Simple Oracle Security Steps....
Interesting, many organisations don’t actually care looking at auditing an oracle database. I was recently reading a simple oracle auditing article which really gives us a quite a bit of over view from Oracle gurus. Below is the few Interesting things to look at Oracle database.
Default Accounts
system / manager (this use can change sys's password)
sys / man (highest privileged account)
scott / tiger
Interesting tables
all_users
all_tables
user_sys_privs
sys.dba_users
sys.dba_tab_privs
sys.dba_sys_privs
sys.dba_profiles
sys.dba_roles
sys.dba_role_privs
sys.dba_audit_trailsys.aud$
Interesting queries
alter all_user klx identified by asdfafds
grant dba to userid
grant connect to userid
identified by password (new user)
select username, password from sys.dba_users
select * from profile DEFAULT
alter profile default invalid_logins unlimited
audit connect on default whenever successful
audit connect on default whenever not successful
audit update on default whenever successful
delete * from sys.aud$
select owner, table_name from sys.dba_tables
Here is a nice link with tutorials on how to Secure Oracle. Decrypting Oracle toplink workbench passwords. Oracle Tools such as the decryption of the Oracle toplink mapping workbench password algorithm.
No comments:
Post a Comment