Re: Security Indicator

What database? What operating system?

The biggest security lapses in any database are the fact that passwords are guessable/predictable, written on post-it notes and/or taped to the bottoms of keyboards and desk drawers, not changed regularly, and usage is not monitored.

In Oracle look at creating profiles that limit logons per user, limit idle time, force password changes and passwords to contain characters and numbers, and educate your employees. That will eliminate 90+% of the risk. And drop accounts when they are no longer needed. I left a very large aerospace company ... came back on another contract more than a year later ... and all of my accounts, including email, still existed.

Finally, at least with Oracle, when you receive it the database will contain three built-in roles, CONNECT, RESOURCE, and DBA. Drop them. Then build roles that actually reflect the system privilege needs of your users.

Daniel Morgan

Fleury Marcel wrote:

> Hello all,
> I have to find an indicator that can tell me if my database is secure.
> As I've no budget to buy a scan database I'm searching some scripts.
> I know that the subject is large but any ideas are welcome
Received on Fri Jan 18 2002 - 05:47:30 CST