Hi Davis & Pete Finnigan, Thank you so much for your response. Let me go through Pete Finnigan's security related white papers.
-Sami -----Original Message----- To: [EMAIL PROTECTED] Date: Mon, 10 Nov 2003 16:56:13 +0000 The type of attack you are suggesting is a problem that exists with all systems not just Oracle databases. For example an attack against a system administrator/application owner account on any platform (Windows, Mainframe, Unix, Database) could all potentially be shutdown by too many logon attempt failures. Often, with these type of accounts you cannot apply the same password mgmt rules (3 strikes and you are out). But having violation alerts/notification for attacks (ie. Audit trails) requirement for complex passwords that can withstand brute force attacks (eg. dictionary searches). I would suggest following Pete Finnigan's advice would be prudent. He knows what he is talking about when it comes to security. I have a copy of the Oracle Security Step-by-Step guide he mentioned which is only available from the SANS Institute (SysAdmin, Auditing, Networking & Security). If you work for a large corporation you will probably have a security officer. It might be a good idea to talk to them. Also check out: www.securityfocus.com www.sans.org btw Drake over reacted and was I thought very rude. I think Drake felt your question was best asked on a secured forum. Cheers David >From: "Saminathan" <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]> >Subject: Security : Denial Of Service >Date: Sun, 09 Nov 2003 17:14:25 -0800 > >Hi List, > >"A secure system makes data available to authorized users, without delay. >Denial-of-service attacks are attempts to block authorized usersâ ability >to access >and use the system when needed." > >By using user-profile one can lock DB users if he/she provides wrong >password 3 times. >Then DBA has to unlock the users to make it work. By knowing DB userid >somebody can lock the DB users (by providing wrong password 3 times) >so that when the actual user try to loing it will block him/her to access >the db. > >How does oracle address this "Denial Of Service" ? > >Any response would be highly appreciated. > >Thanks >-Sami > > > >-- >Please see the official ORACLE-L FAQ: http://www.orafaq.net >-- >Author: Saminathan > INET: [EMAIL PROTECTED] > >Fat City Network Services -- 858-538-5051 http://www.fatcity.com >San Diego, California -- Mailing list and web hosting services >--------------------------------------------------------------------- >To REMOVE yourself from this mailing list, send an E-Mail message >to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in >the message BODY, include a line containing: UNSUB ORACLE-L >(or the name of mailing list you want to be removed from). You may >also send the HELP command for other information (like subscribing). _________________________________________________________________ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus&pgmarket=en-ca&RU=http%3a%2f%2fjoin.msn.com%2f%3fpage%3dmisc%2fspecialoffers%26pgmarket%3den-ca -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Saminathan INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
