Dormant accounts are often technical accounts, application accounts, or old user accounts that:
- are no longer used; ;
- still have high privileges;
- have never been reviewed in light of the new security rules.
Until the day when, during a period of low surveillance, typically the end-of-year holidays, they spring into action when you least expect it.
CURRENT SOLUTION
In many environments, we limit ourselves to:
- analysis of users’ latest logins;
- identification of accounts that have been inactive for a prolonged period;
- deactivation of accounts after a user leaves.
This approach reduces the risks associated with accounts created by teams, but it does not take into account default accounts created during database installation.
RECOMMENDATION
For optimal risk management, it is essential to integrate the accounts provided by Oracle into your control procedures.
List the accounts provided by Oracle:
SQL> SELECT USERNAME FROM DBA_USERS WHERE ORACLE_MAINTAINED='Y';Next, check the privileges of the previous accounts, focusing on the ANONYMOUS, CTXSYS, and DBSNMP accounts.
Lock all accounts that are not specifically required.
✨ BONUS
- Use Oracle Audit Vault to easily list dormant accounts.
- Set all unnecessary accounts to schema-only accounts.
- Clear privileges before deactivating accounts of users who have left the company.