When assigning a name to your document, please use the following format (last name Assignment #5). Use examples from the readings, lecture notes, and outside research

Sample Solution

         

Okay, I understand the instructions for Assignment #5. However, my current capabilities only allow me to provide information in this text-based format. I cannot directly create a Word document and format it according to APA guidelines.

However, I can provide you with the detailed steps involved in modifying the default password policy in Oracle, along with explanations and considerations that you can then incorporate into your Word document. You will need to take this information and format it according to the assignment requirements, including adding examples from your readings, lecture notes, and at least two outside sources, as well as proper APA citations and a reference list.

Here are the steps involved in modifying the default password policy in Oracle:

Full Answer Section

          Here are the steps involved in modifying the default password policy in Oracle: Understanding Oracle Password Policies Before modifying the password policy, it's crucial to understand how Oracle manages password security. Oracle uses password profiles to define rules for password complexity, reuse, lifetime, and account locking. The default profile is usually named DEFAULT. Modifying this profile affects all users who are not explicitly assigned a different profile. Steps to Modify the Default Password Policy: Connect to the Oracle Database as an Administrative User: You need to connect to the Oracle database with a user that has the ALTER USER and ALTER PROFILE system privileges. Typically, the SYS or SYSTEM user is used for this purpose. You can use SQL*Plus, SQL Developer, or another Oracle SQL client. SQL CONNECT SYS AS SYSDBA -- Enter password when prompted Examine the Current Default Password Profile Settings (Optional but Recommended): Before making changes, it's good practice to view the current settings of the DEFAULT profile. This helps you understand the existing policy and what you are modifying. SQL SELECT * FROM dba_profiles WHERE profile = 'DEFAULT' AND resource_name LIKE 'PASSWORD%'; SELECT * FROM dba_profiles WHERE profile = 'DEFAULT' AND resource_name LIKE 'FAILED_LOGIN%'; SELECT * FROM dba_profiles WHERE profile = 'DEFAULT' AND resource_name LIKE 'PASSWORD_LIFE%'; These queries will show you the current values for parameters like: PASSWORD_LIFE_TIME: How long a password is valid before it expires. PASSWORD_REUSE_TIME: How many days must pass before a password can be reused. PASSWORD_REUSE_MAX: How many password changes must occur before a password can be reused. PASSWORD_VERIFY_FUNCTION: A function used to enforce password complexity rules. The default is often NULL or a basic function. FAILED_LOGIN_ATTEMPTS: The number of failed login attempts allowed before the account is locked. PASSWORD_LOCK_TIME: The duration (in days) for which an account is locked after exceeding failed login attempts (can be UNLIMITED). PASSWORD_GRACE_TIME: The number of days after password expiration that a user is allowed to log in and change their password before the account is locked. Modify the DEFAULT Password Profile using the ALTER PROFILE Command: Use the ALTER PROFILE command to change the desired password policy parameters. Here are some common modifications with examples: Setting Password Complexity using a Password Verify Function: Oracle provides a default password verify function called ORA12C_STRONG_PASSWORD_VERIFY_FUNCTION (or similar, depending on the Oracle version) that enforces stronger password complexity rules (e.g., minimum length, uppercase, lowercase, numeric, and special characters). You can enable this or create your own custom function. SQL ALTER PROFILE default LIMIT PASSWORD_VERIFY_FUNCTION ora12c_strong_password_verify_function; -- Or, for older versions, a similar default function might exist or you'd need to create one. Setting Password Lifetime: To force users to change their passwords regularly (e.g., every 90 days): SQL ALTER PROFILE default LIMIT PASSWORD_LIFE_TIME 90; Preventing Password Reuse (based on time): To prevent users from immediately reusing old passwords (e.g., must wait 180 days): SQL ALTER PROFILE default LIMIT PASSWORD_REUSE_TIME 180; Preventing Password Reuse (based on the number of changes): To prevent reuse until a certain number of different passwords have been used (e.g., cannot reuse the last 5 passwords): SQL ALTER PROFILE default LIMIT PASSWORD_REUSE_MAX 5; Setting Failed Login Attempts and Lockout Duration: To lock an account after a certain number of failed login attempts and specify the lockout duration (e.g., 3 failed attempts, locked for 1 day): SQL ALTER PROFILE default LIMIT FAILED_LOGIN_ATTEMPTS 3 PASSWORD_LOCK_TIME 1; -- To lock indefinitely, use UNLIMITED: -- ALTER PROFILE default LIMIT FAILED_LOGIN_ATTEMPTS 3 PASSWORD_LOCK_TIME UNLIMITED; Setting Password Grace Period: To allow users a grace period after their password expires to change it before their account is locked (e.g., 7 days grace period): SQL ALTER PROFILE default LIMIT PASSWORD_GRACE_TIME 7; Verify the Changes: After making the modifications, query the dba_profiles view again to confirm that the changes have been applied to the DEFAULT profile. SQL SELECT * FROM dba_profiles WHERE profile = 'DEFAULT' AND resource_name LIKE 'PASSWORD%'; SELECT * FROM dba_profiles WHERE profile = 'DEFAULT' AND resource_name LIKE 'FAILED_LOGIN%'; SELECT * FROM dba_profiles WHERE profile = 'DEFAULT' AND resource_name LIKE 'PASSWORD_LIFE%'; Consider Applying the Changes to Existing Users (Optional but Often Necessary): Modifying the DEFAULT profile only affects new users created after the change and users whose profile is explicitly set to DEFAULT. Existing users who were created before the change or assigned a different profile might not immediately be subject to the new rules (especially password complexity). To enforce the new password policy on existing users, you might need to take additional steps, such as: Forcing Password Changes: You can set the PASSWORD_LIFE_TIME to a small value or use the ALTER USER ... PASSWORD EXPIRE command to force users to change their passwords upon their next login. Updating User Profiles: Ensure all relevant users are assigned the DEFAULT profile or a newly created profile with the desired policies. Important Considerations: Impact on Users: Changes to the password policy can impact users, especially if complexity requirements are significantly increased. Communicate these changes in advance. Testing: After modifying the policy, thoroughly test the changes by creating new users, attempting logins with incorrect passwords, and testing password changes. Custom Password Verify Functions: For more granular control over password complexity, you can create your own PL/SQL password verify function. This function can implement specific rules tailored to your organization's needs. Auditing: Ensure that auditing is enabled to track changes to security-related objects like profiles. Documentation: Document the changes made to the password policy and the rationale behind them. Remember to consult your Oracle documentation for the specific version you are using, as the exact names of default password verify functions or available parameters might vary slightly. To complete your assignment, you will need to find at least two external sources (e.g., Oracle documentation, security best practice guides, academic articles on database security) that support these steps and provide further context or examples. You will then need to synthesize this information, including examples from your readings and lecture notes, into a properly formatted APA Word document with citations and a reference list.