Update: January 28, 2019
What is Multi-Factor Authentication?
An already excellent post by Hari Muthuswamy, I wanted to add a bit of information on Multifactor Authentication. – Dan Elliott
Multi-Factor Authentication, also known as dual factor authentication or 2FAis not a new concept but how it is delivered has changed. Many of you remember carrying around an RSA fob to get your tokens which worked well, but the newest versions of MFA are even easier and send a txt message with a key for you to enter in the app, or even easier a push notification to your cell phone.
Naturally MFA is available as a part of the Oracle Identity Cloud which related directly to Haris article below, and there are also 3rd party MFA solutions that will integrate directly with your applications. Our favorite 2FA provider is DUO, which provides MFA for hundreds of applications and APIs for any that you need to write your own MFA modules for.
If you would like to know more just reach out to one of us at Guardian Eagle.
Are you an Oracle DBA who spends most of your day provisioning, deprovisioning, resetting passwords, assigning roles and privileges?
DBAs are responsible for keeping user information up to date and secure for the entire enterprise, and in order to do so, are faced with time consuming tasks of provisioning, deprovisioning, and granting and revoking privileges and roles across multiple databases. It becomes difficult for both the users to remember multiple passwords and for the DBAs to manage multiple accounts.
While there are many ways of addressing this situation, our team has found Oracles Enterprise User Security (EUS) to be the most efficient way of solving this issue. EUS is best suited for (a) environments that have multiple databases comprised of hundreds or thousands of database user accounts and/or (b) environments that are already using Oracle Directory Services.
Let me share an example with you.
A customer of ours approached us with 2 simple requests:
1. All the database accounts need to be able to use the same password as their network/AD password
2. The password rules and expiration policies should be the same as the user’s network/AD password.
The customer currently had Oracle Internet Directory (OID) in their environment. Therefore, we proposed Enterprise User Security as it clearly aligned with their needs.
What does Oracle Enterprise User Security do?
⇒ Simplifies database user management by centralizing it with Directory Services.
• Users will have a single password that follows the established password rules in the directory.
• User Management includes provisioning and deprovisioning users.
• User Management includes managing privileges and credentials
⇒ Reduces and prevents common security risks that arise when there are individual passwords for individual databases.
⇒ Strengthens security and compliance within the organization.
• Security Department can manage authentication related tasks
• DBAs can manage authorization related tasks
⇒ Utilizes credentials and group allocations stored in AD.
⇒ Enables provisioning systems like Oracle Identity Manager to have a single connector to a directory rather than hundreds of connections into individual databases.
⇒ Centralizes all tns related details in a directory as an added benefit to being able to use the Directory for Naming services.
⇒ Integrates Non-Oracle Directories like AD in an organization for credentials and group memberships with minimal changes.
What do you need to implement Oracle Enterprise User Security?
⇒ A license for Oracle Directory Services.
• Not needed if you use it only for Naming services.
⇒ An Oracle directory like OVD (Oracle Virtual Directory), OID or OUD.
⇒ A plan for mapping of a Directory User to Database user.
⇒ Related plan for auditing the logged on user based on the mapping utilized.
⇒ Configuration and testing.
⇒ Design of Groups in the Directory.
⇒ Plan for provisioning and deprovisioning users.
Improved security and compliance, defined separation of duties for security admins and DBAs, and simplified provisioning tools and their connectors are key features of Oracle’s Enterprise User Security and necessary for successful database management. I suggest you implement a POC and test it out – You might find it useful just like our customer did!
About the author
Hari Muthuswamy, Chief Technology Officer
As a 20-Year Veteran in IT and Oracle technologies, he provides technical leadership to the organization and technical assistance during project implementations. Hari is calming force for Eagle bringing many years of superior results. Prior to his career with Eagle, Hari worked with DCC Services for over 9 years as Developer, Portal and Application Server Admin, DBA, instructor, and Technical Director. Hari’s time with DCC Services bolstered him with knowledge about technology, successful implementations of complex projects, and how to identify and groom good talent.