Auditing of FAILED_LOGIN_ATTEMPTS value on Oracle profiles

From: Rich Jesse <rjoralist3_at_society.servebeer.com>
Date: Fri, 6 Dec 2013 09:07:21 -0600 (CST)
Message-ID: <f2bc0b29b554968ff27e77ba228deb16.squirrel_at_society.servebeer.com>



Hey all,

I'm expecting to get dinged on an audit because I have FAILED_LOGIN_ATTEMPTS set to 10 in a profile (11.2.0.3, if that matters). On our new DBs, I plan on changing that to UNLIMITED. The initial feedback from the auditors is that "the recommended is 3 to 5".

I reasoned that instead of a malicious attempt to break in to our ERP DB, it's much more likely that someone (in IT) will accidentally choose our Production ERP DB when they meant to choose Development (which has a different password), causing login failures which could lockout the account, effectively causing a denial of service. This has already happened, but with a non-existent user, so no harm done.

I have EM12c paging me for EVERY login failure in Production, since there are no user logins other than for the DBA (me).

What do others do? Take the audit hit and just move on?

TIA!
Rich

--
http://www.freelists.org/webpage/oracle-l
Received on Fri Dec 06 2013 - 16:07:21 CET

Original text of this message