If you're building a client-server application, you can use these tips:
- Build a three tier application, so the client is not connect to the database directly.
- Allow only 1 IP Address (as application server) connect to the oracle database (you can use blocking IP tips).
- Never use Oracle user ID (specially DBA user) as your Application user ID, instead create a user table with user and encrypted password in it.
- Give your Oracle Listener a password, so when someone unauthorized send a stop message to the listener it didn't work out.