|
Application Integrity
This category includes quality improvement issues, to normalize the application to indestructible. An attacker can effortlessly hit your database because of some Oracle's default enabled parameters or can create buffer overflow to breach your database.
Authentication Control
Oracle sets default passwords for all users either some highly privileged users or low privileged users and some default setting to begin with. This category deals with password strength and other management and control issues for password and profiles.
Denial of Services
This Category checks the incidence of DoS type attacks. Dos attacks usually occur because of unfixing susceptibility for example; permitting to run uninformed code.
Mis-configurations
This category deals with the omitted configuration setting in oracle database. Oracle provides some features to avoid mis-configuration for example listener service is a proxy between the client and the database that assists in negotiating the connection. If logging is enabled for the listener, commands and connection attempts are recorded in a log file. If logging is disabled, no records will be recorded and there can't be accountability.
System Integrity
This category deals with the resource usage limit issues. For example resource usage limit, idle time resource usage limit and concurrent resource usage limit.
Password Attack
Sometimes user changes the password to weak password which is as insecure as default. This category deals with the password security. If passwords for SYS and SYSTEM are not changed to strong passwords, attacker can get command over database by guessing SYS password and can do anything. For example Easily-guessed database username, password for
internal account and Brute-force database username.
|