Auditing of FAILED_LOGIN_ATTEMPTS value on Oracle profiles

From: Rich Jesse <rjoralist3_at_society.servebeer.com>
Date: Fri, 6 Dec 2013 09:07:21 -0600 (CST)
Message-ID: <f2bc0b29b554968ff27e77ba228deb16.squirrel_at_society.servebeer.com>

Hey all,

I'm expecting to get dinged on an audit because I have FAILED_LOGIN_ATTEMPTS set to 10 in a profile (11.2.0.3, if that matters). On our new DBs, I plan on changing that to UNLIMITED. The initial feedback from the auditors is that "the recommended is 3 to 5".

I reasoned that instead of a malicious attempt to break in to our ERP DB, it's much more likely that someone (in IT) will accidentally choose our Production ERP DB when they meant to choose Development (which has a different password), causing login failures which could lockout the account, effectively causing a denial of service. This has already happened, but with a non-existent user, so no harm done.

I have EM12c paging me for EVERY login failure in Production, since there are no user logins other than for the DBA (me).

What do others do? Take the audit hit and just move on?

TIA!
Rich

--
http://www.freelists.org/webpage/oracle-l

Received on Fri Dec 06 2013 - 16:07:21 CET

This message: [ Message body ]
Next message: Don Seiler: "Re: Auditing of FAILED_LOGIN_ATTEMPTS value on Oracle profiles"
Previous message: Paul Houghton: "RE: Why doesn't my hint work?"
Next in thread: Don Seiler: "Re: Auditing of FAILED_LOGIN_ATTEMPTS value on Oracle profiles"
Reply: Don Seiler: "Re: Auditing of FAILED_LOGIN_ATTEMPTS value on Oracle profiles"
Reply: MacGregor, Ian A.: "RE: Auditing of FAILED_LOGIN_ATTEMPTS value on Oracle profiles"
Reply: Freeman, Donald CONT (ABL): "RE: Auditing of FAILED_LOGIN_ATTEMPTS value on Oracle profiles"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message