HOWTO Secure and Audit Oracle 10g and 11g

HOWTO Secure and Audit Oracle 10g and 11g

by Ron Ben-Natan
Released March 2009
Publisher(s): Auerbach Publications
ISBN: 9781420084139

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

This guide demonstrates how to secure sensitive data and comply with internal and external audit regulations using Oracle 10g and 11g. It provides the hands-on guidance required to understand the complex options provided by Oracle and the know-how to choose the best option for a particular case.

Table of contents

  1. Front Cover
  2. HOWTO Secure and Audit Oracle 10g and 11g
    1. Contents
    2. Foreword
    3. Acknowledgments
    4. Author
  3. Chapter 1: Introduction: How This Book Will Help You Be Secure and Compliant
    1. 1.1 Why Secure the Data? (1/2)
    2. 1.1 Why Secure the Data? (2/2)
    3. 1.2 Taxonomy of Best-Practice Database Security
    4. 1.3 Using HOWTOs to Secure Oracle
  4. Chapter 2: Hardening the Database
    1. 2.1 HOWTO Choose a Hardening Guideline
    2. 2.2 HOWTO Use a Vulnerability Assessment Tool
    3. 2.3 HOWTO Create and Maintain a Secure Configuration Baseline
    4. 2.4 HOWTO Understand Critical Patch Updates
    5. 2.5 HOWTO Sanitize Data for Test
    6. 2.6 Discussion: Defense in Depth
  5. Chapter 3: Securing the Listener
    1. 3.1 HOWTO Secure Access to lsnrctl (1/2)
    2. 3.1 HOWTO Secure Access to lsnrctl (2/2)
    3. 3.2 HOWTO Limit the Ability to Change Listener Properties
    4. 3.3 HOWTO Secure EXTPROC (1/2)
    5. 3.3 HOWTO Secure EXTPROC (2/2)
    6. 3.4 HOWTO Limit the Sources from Which Connections Are Accepted
    7. 3.5 HOWTO Inspect Listener Logs and Traces and HOWTO Limit Traces
    8. 3.6 HOWTO Combat TNS Protocol Attacks
    9. 3.7 Discussion: History of Listener Security Alerts
  6. Chapter 4: Account Security
    1. 4.1 HOWTO Create, Alter, Drop, and Lock User Accounts
    2. 4.2 HOWTO Understand the Standard Logon Process
    3. 4.3 HOWTO Use Password Policies
    4. 4.4 HOWTO Enforce Password Complexity
    5. 4.5 HOWTO Check for Weak and Default Passwords
    6. 4.6 HOWTO Set Password Case
    7. 4.7 HOWTO Use Impossible Passwords
    8. 4.8 HOWTO Limit System Resources Used by Users
    9. 4.9 HOWTO View Information on Users and Profiles
    10. 4.10 Additional Resources
  7. Chapter 5: Cryptography, Oracle Wallets, and Oracle PKI (1/4)
  8. Chapter 5: Cryptography, Oracle Wallets, and Oracle PKI (2/4)
  9. Chapter 5: Cryptography, Oracle Wallets, and Oracle PKI (3/4)
  10. Chapter 5: Cryptography, Oracle Wallets, and Oracle PKI (4/4)
    1. 5.1 HOWTO Create Wallets
    2. 5.2 HOWTO Add Certificates
    3. 5.3 HOWTO Create and Sign a Certificate Request
    4. 5.4 Discussion: Orapki Errors
  11. Chapter 6: Authentication
    1. 6.1 HOWTO Understand and Use O3/O5 LOGON and OS Authentication
    2. 6.2 HOWTO Use Password Files
    3. 6.3 HOWTO Configure Clients to Use External Password Stores
    4. 6.4 HOWTO Configure SSL-Based Authentication Using ASO
    5. 6.5 HOWTO Configure Kerberos Authentication Using ASO
    6. 6.6 HOWTO Configure RADIUS and Two-Factor Authentication Using ASO
    7. 6.7 Discussion: Protect Your Password Hashes
  12. Chapter 7: Encrypting Data-in-Transit (1/2)
  13. Chapter 7: Encrypting Data-in-Transit (2/2)
    1. 7.1 HOWTO Configure Network Encryption Using ASO
    2. 7.2 HOWTO Configure Network Encryption for JDBC Drivers
    3. 7.3 HOWTO Configure Data Integrity Using ASO
    4. 7.4 HOWTO Use IPSEC, Tunnels, and Hardware Acceleration (1/2)
    5. 7.4 HOWTO Use IPSEC, Tunnels, and Hardware Acceleration (2/2)
    6. 7.5 Discussion: Performance Impact When Encrypting Data-in-Transit
  14. Chapter 8: Encrypting Data-at-Rest
    1. 8.1 Application-, Database-, and Storage-Based Encryption
    2. 8.2 HOWTO Use DBMS_CRYPTO (1/2)
    3. 8.2 HOWTO Use DBMS_CRYPTO (2/2)
    4. 8.3 HOWTO Use TDE to Encrypt Columns (1/2)
    5. 8.3 HOWTO Use TDE to Encrypt Columns (2/2)
    6. 8.4 HOWTO Encrypt Foreign Keys and Columns Used for Indexes
    7. 8.5 HOWTO Use TDE to Encrypt Tablespaces
    8. 8.6 HOWTO Manage TDE Master Keys
    9. 8.7 HOWTO Use HSMs and TDE
    10. 8.8 HOWTO Use TDE with External Tables (Oracle Data Pump)
    11. 8.9 HOWTO Keep Data Encrypted When You Export It Using Oracle Data Pump Utilities
