Presentation is loading. Please wait.

Presentation is loading. Please wait.

Database Security DB0520 Authentication and password security Authentication options – strong, weak Review security environment - Sys Admin privileges.

Published byElijah O’Connor’ Modified over 8 years ago

Similar presentations

Presentation on theme: "Database Security DB0520 Authentication and password security Authentication options – strong, weak Review security environment - Sys Admin privileges."— Presentation transcript:

1 Database Security DB0520 Authentication and password security Authentication options – strong, weak Review security environment - Sys Admin privileges Choosing Strong Passwords Account Lockout policy Password Profiles – create, enforce

2 Authentication options Process to confirm correctness of identity DB2 CLIENT authentication – DB2 parameters TRUST_ALLCLNTS – DRDAONLY (except z/OS, OS/390, VM, VSE) TRUST_CLNTAUTH – where to check passwords – SERVER/CLIENT External authentication DB2 SERVER authentication – SERVER_ENCRYPT or KERBEROS or both – DATA_ENCRYPT – GSSPLUGIN

3 Authentication options MS SQL Server – Windows authentication – Mixed authentication Client connections capable of NTLM are authenticated with SQL server Username and password stored in SQL server Oracle – OCI client and Oracle server – using TNS – Oracle password protocol (O3LOGON) – V$Session – username, osuser, machine, module

4 Review Security environment Review authentication model Review group association Review role association Review privilege association Perform a “dry run” Inspect sys admin privileges

5 Choosing Strong Passwords Use a password with mixed-case letters. Use alphabet and numbers in your passwords Use punctuation marks within your passwords. Use passwords with at least six characters, and a minimum of eight is even better. If possible, choose a password that can be typed quickly and that cannot be easily guessed if someone looks over your shoulder

6 Don’t do the following: Don’t Use the same password (even if it is strong) all over the place Don’t Use the username as the password or any permutation of the login name (e.g., username spelled backward) Don’t Use words that can be looked up in a dictionary because they will appear in password cracker files. Don’t Use information that is easily obtained, such as your mother’s maiden name, your children’s names, or your pet’s name. Don’t Use dates (such as your hiring date, birth dates, phone number, anniversary etc.) Don’t Use Repeating substrings in a password e.g. 111, 222 etc. this reduces the number of permutations and weakens the strength gained by length of passwords – now the hacker needs to guess lesser unique characters

7 Account Lockout Account Lockout after failed attempts – May cause Denial of Service Attack Denying a connection from the source IP to target IP Use DB firewall

8 Password profiles (Oracle) PASSWORD_LIFE_TIME – expiration days PASSWORD_REUSE_TIME - #days before reuse PASSWORD_REUSE_MAX - #password changes before reuse PASSWORD_GRACE_TIME – #days login allowed with warning PASSWORD_VERIFICATION_SCRIPT

9 DB user/password maintenance

Download ppt "Database Security DB0520 Authentication and password security Authentication options – strong, weak Review security environment - Sys Admin privileges."

Similar presentations

Module XIV SQL Injection

Module XIV SQL Injection
Password Management for Oracle8 Ari Kaplan Independent Consultant.

Password Management for Oracle8 Ari Kaplan Independent Consultant.
Password Cracking Lesson 10. Why crack passwords?

Password Cracking Lesson 10. Why crack passwords?
Security Pertemuan 7 Matakuliah: T0413 Tahun: 2009.

Security Pertemuan 7 Matakuliah: T0413 Tahun: 2009.
Password Security An overview. We need your help The IT department uses the latest technology and techniques to maintain the highest level of security.

Password Security An overview. We need your help The IT department uses the latest technology and techniques to maintain the highest level of security.
CREATE LOGIN James WITH PASSWORD = 'A' Answer: SQL 2005 and 2008 can enforce the password policy of the operating system. CREATE LOGIN James WITH PASSWORD.

CREATE LOGIN James WITH PASSWORD = 'A' Answer: SQL 2005 and 2008 can enforce the password policy of the operating system. CREATE LOGIN James WITH PASSWORD.
Understand Database Security Concepts

Understand Database Security Concepts
Securing Oracle Databases CSS-DSG JTrumbo. Audit Recommendations -Make sure databases are current with patches. -Ensure all current default accounts &

Securing Oracle Databases CSS-DSG JTrumbo. Audit Recommendations -Make sure databases are current with patches. -Ensure all current default accounts &
Tom Parker Project Manager Identity Management Team IT Security Group.

Tom Parker Project Manager Identity Management Team IT Security Group.
Chapter 3 Passwords Principals Authenticate to systems.

Chapter 3 Passwords Principals Authenticate to systems.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Administering User Security

Administering User Security
Chapter 3 – Creating and Managing User Accounts MIS 431 – Created Spring 2006.

Chapter 3 – Creating and Managing User Accounts MIS 431 – Created Spring 2006.
Database Security Managing Users and Security Models.

Database Security Managing Users and Security Models.
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.

11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.
Best Practices for Securing Oracle EBS R12

Best Practices for Securing Oracle EBS R12
Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.

Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Similar presentations

Ads by Google