Security Scope - Two Passwords Stored Everywhere

The core problem of Oracle security is that it was never designed for the purposes it is currently used for. You might not realize it, but no production database can use most of the security measures the way there were intended.
Go to page123All

Additional Personnel

While the list so far seems a little longer than you thought, these Oracle passwords are actually accessible to a lot more people. These passwords are stored in desktops in spreadsheets, development tools, DBA tools, and web browsers. These desktops are accessible to:
  • Windows domain administrators
  • Helpdesk personnel (e.g. via remote desktop control)
Backup administrators also have access both to the passwords and even the entire database files. This also means that whoever has access to the backup tapes has access to the information.
Passwords stored in spreadsheets are often stored on file servers and/or in the mail system. That means that the file server administrators and the mail server administrators have access to those passwords.

The Bigger Problem

The bottom line is that most of the IT staff, significant portions of the development staff, some ex-employees, and several contractors/partners can gain access to all the data in the database.
The more applications consolidate data, the bigger the security problem becomes. With a trend in modern ERP and data warehouse applications to consolidate ALL the data in the organization.

The Only Solution

We cannot change the Oracle security model, nor can we stop the train of data consolidation. The two Oracle passwords that are accessible to many of the employees is just a reality of modern IT. But something has to be done to mitigate this impossible security risk.
The solution is database auditing. It creates deterrence, alerts on security breaches, and provides forensic information if a breach occurs. Read more about the effectiveness of database auditing against the Internal Risk

What's next?

I want to know more about Core Audit!
Great! Here are a few options:
  • Read more about Core Audit features, reports, etc.
  • Try our Online Demo and play with Core Audit right now
  • Ask for a Personal Demo from one of our experts and get all your questions answered
  • Download a Free Trial and experience Core Audit on your systems
I only want more information, not a product
Not a problem, here is a list of relevant pages, and we are always available to answer any question
  • Fraud – Read
  • Hackers – Read
  • Rationalizing Oracle database auditing – Read
  • Oracle security checklist – Read
  • Oracle security – strengths & weaknesses – Read
  • How to prevent a database breach – Read
  • Oracle database security – Read