Re: how to stop access of OEM

• From: stephen booth <stephenbooth.uk@xxxxxxxxx>
• To: Thomas.Mercadante@xxxxxxxxxxxxxxxxx
• Date: Mon, 27 Jun 2005 18:23:46 +0100

On 27/06/05, Mercadante, Thomas F (LABOR)
<Thomas.Mercadante@xxxxxxxxxxxxxxxxx> wrote:
>  
> That will work until they download the Oracle Client software and re-install
> OEM. 
> 

Which is why I specified also locking down  the machine to prevent
re-installation.

Security is like an Ogre^H^H^Hnion, it's got layers.  Removing the
software is one layer, locking down the PC is another (done right it
also helps protect against viruses, trojans and spyware, although it's
a not a substitute for antivirus software, firewalls and running a
spyware detector periodically), putting in firewalls with reasonably
paranoid settings helps a lot, as does segmenting your network
(ideally physically but logically helps) and keeping an eye on traffic
crossing segments.  Keeping an eye on what users have what privs and
checking they actually need it helps a lot (application vendors who
say their applications schema account should just be given DBA role
should generally be kneecapped then chased out of town by bull whip
wielding support DBAs).  A sane password management policy (e.g. force
changes periodically and enforce a reasonable degree of complexity,
but not too often or too complex else users will have to write the
password down and stick it to their monitor because they can't
remember it) helps a lot, especially if you have single sign-on so the
user only has to remember one username and one password, they don't
have an excuse to write it down and you only have to change one
password or disable one account if  it's been revealed or they've just
been called into the manager's office for a surprise sacking (there's
been a few times I've been the first person outside of management to
know a person is being sacked because I've had a message from the
manager to the effect of "When X is called into my office and I close
the door immediately kill all his logins and disable his accounts.").

Stephen

-- 
It's better to ask a silly question than to make a silly assumption.
--
//www.freelists.org/webpage/oracle-l

• References:
  • RE: how to stop access of OEM
    • From: Mercadante, Thomas F (LABOR)

Other related posts:

• » how to stop access of OEM
• » Re: how to stop access of OEM
• » RE: how to stop access of OEM
• » RE: how to stop access of OEM
• » RE: how to stop access of OEM
• » RE: how to stop access of OEM
• » Re: how to stop access of OEM
• » Re: how to stop access of OEM

1. Home
2. oracle-l
3. Archive
4. 06-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---