevent a large variety of attacks that are common in our connected world. A properly configure a firewall for Oracle SQL Server should have the firewall rules block all outgoing and incoming traffic to Port 1500,1434 and Port 1433. You should configure your db Server instance to listen in on other ports and not allow the default port settings to be used. This basic configuration would have prevented the infamous Slammer worm from causing the wide spread damage that it did.
You can determine the port that your SQL Server installation is listening on by executing the sp_readerrorlog system stored procedure and looking for the phrase “SQL server listening on” the end value of that phrase is the port number.
By default TCP/IP and Named Pipes net libraries are enabled when you install a SQL Server instance. You should strive to use TCP/IP as your main network protocol and not configure additional protocols unless necessary. Disable any unneeded protocols on existing Oracle and SQL Server instances and try to prevent additional protocols from being installed unless absolutely needed.
Another step you should investigate is to “hide” your database Server instance for network discovery by checking the Hide Server checkbox when you configure your default port. By hiding your database Server instance, DB Server will no longer respond to broadcasts from clients attempting to locate instances of SQL Server on a network. The process of hiding your SQL Server will change the port that SQL Server listens on to 2433. This is not perfect but it is often an easy thing to do to prevent small level attacks. Remember that this port will remain as the default port even when you “unhide” your server.
The firewall is a device that protects the network from possible external intrusions and at the same time also allows you to selectively disable the access of corporate users to certain websites or internet applications. The firewall is a kind of intelligent “filter”, that is, it offers us the possibility, in input and output, to block or pass data according to very specific rules. Hardware and software firewalls are available, but we strongly recommend the use of hardware ones as they are independent of other hardware such as a PC on which to run, operating systems and once configured, they will hardly create problems. This device must be chosen considering the number of users on the corporate network: the more users there are, the higher the performance the firewall must have. If you then need to manage two different internet connectivity at the same time, you must ask for a product with “2 WAN ports”. Also choose a firewall that can manage VPN connections, now we will not explain what they are, but they will be very useful if you decide to access the company server from home or in any case from outside the office.
Make sure that on each server and in each workstation an antivirus software is installed, active and updated to check files, applications and e-mail traffic. Some viruses can actually cause serious damage to the point of rendering the system unusable. But be careful: the perfect antivirus does not exist and will probably never exist. The winning combination is formed by the antivirus and the “attentions” that the user must pay when using his workstation and in particular the internet and e-mail. Virtually all paid antiviruses (not free ones !!) can be fine and all well-known manufacturers have offers, which save money, dedicated to the protection of workstations and company servers.
Every computer on the network, whether it is a server or a workstation, is physically connected to this equipment called a “switch” via cables, optical fiber or Wi-Fi connections. It is generally placed in the “rack cabinet” together with the server and is a kind of “collector” that allows and regulates the exchange of data between all computers on the network. There are many models also according to the total number of workstations and peripherals to be connected to the network. Each connection that the switch offers is called a “port” and a workstation (PC or server) or a network device such as a printer for example must be connected to each port. So you will find switches with 8, 16, 24 or 48 ports. Keep in mind that switches can be connected together to increase the overall number of ports. We recommend that you choose switches that can support “Giga Ethernet” speed on all ports and that you prefer “management” switches that allow more accurate port configuration. Also consider the models that offer the predisposition to manage a couple of fiber optic connections if there is an immediate or future need to connect workstations or entire departments far from the server cabinet.
Remember, when you are protecting your server and network of server then it automatically protects your data.
When you want to make strong Oracle DBA career then you should be aware of database services and other database technology. Without having knowledge of Oracle internals , Oracle performance tuning, and skill of Oracle database troubleshooting you can’t be an Oracle DBA expert. This expert DBA Team club blog always provides you latest technology news and database news to be keep yourself up to date. You should need to be aware of Cloud database technology like DBaaS. These all Oracle DBA tips are available in single unique resource at our orageek. Meanwhile, we are also providing some sql tutorials for Oracle DBA. This is the part of Dbametrix Group and you would be enjoy more advance topics from our partner resource.
Consider Reading to these articles: