There are many steps that a database administrator can take to secure the database, I will mention some of them:

1- Protecting the DATA DICTIONARY:

All the information we need about the database is in the DATA DICTIONARY, so it is necessary for the database administrator to protect it.

This is done by setting the value FALSE to the variable O7_DICTIONARY_ACCESSIBILITY. This can be verified by:

SHOW PARAMETER O7_DICTIONARY_ACCESSIBILITY;

With this configuration, we ensure that any user who has the right to access the table ANY TABLE * for example DROP ANY TABLE cannot delete the DATA DICTIONARY.

This configuration also prevents the user SYS from entering the database without the right SYSDBA.

2- Revoke unimportant permissions from PUBLIC:

It is DATABASE SERVER USER GROUP, because all permissions granted to PUBLIC can be used by database users, so all unimportant permissions must be withdrawn from PUBLIC.

This is how we can grant permissions to PUBLIC.

GRANT ALTER ANY TABLE TO PUBLIC; 

Now all users in the database can use this privilege.

Of course it can be withdrawn.

REVOKE ALTER ANY TABLE FROM PUBLIC; 

3 - Limiting the granting of administrative powers to users:

What is the benefit of granting all users in the database DBA ROLE, this ROLE is granted to the database administrator and not to all users, as well as the DROP ANY TABLE & SYSDBA

and other powers that may cause you problems and there is no need to grant them to all users.

4 - Prevent remote verification by the operating system:

This is done by setting the value FALSE in the variable REMOTE_OS_AUTHET, so that we prevent remote connection to the database by verification by the operating system.

This variable originally takes the value FALSE in Oracle 10g.

We previously talked about the methods of verifying users and mentioned that one of the methods is through the EXTERNAL operating system.