Oracle Password Auditor helps auditors, database administrators, and security administrators to enforce strict password security policy by identifying weak and default passwords in the Oracle database. Weak passwords have been cited by experts from SANS, industry, government, and academia as one of the most critical security threats to computer networks. Password recovery becomes extremely easy with Oracle password auditor because it automatically retrieves password hashes from SYS.USER$ table from Oracle database and allows auditors, database administrators and security administrators to either password recovery or test the strength of the password according to an organization policy through comprehensive auditing.
It is a password strength analyzer that proactively identifies the strength of a password against an intrusion attempt. It also checks for defaults passwords those are not changed on Oracle database servers. All default passwords are security threat for the confidentiality, integrity and availability of data. It also provides options like dictionary attacks, brute force attacks and hybrid attacks to audit the weaknesses in enforced password security policy. Oracle Password Auditor also has the ability to present all cracked passwords in the form of a vulnerability report so that it complies with a defined controls and organizational security policy.
Oracle Password Auditor is compatible with Oracle database server 8 / Oracle database server 9i / Oracle database server 10g / Oracle database server 11g. It also facilitates in achieving strengthened governance and Regulatory Compliance standards like Sarbanes-Oxley Act (SOX) (USA) , Health Insurance Portability and Accountability Act (HIPAA) (USA) , Gramm-Leach-Bliley Act (GLBA) (USA) Federal Information Security Management Act (FISMA) (USA) , Data Protection (EU, UK, Canadian) J-SOX (Japan), LSF (France), Payment Card Industry Data Security Standard (PCI/DSS), security frameworks such as ISO 27001, and COBIT or NIST.
Following are some examples of weak passwords:
Default passwords such as those used in most software applications (SAP, symbol , weblogic, dbsnmp, tiger etc).
Popular passwords (qwerty, 123456, password, letmein, abc123, monkey etc.).
Repeated combinations of symbols as passwords (aabbcc, 123123, aaaa, 7777777 etc.).
Inversion of common words as passwords (drowssap, nimda etc.).
Passwords coinciding with user name or its variations.
Short passwords having up to 7 characters, which can be found with brute force attack.
Passwords derived from common words or word combinations that can quickly be discovered with a dictionary attack.
Passwords based on personal data.
Passwords based on user characteristics.
Passwords based on modified version of older passwords.
The best way to identify weak passwords is to conduct audits on regular basis.
Key Features and Benefits:
Determines the strength and security of corporate database servers against malicious activities.
Tests the strength of passwords which protects user accounts from intrusion
