OraFAQ Forum: Marketplace » FCBGuardDUO or 2FA via Cisco DUO

Home » Other » Marketplace » FCBGuardDUO or 2FA via Cisco DUO (12 and up to 23c, UNIX like OS only)

Show: Today's Messages :: Polls :: Message Navigator
E-mail to friend

FCBGuardDUO or 2FA via Cisco DUO [message #690435]

Fri, 21 November 2025 18:56

Olexandr Siroklyn
Messages: 44
Registered: September 2018
Location: USA

Member

Preamble

Oracle does not offer a simple and cheap option for two-factor authentication (2FA) for on-premises databases. Indeed Oracle Key Vault is hardly cheap or simple. And this situation is unlikely to change. Sure 2FA can be always implemented on the application side connecting to the database. However, such kind of 2FA is not about the real database security.

FCBGuardDUO software provides 2FA on a database side via Cisco DUO software authentication.

How it works

In brief, any initial attempts to connect to a database are rerouted to the Cisco DUO internet authentication service first. The Cisco DUO internet service communicates with your Cisco DUO application on your mobile phone, where a pop-up message appears, proposing to confirm that it is indeed you trying to connect to the database. This is the only way to connect and see below how to:

a.

oracle@dbhost tmp]$ sqlplus sysproxy/sysproxy @$YOUR-DATA_PUMP_DIR/fcbguard_duo.sql << file is auto-generated

SQL*Plus: Release 19.0.0.0.0 - Production on Fri Nov 21 14:03:36 2025
Version 19.3.0.0.0

...

Enter your personal Duo registered login name: john.doe@gmail.com

Duo two-factor login for john.doe@gmail.com

Enter a passcode or select one of the following options:

1. Duo Push to XXX-XXX-XXXX
2. Phone call to XXX-XXX-XXXX
3. SMS passcodes to XXX-XXX-XXXX (next code starts with: 1)

Passcode or option (1-3): 1

Pushed a login request to your device...
50074
...
...                                                          << here CISCO Duo auth application pops up on your smartphone *****
...
FCBGuardDUO v.23.12.830
Copyright (c) 2025, Olexandr Siroklyn. All rights reserved.
Connected.

USER is "SYS"
SQL>

***** Screenshot

b.

[oracle@dbhost tmp]$ sqlplus "/ as sysdba"

SQL*Plus: Release 19.0.0.0.0 - Production on Fri Nov 21 17:11:15 2025
Version 19.3.0.0.0

Copyright (c) 1982, 2019, Oracle.  All rights reserved.
   
Broadcast message from oracle@dbhost (somewhere) (Fri Nov 21 17:11:16 2025):     

Unauthorised SYSDBA login attempt detected on se19@dbhost

Killed
[oracle@dbhost tmp]$

More details and downloads

https://oracleongpu.com/fcbguardduo-or-cisco-duo-login-as-sysdba/

License

FCBGuardDUO is a free, partially closed software. You can use it in any way you like preserving copyright notice.

P.S

In fact, the downloadable version of the FCBGuardDUO software is designed to act as a small watchdog that barks when someone tries to break into your house. The software's default reaction is simply to terminate the intruder session. This is a too simple solution. If you're serious about database security, take a look at the cre_sys.prc_fcbguard_duo.sql file, where a procedure that reacts to intrusion is created. Make this reaction more sophisticated, reasonable and unpredictable for the intruder by using a more complex approach.

[Updated on: Fri, 21 November 2025 19:03]

Report message to a moderator

Previous Topic:	Transportable tablespace via network link utility
Next Topic:	We accept only Oracle-related adverts

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Sun Nov 30 18:16:34 CST 2025