Privileged Password Management and Privileged Session Management for Oracle Infrastructures
The “crown jewels” for most organizations, and indeed most hackers, is the database server. Protecting the database is priority number one for security and operations teams alike. Gaps in security and weaknesses in processes can put many organizations at risk as they try to balance efficiencies against operational impact. While proper configuration and timely patching can help address platform vulnerabilities, they do not address the three common database attack vectors being used today:
- Brute force attacks against weak or default passwords: Oracle environments are often put at risk when weak, or common, usernames and passwords are used across the infrastructure – or when passwords are infrequently changed. Once credentials are compromised, attackers can siphon sensitive data from the organization via custom malware and other malicious techniques.
- Privilege compromise: Successfully compromised legitimate accounts that have database access are difficult to detect.
- Malicious insider (privilege abuse): Users (employees, contractors, or service providers) abuse legitimate data access privileges for unauthorized purposes.
From a risk perspective these privilege attacks are especially dangerous in environments where database users are given excessive permissions that exceed the requirements of their job function and where weak database audit policies are in place. Although databases and their contents are vulnerable to a host of internal and external threats, it is possible to dramatically reduce the attack vectors. By specifically addressing these threats you can tighten security controls and meet the requirements of the most regulated industries in the world.
FIVE COMMON SIGNS OF ORACLE ACCOUNT SECURITY RISKS
1. Default or common passwords are not configured correctly
2. Credentials are shared across multiple database servers
3. Passwords remain unchanged for excessive periods of time
4. Privileged sessions are unmonitored
5. No accountability controls exist for outsourced DBAs
Any of these scenarios can set your organization up for a serious data breach. Fortunately, there is a simple and effective way to tighten controls and enhance the security of your database systems against account-based risks while maintaining audit controls and reducing operational impact: privileged password management with PowerBroker Password Safe.
AUTOMATED PRIVILEGED PASSWORD MANAGEMENT FOR ORACLE
PowerBroker Password Safe is an automated password and privileged session management solution offering secure access control, auditing, alerting ,and recording for any privileged account. Password Safe strengthens database security by:
- Ensuring no host environment or server has a default password for admin accounts
- Guaranteeing each host environment or database server has a unique complex password
- Automatically rotating passwords based on age and usage
- Limiting administrative access and communications to authorized
SECURING ORACLE ACCOUNTS WITH POWERBROKER PASSWORD SAFE
Password Safe secures privileged accounts across your enterprise environment, including:
- DBAs, service accounts, operating systems, network devices, databases (A2DB), and applications (A2A) accounts
- Local or domain shared admin accounts across physical and virtual host environments y Personal admin accounts (in the case of dual accounts)
- SSH keys, cloud, and social media accounts PowerBroker Password Safe enables you to secure Oracle infrastructure with complete control and audit all privileged account access. y Discover all database servers, and verify that no default passwords exist on any device y Manage all Oracle databases using PowerBroker Smart Rules, and store a unique password for each device
- Automatically rotate each device’s password based on age or after each admin
- Provide a complete workflow for device access, including an approval process for administrative access
- Database session management enabling database access without disclosing administrative credentials
- Achieve DB session control including lock, terminate, and over the shoulder monitoring y Report on all privileged credentials requested and used
- Native integration with Oracle Enterprise Manager workflow to orchestrate password changes using extensive API support
- Flexible application level control to lock privileged sessions to specific DBMS tools (TOAD, Squirrel, SQLdev, etc)
EXTEND ORACLE SECURITY WITH BEYONDTRUST LEAST PRIVILEGE SOLUTIONS
PowerBroker for Unix & Linux and PowerBroker for Windows least privilege solutions enable you to further harden your Oracle infrastructure. These solutions reduce the risk of privilege misuse, especially when third-party tools and other applications are required to manage the database infrastructure. With PowerBroker, you can eliminate local admin privileges, enforce least-privilege policy, maintain application access control, and keystroke all log privileged activities.
Read the complete Data Sheet!