Oracle 11g - Authentication Attempts Restriction Oracle tool

For restricting fail login attempts, Oracle provides profile setting parameter called failed_login_attempt. After enabling this profile parameter we can restrict user level failed login connection try. This is set for user level. Means if you set failed_login_attempt using profile then it is attached with only user level and after such login trial failure, the respective user account will be locked.

But hacker is smarter than Oracle, hacker can establish connection without any user connection and execute the loop for guessing username and password. Once server process started, server process is checking given username and password in to database and providing reply. Means if hacker is executing loop with guessing password less than failed_login_attempts profile setting then hacker can get success to trace password without affect on database.

What is SEC_MAX_FAILED_LOGIN_ATTEMPTS?

In Oracle 11g new feature was introduced called SEC_MAX_FAILED_LOGIN_ATTEMPTS parameter. You can set this parameter in your parameter file. If Oracle find out more than trial connections or attempts then drop said connection.

Default value is 10 for SEC_MAX_FAILED_LOGIN_ATTEMPTS. But you can modify it and set as per your own value. If failure login attempt is increasing more than secure failed login parameter then Oracle server process will drop such connection. Using this secure maximum failure login parameter you can prevent such hacker or intruder attack activity for password guessing.

Difference between SEC_MAX_FAILED_LOGIN_ATTEMPTS & FAILED_LOGIN_ATTEMPTS:

Oracle 11g Security: New feature enhancement in Oracle 11g in security. View large

Profile setting of malfunction access and parameter setting of secure maximum failure login attempt both are different things. Profile is restricting user level access control and parameter SEC_MAX_FAILED_LOGIN_ATTEMPTS is restricting whole database level control. Profile setup of failed_login_attempt restricts number of attempts for single user level failure password access. SEC_MAX_FAILED_LOGIN_ATTEMPTS restricts connection level failure access of whole database, it is affective number of connection failure for various user level. If failure attempting is increasing of profile of failed_login_attempts then user account will be locked. If failure attempting is increasing of parameter SEC_MAX_FAILED_LOGIN_ATTEMPTS, then connection is dropped by server process in Oracle database.

Strong and positive factor of SEC_MAX_FAILED_LOGIN_ATTEMPTS parameter doesn't harmful any trustful user activity in database which are not affect any valid user connection.

In short, excellent security feature was introduced in Oracle 11g that we can prevent malicious attack activities from database side and able to protect database from intruder. This is very useful & important security parameter setting for remote database services and remote database monitoring.

Indeed Oracle 11g becomes more secure.There are more excellent new security features introduced in Oracle 11g database.