Oracle 9i Security Checklist:

- Install only the products you are using.

- Lock and expire default user accounts.

- Change default passwords and enforce password management.

- Enable dictionary protection.

- Practive the principle of least privilege.

- Enforce access controls effectively.

- Restrict network areas.

  + Use a firewall.
  + Don't poke any holes through the firewall.
  + Prevent listener access
    (set ADMIN_RESTRICTIONS_listener-name=ON)
  + Allow/Deny access based on network IP.
    (tcp.validnode_checking=YES, tcp.excluded_nodes={list the IP's}
    tcp.invited_nodes={list the IP's}).
  + Encrypt network traffic (Oracle Advanced Security).
  + Make the OS more restrictive.
  
- Apply all Oracle Security Patches

- Report security issues or vulnerabilities to Oracle.