Solved

Database Security

Posted on 2011-02-21
5
342 Views
Last Modified: 2012-05-11
How to get the following items from Oracle, MS SQL databases? Anyone can gives me the command?

1. All users and passwords (even encrypted)
2. All table names
3. All table privileges

Also, what is security on database that is required when doing audit?
It would be great if you can find a official security checklist.


Thank you!
0
Comment
Question by:mawingho
5 Comments
 
LVL 11

Accepted Solution

by:
Akenathon earned 125 total points
ID: 34943887
Please only one question per post. I'm answering the first question for Oracle:

1) select username, password from dba_users
2) select table_name from dba_tables
3) select * from dba_tab_privs
0
 
LVL 76

Assisted Solution

by:slightwv (䄆 Netminder)
slightwv (䄆 Netminder) earned 125 total points
ID: 34946122
Oracle privs are more complicated.

You also have:
Dba_sys_privs, dba_role_privs, role_sys_privs and another or two I can't rember right now.

Audits can cover many areas.  If you are getting ready to go through one, the auditors should provide you with the specifics on what they are looking for.

0
 
LVL 34

Assisted Solution

by:johnsone
johnsone earned 125 total points
ID: 34952126
Every auditor is going to look for something different.

I have found that they don't want the results of queries that join things together.  I guess they don't trust that you are not doing something magic in the queries.  Typically, for Oracle, they wanted dumps of DBA_SYS_PRIVS, DBA_TAB_PRIVS and DBA_ROLE_PRIVS.  They figured it out from there.

They want the user names and encrypted passwords so they can run a password cracker against them.
0
 
LVL 47

Assisted Solution

by:schwertner
schwertner earned 125 total points
ID: 34952656
In addition to the document below try to find on My Oracle Support the following doc:

207959.1
 All About Security: User, Privilege, Role, SYSDBA, O/S Authentication, Audit, Encryption, OLS, Database Vault, Audit Vault
     1) Alerts
     2) System Privileges
     3) Object Privileges
     4) Users and Roles
     5) User and Tablespace Quotas
     6) Profiles and Resource Limits
     7) Password Management
     8) Connect Internal and Password Files
     9) O/S Authentication
     10) Auditing
     11) Event Triggers
     12) Fine Grained Access Control
     13) Oracle Label Security
     14) Database Vault
     15) Audit Vault
     16) Data Encryption
     17) Security Server
________________________________________

Oracle-20Database-20Security-20F.pdf
0
 

Author Closing Comment

by:mawingho
ID: 34977049
thanks
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

APEX (Application Express) is used to develop a web application from Oracle. SQL Workshop is one of the tools that comes with Oracle APEX to query or modify the database objects or to make any changes to the structure.
These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
This video shows how to Export data from an Oracle database using the Datapump Export Utility.  The corresponding Datapump Import utility is also discussed and demonstrated.
This video explains what a user managed backup is and shows how to take one, providing a couple of simple example scripts.

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now