However, resources like the Defense Information Systems Agency, and others, have checklists to guide you in securely configuring your databases. A database vulnerability tool can then be used to check if your database has met the lists requirements. Some things to look for first are:
- Missing patches
- Misconfiguratioins such as Oracle directory and file pemissions
- Default passwords
Default passwords are considered a major reason for why attacks happen. Making sure that users have hard to guess passwords, and changing them periodically reduces the risk of security breaks. Another big risk is the ANY system privileges, equivalent to ROOT user in Unix or ADMINISTRATOR for Windows. Monitoring these users is a top security challenge, and they need to be very controlled and validated. One last security help is virtual patching, a tool offered by Guardium and other security vendors, that detects and blocks new exploits, offering a degree of protection while waiting for the actual patch.