The first thing that requires to be placed in any security strategy is the physical protection of the server hosting your Oracle, DB2, and SQL server instances. I understand that some of your application and smaller test development instances may be unprotected on developer’s servers, but any server holding production, pre-production, or testing database should be physically secured from malicious users.
Just visualize all the direct attacks that could take place against a server if anyone was able to access it. Not only could they physically damage the server, a malicious user may only have to open the server and directly take the disks that contain your database files to hack into those files at their leisure. It is almost impossible for a network administrator to protect the contents of a server if someone has direct access to the server since special boot-up disks exist that allow a malicious user to bypass much of the pre-defined security on a server. You may laugh, but I have been at quite large companies in which a production database was an old desktop machine sitting under someone’s desk. Not really appropriate for a company in which the cleaning crew kept bumping into my own desktop and knocking out the hard drive.
This physical security policy should not only ensure the protection of the server against malicious users it should also ensure protection against the elements. I know of at least one company in my past that did not have an adequate server room and during the heat of the day a window was opened in the “server” room to help cool off the servers. At least once in my short tenure there a sudden storm came up and cooled off two of the servers with a nice soaking. Try to explain that outage to your end-users.
Do the best that you can to make sure that servers are protected against all the little things that tend to keep them from working properly. You may not be able to rebuild your server room, but you can place something in your security policy so the next misinformed manager will not try to put your database servers under their desk or next to the water fountain.
Install security cameras surrounding the database server and monitor round the clock database server availability without fail.