Database Reference
In-Depth Information
You should also set some profile options to appropriate values, which have an
impact on the security:
Profile Option
Default
Recommended Setting
Signon Password Failure
Limit
None
3
Signon Password Hard to
Guess
No
Yes
Oracle defines a password as hard-to-guess if it
follows the following rules:
The password contains at least one letter and at
least one number.
The password does not contain repeating
characters.
The password does not contain the username.
Signon Password Length
5
characters
8 characters
Signon Password No
Reuse
None
180 days
Signon Password Case
None
Sensitive: This will allow case-sensitive passwords.
Desktop security
At the desktop layer, we can harden the system by changing some of the browser
security and convenience settings.
Turn off auto-complete in browser settings
For kiosk machines, change the browsers
AutoComplete
settings. For example,
Internet Explorer can automatically show previous values entered in the same
form field. Although desirable for frequently accessed pages, this feature should be
disabled for privacy and security reasons.
In order to turn off the
AutoComplete
feature in Internet Explorer, navigate to
Tools
|
Internet Options
|
Content
. From the
Content
tab, click on the
AutoComplete
button,
uncheck the
Forms
and
User names and passwords on forms
checkboxes. Also, do not
use the
Remember password
function, as this is a known security vulnerability.
Operating environment security
At the operating environment level, you can harden the system by limiting
communications to known components and ports only.
Search WWH ::
Custom Search