Topics that should be written here:
- Security risks with oracle database
- How to secure the database
- The first things to do after a new database is created
- Secured ways to authenticate
- Oracle Internet Directory
- Oracle Auditing
- 3rd party tools that can help (Like: Imperva, IPLocks etc...)
- Bad and good experiences with database security...

Some basic tips to build a more secure database:

• Only install what you need
• Delete any demos or administration documentation from your production servers
• Turn on audits and run reports at least weekly on bad passwords, bad usernames, and multiple usernames from the same IP address
• Store your audits in the DB, not the OS
• Wrap or encrypt any plain text code, usernames, passwords, or other sensitive data
• Install patches in a timely manner, for both the OS and and DB
• Use a firewall
• Turn on Valid_Node_Checking
• Do hot backups daily (a dump file if nothing else)
• Do full cold backups weekly if possible and monthly at a minimum
• Keep a VM of your DB for emergency recoveries
Check on disk usage daily

Links to Security Documents:
Hackproofing Oracle Application Server
http://www.ngssoftware.com/papers/hpoas.pdf
Securing Oracle9iAS 1.0.2.x
http://www.oracle.com/technology/deploy/security/oracle9iAS/pdf/securingias.pdf
CIS Oracle Benchmark Security Configuration for Oracle 8i
https://www.infosec.uga.edu/policymanagement/documents/Center_for_Internet_Security_Tools/CIS_Oracle_Benchmark_v1.2.pdf
CIS Oracle Benchmark Security Configuration for Oracle 9i/10g
https://www.infosec.uga.edu/policymanagement/documents/Center_for_Internet_Security_Tools/CIS_Oracle_Benchmark_v2.0.pdf
Securing Oracle Network Traffic
http://www.dbspecialists.com/presentations/net8_security.html
Conducting a Security Audit of an Oracle Database
http://www.giac.org/certified_professionals/practicals/gsec/1730.php
See Security Technology Center on OTN Website
See Critical Patch Updates | Subscribe