Typically, malicious users target the inactive sessions to gain access into the database. By reducing the period of time an inactive session stays connected, the probability of that session being a victim of abuse is reduced. Also, setting up idle_time helps to reduce problems of having too many INACTIVE sessions.
Views: 1089 checklist20
Establishing and enforcing limitations on password complexity, expiration, lockout, and reuse will reduce the risk that threat agents may gain access by exploiting a weakness in these settings. Create a strong password verify function and attach the function to default or custom profile which will be assigned to all user accounts created in the database. Following values are recommended for the password profile options:- failed_login_attempts=10- password_life_time=90- password_reuse_max=20- password_reuse_time=365- password_lock_time=1- password_grace_time=3
Views: 2476 checklist20
How to use Checklist 2.0 practice list to audit restricted privileges in Oracle database
Views: 556 checklist20
Oracle Database Audit Best Practices
Views: 1500 checklist20
Oracle default installation comes up with several database accounts that're opened and have escalated privileges. Oracle database installs with a number of default database user accounts. Upon successful installation of the database, the Database Configuration Assistant automatically locks and expires most default database user accounts. If you perform a manual (without using Database Configuration Assistant) installation of Oracle Database, then no default database users are locked upon successful installation of the database server. Or, if you have upgraded from a previous release of Oracle Database, you might have default accounts from earlier releases. Left open in their default states, these user accounts can be exploited, to gain unauthorized access to data or disrupt database operations. You should lock and expire all default database user accounts. Oracle Database provides SQL statements to perform these operations.
Views: 649 checklist20