Content on this page requires a newer version of Adobe Flash Player.

Get Adobe Flash player

 		   
Home Contact Contact Register Faqs Login twitter   Facebook

Content on this page requires a newer version of Adobe Flash Player.

Get Adobe Flash player
About us Product Services Resources Support Careers Partner

SECURE ORA AUDITOR
horz_line
TYPES OF VULNERABILITIES W.R.T. CATEGORIES
Access rights
 This category contains all accessing issues according to the specific security policy. For example, if view to a confidential data is allowed only to HR users, all other users will be restricted and can't access that data. A security conscious organization considers it as a major issue for a secure environment. Secure Ora Auditor™ detects these types of vulnerabilities in access rights category and recommends checks and verifications.
Application Integrity
This category includes quality improvement issues, to normalize the application to indestructible. An attacker can effortlessly hit your database because of some Oracle's default enabled parameters or can create buffer overflow to breach your database.

Authentication control
 Oracle set default passwords for all users either some highly privileged users or low privileged users and some default setting to begin with. This category deals with password strength and other management and control issues for password and profiles.

Denial of services
This Category checks the incidence of DoS type attacks. Dos attacks usually occur because of unfixing susceptibility for example; permitting to run uninformed code.

Mis-configurations
This category deals with the omitted configuration setting in oracle database. Oracle provides some features to avoid mis-configuration for example listener service is a proxy between the client and the database that assists in negotiating the connection. If logging is enabled for the listener, commands and connection attempts are recorded in a log file. If logging is disabled, no records will be recorded and there can't be accountability.

System integrity
This category deals with the resource usage limit issues. For example resource usage limit, idle time resource usage limit and concurrent resource usage limit.

Password attack
Sometimes user changes the password to weak password which is as insecure as default. This category deals with the password security. If passwords for SYS and SYSTEM are not changed to strong passwords, attacker can get command over database by guessing SYS password and can do anything. For example Easily-guessed database username, password for
internal account and Brute-force database username.
   

LifeCycle     -     DataSheet     -     Compliance Statements    -     Return on Investment    -     Presentation

horz_line
HOME|   ABOUT US|   RESOURCES|  SERVICES|   PRODUCT|   SUPPORT|   CAREERS|   PARTNER|  CONTACT|   LINK DIRECTORY|   SUBMIT LINK|   BLOG
horz_line
 
Cisco Auditing Tools  |  Vulnerability Scanners  |  Disaster Data Recovery  |  Windows Password Auditor   |  Database Auditing Tools   |   SNMP Browser  |  HTTPS Brute Force   |  SNMP Scanner  |  IP Calculator  |  DNS Lookup  |  Security Auditing Tools  |  Security Assessment Lifecycle  |  Risk Management Solution  |  Network Designing Services  |  Information Technology (IT) Control  |  Security Access Control (SAC)  |  Audit Checklist   |  Network Security Vulnerability  |  Vulnerability Management
 
Copyright © 2010 Secure Bytes Inc. All rights reserved.