website analytics software
Home Contact Cart Register Faqs
Login:
 
Password:  
 
 
Login
About us Resources Services Product Support Careers Partner  
 


TYPES OF VULNERABILITIES W.R.T. CATEGORIES

  • Access rights - This category contains all accessing issues according to the specific security policy. For example, if view to a confidential data is allowed only to HR users, all other users will be restricted and can't access that data. A security conscious organization considers it as a major issue for a secure environment. Secure Ora Auditor™ detects these types of vulnerabilities in access rights category and recommends checks and verifications.


  • Application Integrity - This category includes quality improvement issues, to normalize the application to indestructible. An attacker can effortlessly hit your database because of some Oracle's default enabled parameters or can create buffer overflow to breach your database.
  • Authentication control - Oracle set default passwords for all users either some highly privileged users or low privileged users and some default setting to begin with. This category deals with password strength and other management and control issues for password and profiles.
  • Denial of services - This Category checks the incidence of DoS type attacks. Dos attacks usually occur because of unfixing susceptibility for example; permitting to run uninformed code.
  • Mis-configurations - This category deals with the omitted configuration setting in oracle database. Oracle provides some features to avoid mis-configuration for example listener service is a proxy between the client and the database that assists in negotiating the connection. If logging is enabled for the listener, commands and connection attempts are recorded in a log file. If logging is disabled, no records will be recorded and there can't be accountability.
  • System integrity - This category deals with the resource usage limit issues. For example resource usage limit, idle time resource usage limit and concurrent resource usage limit.
  • Password attack - Sometimes user changes the password to weak password which is as insecure as default. This category deals with the password security. If passwords for SYS and SYSTEM are not changed to strong passwords, attacker can get command over database by guessing SYS password and can do anything. For example Easily-guessed database username, password for internal account and Brute-force database username.
   

LifeCycle
         -          Datasheet          -          Compliance Statements          -          Return on Investment          -          Presentation
   
HOME   |   ABOUT US  |   RESOURCES  |  SERVICES   |   PRODUCT   |   SUPPORT   |   CAREERS   |   PARTNER   |  CONTACT   |   LINK DIRECTORY
 
Security Auditing Services  | Network Design Service  | Security Assessment Services  |  System Hardening Service  |  Technical Training Services  |  Oracle Security Assessment Tool  |  Windows Security Assessent Tool  | SQL Security Assessment Tool  | Cisco Security Assessment Tool  |  Penetration Testing Services  |  Information Security Software  |  Information Security Management System   |  Auditing Tools  |  Forensics Utilities  |  Digital Risk Management Solution  |  Vulnerability Scanners  |  Penetration Testing Tools  |  Penetration Testing Utilities  |  Risk Management Utilities  |  System Auditing  |  Database Security  |  Windows Scanner  |  Windows Password  |  Port Scanner  |  Password Crack  |  Inventory Software  |  Inventory Tracking Software  |  Database Vulnerability Assessment  |  Database Auditing  |  Database Scanning  |  Disaster Recovery  |  Security Services  |  Oracle Event Log Viewer  |  Windows Event Log Viewer  |  Oracle Access Rights Auditor  |  MSSQL Access Rights Auditor  |  Oracle Password Auditor  |  MSSQL Password Auditor  |  Windows Password Auditor   |  Cisco Type 7 Password Decryptor  |  Cisco Config Manager  |  Windows System Inventory Viewer  |  Windows Software Inventory Viewer  | SNMP Browser  |  Trace Route  |  SNMP Brute Force Attacker  |  MSSQL Brute Force Attacker  |  FTP Brute Force Attacker  |  HTTP Brute Force Attacker  |  Oracle Brute Force Attacker  |  SNMP Scanner  |  Oracle Default Password Tester  |  MSSQL Default Password Tester  |  Oracle SID Tester  |  Oracle TNS Password Tester  |  Oracle Query Analyzer  |  MSSQL Query Analyzer  |  IP Calculator  |  Mac Detector  |  DNS Auditor  |  DNS Lookup  |  Whois |  Press Release |  Systems Auditing |  Compliance From Single Console
 
Copyright © 2008 Secure Bytes Inc. All rights reserved.