Top STIG – Part 5 (Default Passwords)


One of the most common attack vectors for any hacker is checking to see if you have reset default passwords on service and administrator accounts. Almost every piece of hardware or software comes with some default way to login the first time, and a lot of people are really bad at changing those credentials to be more secure. Oracle databases and DBAs are no exception...

FIPS is a Four Letter Word


FIPS is a four letter word. It is also a source of some confusion when it comes to the Oracle database and DISA STIG compliance, which I will attempt to sort out to the best of my ability in this post.

How to Limit a User Connection to a Specific IP Address


Seriously, I find all the best questions about Oracle security on forums like Oracle Communities and AskTom. Sometimes I need to be careful, though. I have a tendency to jump right to implementation details in my head without always considering all of the ramifications of the original question. Sometimes the answers seem immediately obvious, but it doesn't usually take long before someone offers an observation that makes me sit back and think that maybe my first instinct needs some qualification. Case in point...

Deploying an Oracle 11gR2 Connection Manager


A business or organization can only be successful if its critical data is well managed and secure. Every day the news is filled with stories of corporations, financial institutions, and governments whose data systems have been compromised. Tightly configured network architectures which limit the direction and channels through which data flows can greatly reduce the … Continue reading Deploying an Oracle 11gR2 Connection Manager