Imperva Cyber Community

 View Only

Ms SQL and Oracle Password complexity assessment

  • 1.  Ms SQL and Oracle Password complexity assessment

    Posted 06-03-2022 13:27
    Users are authenticating through SQL server authentication for MsSQL and similarly for Oracle database using database authentication. We need to verify below attributes for password complexity:

    • End-user passwords must be changed every sixty (60) days.
    • At a minimum, twenty-four (24) previous end-user passwords shall not be repeated by any Employee for a particular system or application.
    • Employees will be locked out of system or application after a maximum of five (5) unsuccessful logon attempts. To restore access, the owner of the account must contact the Service Desk.
    • Employees will be notified at least fourteen (14) days in advance of end-user password expiration on each system or application. Upon receiving the end-user password expiration notification, Employees will be prompted to change their end-user password.
    • End-user passwords must be at least 8 characters long.
    • End-user passwords shall not contain the Employee's account name or parts of the Employee's full name which exceed two consecutive characters of the Employee's name
    • End-user passwords must contain characters from at least three of the following four categories:
       o Uppercase characters (A through Z)
       o Lowercase characters (a through z)
       o Numerals (0 through 9)
       o Non-alphabetic characters (example.g., !, $, #, %)
    • Systems, applications and IT service account passwords must be changed every 365 days
    #DatabaseActivityMonitoring

    ------------------------------
    Vibhore Ajmera
    Consultant
    San Antonio TX
    ------------------------------