... as sword (in clear text) in the snap. ora file and then protect the snap. ora file against unauthorized reads... MD SYS and ORD SYS These accounts are created by the. sql file in the / ord / admin directory, in the Oracle-software home directory. They support the multi dimension options, the spatial option, and cartridge installations... SCOTT and DEMO These are demo accounts that one should delete from any production environment. As one searches for and catalogs its organizations system's user accounts, pay close attention to the accounts used by any application the database is supporting. Many application-owner accounts have far more privileges than they need.
In addition, if the application is a third-party product, there is a good chance that the password for the account that owns the application tables is seldom changed. Another user-account consideration concerns Recovery Manager. Many database administrators store the recovery-catalog information in a catalog database, because that enables the use of stored scripts within Recovery Manager. Finally, in addition to securing these user accounts, make sure the passwords are not visible by file searches (such as use of the UNIX grep command). When possible, provide passwords to batch programs by using variables instead of hard-coding the values. Net 8 lets one-use service names and aliases to mask the physical location and name of every database in an organizations system.
Using aliases means that there is no need for any end user to know the name of any database. An organization should reveal the physical location of a database only to those who must know. If one uses the. ora file for managing access to database services, remember that every user with a copy of the file can read it, possibly gaining valuable information about sensitive databases. Therefore, it is recommended that one maintain multiple copies of the. ora file, each corresponding to a particular user group.
Give the members of each group the. ora file that list only the machines they need to access. Organizations can avoid using. ora by using Oracle Names, a global naming service that servers on ones network can access. If an organization uses Oracle Names, it needs to create a central file, names. ora that lists all machine names and access privileges. Using traditional operating-system protections, an organization should secure the names. ora file to prevent unauthorized access to the account and password data stored there. If an organization uses Oracle's auditing feature for monitoring certain database activities, it knows that the SYS.
AUD$ table can grow very quickly, depending on the events it audits. In fact, the table may grow to the point at which it infringes on the SYSTEM table space's free space, causing many system administrators to disable auditing entirely. Rather than abandoning auditing altogether, it is recommended enabling auditing for certain key events, reporting on those events frequently, and truncating the SYS. AUD$ table regularly. By doing this, the organization not only keep the SYS. AUD$ table at a manageable size but it also increases the effectiveness of auditing because its query for information on the audited events soon after those events occur.
If somebody's ATM card is stolen, one can be relatively certain that the thief will be unable to withdraw money from ones bank account. This is because most ATM machines confiscate an ATM card if the user is unable to enter the correct PIN code within three tries. Unfortunately, an organization's database cannot detect and react to security breaches in the same manner. Therefore, organizations should require users to change their passwords frequently-how often depends on its enterprise's security policies. With Oracle 8, it can force passwords to expire and one can prevent the reuse of old passwords.
If an organization forces users to change their passwords regularly, the organization should make the process as simple as possible. This procedure provides a way for users to change their passwords via procedural calls. The only parameter for the procedure is the new user password. Organizations can execute this stored procedure from within its application in the same way as one executes other stored application procedures. Thus, users do not have to know the syntax for the alter user or password commands; they need only provide the new password. For example, one may create a front-end form for a client / server application to prompt a user for a new password and then automatically execute the CHANGE MY PASSWORD procedure.
The CHANGE MY PASSWORD procedure executes the alter user command, which is a DDL (data definition language) command (and therefore executes when it is parsed). In order to execute a DDL command via PL / SQL, one needs to use dynamic SQL. The CHANGE MY PASSWORD procedure changes the password only for the current user; the User pseudo column provides the USERNAME value for the procedure. The account that creates the procedure must have the ALTER ANY USER system privilege. Note that the alter user command does not perform the same password-validation procedures as the password command. The more an organization can isolate its production database from test environments, the better it will be able to protect it.
To isolate an organization's production database, one should... Revoke operating-system-level access for developers on the production server and implement a standardized change-control process... Never publicize the name of the database and server supporting the production application... Forbid the use of the production database for development or testing. The last item can directly affect an organization's security plan. If the production server contains development and test databases, the organization must apply its production-level security standards to test databases and risk slowing development and testing.
In addition, development databases frequently contain public links to the production database, allowing all users access to the production database. Ideally, links to a production database should: . Access a specific account, such as DALLAS HR ACCT, not a generic account, such as SELECT LINK... Receive privileges via roles, such as DALLAS HR ROLE, rather than via direct grants.
Using roles enables one to quickly disable privileges and eliminates a user's ability to create new objects based on specific object-access privileges. Select from views owned by the application schema owner. The application schema can create a view named DALLAS HR VIEW and grant SELECT on privileges on that view to DALLAS HR ROLE. One can then create a view-with-check option and read-only privileges, to further restrict a user's access privileges.
VI. Conclusions This writing has covered some of the common security loopholes an organization should examine as the first step in developing a solid security plan. Although advanced security mechanisms, such as network encryption and complex authentication schemes, clearly help protect ones data, they cannot take the place of basic, effective change-control mechanisms and a secure production environment. Once an organization has established a solid foundation for its security practices, it can then consider and implement additional security procedures.
web "Netspionage' costs firms millions", Bob Sullivan, Febuary 16, 2001 web hacking the web.
html, "Hacking the Web A Security Guide", Anne Bilodeau, February 16, 2001 web "Study Finds Computer Viruses and Hacking Take $1.
6 Trillion Toll on Worldwide Economy", John Di Stefano, February 16, 2001 web "Protecting Your Database", Kevin Loney, February 16, 2001 web security.
s html, "Security administrators get into computer hacking", A nick Jesdanun, February 16, 2001 Russell, R, J.
Hack Proofing Your Network. Rockland: Syn gress Media, Inc. Mansfield, R, F., (2000) Hacker Attack! Alameda: SYBEX, Inc.