Security Perspective / DBA
I am engaged in a debate with one of our Oracle DBA’s who seems intent that efforts to change default passwords on our Oracle 10g database is going to be a time-consuming exercise and not really offer much more protection to our data. Basically, we have a host based Personnel System (not Oracle FInancials some other app that happens to have a Oracle 10g DB to store the Data). The System, as you can imagine hosts pretty sensitive data. The infrastructure is basically and Oracle 10g Application Server and Database that reside on Unix Solaris Servers. 2 Oracle DBA’s can get onto these internal Servers to access the DB for basic admin type jobs. They login (through SSH) using a set account so one risk is if the defaults for the more powerful accounts have not been changed the Admins could access the Database using these.
But DBA’s aside, my concern is that if we have not changed the defaults, have we left a window of opportunity open to some employee with enough skill and intent the opportunity to get at our Oracle Database and the underlying data.
Access to the Personnel System front-end is unified, in that the users don’t enter a specific set of login credentials (username / password), when they logon to the necessary domain in AD, they are logged on to the System (kind of a single sign-on policy). The System cannot be accessed outside the corporate network. I say cannot as there are probably more advanced hacking techniques that could get onto it.
What would somebody, typically an employee already sat inside the network, with malicious intent / and enough skill need to get access to this Oracle DB? I am focusing on the risk from within, and not a more sophisticated attack, whereby the attacker would first have to bypass the packet filtering device before they could try and penetrate the various servers to gain access.
How could an insider try to logon to the Database? Say for example they don’t have access to the UNIX Server. I keep hearing about stuff like TOAD, and SQL Plus, where users remotely access Databases for queries etc, could the user just download a copy of such freeware tools and try to get access to the DB and data? Or would they first need to get onto the UNIX Servers and then try their look cracking the DB passwords? Or are there any other loopholes they could use to get at this Data. Or (heaven forbid), is our DBA correct, in that changing the defaults only really protects us from the 2 DBA’s using more powerful accounts.