Securing the Environment
From Oracle FAQ
Many DBAs are complacent about patching -- for instance, only patching production instances, or not patching at all. For example, one study estimates that 60% of Oracle customers have at least one database running that still has unlocked, unexpired default accounts with default passwords.
Why should the environment be secured
Here are some of the reasons why the Oracle environment needs to be secured:
- Protect company data and revenue streams
- Protect customers
- Regulatory requirements (i.e. Sarbanes Oxley)
- Increased intrusion
Securing/ Hardening Procedures
All companies should have a securing or hardening procedure that is executed to secure the environment.
Critical Patch Update (CPU).
Oracle Corporation issues vulnerability alerts and fixes on a quarterly basis. Dates are published on Metalink.