Databases Reference
In-Depth Information
Name Type
---------------------------------------- --------
OWNER# NUMBER
NAME VARCHAR2(128)
CTIME DATE
HOST VARCHAR2(2000)
USERID VARCHAR2(30)
PASSWORD VARCHAR2(30)
FLAG NUMBER
AUTHUSR VARCHAR2(30)
AUTHPWD VARCHAR2(30)
Unfortunately, Oracle chose to maintain the username and passwords in
clear text! This creates a serious security vulnerability, and you must make
special provisions in your environment to better secure this information.
You should make sure no one can read the
table. You should also
closely monitor any attempt to read this table and generate a real-time alert
any time access to this object is attempted (regardless of the SQL command
being used, any external access to this table is suspect).
Oracle maintains link-related information in many places, including
SYS.LINK$
,
,
,
,
, and
LINK$
V$DBLINK
GV$DBLINK
USER_DB_LINKS
ALL_DB_LINKS
, and you should monitor access to all of these objects. Luck-
ily, not all of these objects maintain the password being used by the link.
Monitoring access to link definitions is true for any database, even when
there is less of a security vulnerability and even when passwords are not
maintained in plain text. For example, if you have a SQL Server environ-
ment, you should monitor all usage of
DBA_DB_LINKS
,
sp_addlinkedserver
,
, and so on.
sp_addlinkedsrvlogin
sp_linkedservers
8.4
Monitor usage of database links
There are two monitoring categories you should consider: monitoring of all
access to link definitions and usage of database links. The first was men-
tioned in the previous section; you should always monitor and alert upon
any creation of database links, modifications, and access to link informa-
tion. In addition, you should monitor usage of database links, especially if
you own the database that is being linked (i.e., database B) and are con-
cerned about lax security on database A causing a security breach in your
environment.
Continuing with the Oracle example, you can access the remote table
within database A by one of two ways. You can explicitly call the remote
 
Previous Page
Next Page
Implementing Database Security and Auditing
Search WWH ::




Custom Search
Home