How Service Works

Inplexus offers a complete Oracle database environment security assessment to identify vulnerabilities and recommend solutions in four stages.

Stage One - Interviews
Inplexus begins the assessment by interviewing the customer staff and gathering information about the databases, hosts and network connectivity. In addition, these interviews collect information about database security policies, guidelines, responsibilities and procedures. The information gathered from the interviews are used for database security examination and reviewed for potential security improvement.

Stage Two – Penetration Tests
During the penetration test, the assessment attempts to find users with predictable or easily guessed user name and password combinations. This test is conducted using default password, dictionary and brute force attempts. Typically, user and password combinations are found that allow easy access to the database.

Stage Three – Vulnerability Assessment
During the database vulnerability assessment, the database is examined for potential vulnerabilities where the database does not conform to security best practices. A secure database follows the principal of "least privilege". This means that users and programs should only have access to the database objects required. Typical problems uncovered are vulnerabilities that provide valid users more access than required, potential for denial of service attacks and unneeded access to internal database information. This portion of the assessment performs more than fifty tests on the database.

Stage Four – Operating System Review
During this review, configuration and permissions on Oracle files and directories are checked. This step examines Oracle executables, database files, configuration files and Oracle environment variables.

Final Delivery
Once the interviews, penetration tests, vulnerability assessments and operating system investigation are complete, Inplexus staff reviews the results and provides the assessment findings and a recommendation report to the customer noting methods to mitigate the risks that have been identified. Inplexus delivers both a printed version and an electronic version of the report to the customer and conducts an in-depth meeting with the key staff members to review the report and define critical risks and associated remedies. The customer can then use the findings and recommendations to address the security concerns defined in the report. All findings and recommendations are kept confidential.

Click here for a brochure with additional details about our Oracle security assessment service.