Imperva Cyber Community

 View Only

Ms SQL and Oracle Password complexity assessment

  • 1.  Ms SQL and Oracle Password complexity assessment

    Posted 25 days ago
    Users are authenticating through SQL server authentication for MsSQL and similarly for Oracle database using database authentication. We need to verify below attributes for password complexity:

    • End-user passwords must be changed every sixty (60) days.
    • At a minimum, twenty-four (24) previous end-user passwords shall not be repeated by any Employee for a particular system or application.
    • Employees will be locked out of system or application after a maximum of five (5) unsuccessful logon attempts. To restore access, the owner of the account must contact the Service Desk.
    • Employees will be notified at least fourteen (14) days in advance of end-user password expiration on each system or application. Upon receiving the end-user password expiration notification, Employees will be prompted to change their end-user password.
    • End-user passwords must be at least 8 characters long.
    • End-user passwords shall not contain the Employee's account name or parts of the Employee's full name which exceed two consecutive characters of the Employee's name
    • End-user passwords must contain characters from at least three of the following four categories:
       o Uppercase characters (A through Z)
       o Lowercase characters (a through z)
       o Numerals (0 through 9)
       o Non-alphabetic characters (example.g., !, $, #, %)
    • Systems, applications and IT service account passwords must be changed every 365 days
    #DatabaseActivityMonitoring

    ------------------------------
    Vibhore Ajmera
    Consultant
    San Antonio TX
    ------------------------------