    12. 8.10 HOWTO Encrypt Backups with RMAN
    13. 8.11 Discussion: Why Did Oracle Pick the TDE Approach?
  15. Chapter 9: Standard Auditing
    1. 9.1 HOWTO Enable Standard Auditing
    2. 9.2 HOWTO Use Audit Qualifiers
    3. 9.3 HOWTO Use Statement Auditing
    4. 9.4 HOWTO Use Object Auditing
    5. 9.5 HOWTO Use Privilege Auditing
    6. 9.6 HOWTO Audit for Unexpected Errorsin the Network Layer
    7. 9.7 HOWTO Read Audit Records
    8. 9.8 HOWTO View What Is Currently Being Audited
    9. 9.9 HOWTO Use NOAUDIT
    10. 9.10 Discussion—Auditing and Performance
  16. Chapter 10: Mandatory and Administrator Auditing
    1. 10.1 HOWTO Use Mandatory Auditing
    2. 10.2 HOWTO Enable Administrator Auditing
    3. 10.3 HOWTO Use Syslog Auditing
  17. Chapter 11: Fine-Grained Auditing
    1. 11.1 HOWTO Define FGA Policies
    2. 11.2 HOWTO Manage FGA Policies
    3. 11.3 HOWTO Read FGA Tables and Views
    4. 11.4 Discussion: FGA Performance
  18. Chapter 12: Auditing Before/After Values and Monitoring Selected Data
    1. 12.1 HOWTO Use Triggers for Capturing Before/After Values
    2. 12.2 HOWTO Use Oracle Streams for Capturing Before/After Values (1/2)
    3. 12.2 HOWTO Use Oracle Streams for Capturing Before/After Values (2/2)
    4. 12.3 HOWTO Use the SCN and Flashback Queries
      1. 12.3.1 Notification Laws
      2. 12.3.2 Using Flashback Queries: An Example
      3. 12.3.3 Getting Versions Using Flashback
      4. 12.3.4 Prerequisites for Flashback
    5. 12.4 HOWTO Use Flashback Data Archive
    6. 12.5 Discussion: Do You Really Need the Before Values?
  19. Chapter 13: Oracle Audit Vault (1/2)
  20. Chapter 13: Oracle Audit Vault (2/2)
    1. 13.1 HOWTO Add, Configure, and Manage Agents
    2. 13.2 HOWTO Add, Configure, and Manage Sources
    3. 13.3 HOWTO Add, Configure, and Manage Collectors
    4. 13.4 HOWTO Configure Audit Rules
    5. 13.5 HOWTO Configure and Manage the AV Server and the Warehouse
    6. 13.6 HOWTO View Audit Data within the AV Console
    7. 13.7 HOWTO Configure Alerts
    8. 13.8 HOWTO Understand Performance and Storage Impact
    9. 13.9 Miscellaneous Discussion—Auditing AV
  21. Chapter 14: Database Activity Monitoring (1/2)
  22. Chapter 14: Database Activity Monitoring (2/2)
    1. 14.1 HOWTO Protect against SQL Injection
    2. 14.2 HOWTO Categorize and Identify Misuse and Intrusions
    3. 14.3 HOWTO Understand the Compliance Landscape (1/2)
    4. 14.3 HOWTO Understand the Compliance Landscape (2/2)
    5. 14.4 HOWTO Determine Whether You Need DAM or DAMP
    6. 14.5 HOWTO Analyze Impact on Performance
    7. 14.6 HOWTO Analyze Impact on Storage
    8. 14.7 Discussion: Identifying the Real User
    9. Chapter 15: Privileges and Authorization
      1. 15.1 HOWTO Manage Object and Column Privileges
        1. 15.1.1 Grant Option
      2. 15.2 HOWTO Manage System Privileges (1/3)
      3. 15.2 HOWTO Manage System Privileges (2/3)
      4. 15.2 HOWTO Manage System Privileges (3/3)
      5. 15.3 HOWTO Use Roles to Manage Privileges
      6. 15.4 HOWTO Use Secure Application Roles
      7. 15.5 HOWTO Manage the PUBLIC Role
      8. 15.6 HOWTO Use Access Control Lists (ACLs) to Limit Access to Database Network Services
      9. 15.7 HOWTO Generate Entitlement Audit Reports (1/2)
      10. 15.7 HOWTO Generate Entitlement Audit Reports (2/2)
      11. 15.8 Discussion—SQL92_SECURITY
  23. Chapter 16: Virtual Private Database
    1. 16.1 HOWTO Use VPD Policies to Limit Access to Rows
    2. 16.2 HOWTO Use VPD Policies to Limit Access to Sensitive Column Data
    3. 16.3 HOWTO Use VPD Policies to Hide Sensitive Column Data
    4. 16.4 HOWTO Use Policy Groups
    5. 16.5 HOWTO Choose a Policy Type for Optimal Performance
    6. 16.6 HOWTO Review and Debug VPD Policies
    7. 16.7 Discussion—Using Secure Application Roles and VPD
  24. Chapter 17: Oracle Database Vault
    1. 17.1 HOWTO Use a Realm to Secure Data Access from DBA Access
    2. 17.2 HOWTO Use Command Rules to Secure User Activity
    3. 17.3 HOWTO Use Rule Sets, Factors, and Secure Application Roles (1/2)
    4. 17.3 HOWTO Use Rule Sets, Factors, and Secure Application Roles (2/2)
    5. 17.4 HOWTO Use Reports in DV
    6. 17.5 HOWTO Enable sysdba Connections
    7. 17.6 HOWTO Disable DV and Track Whether It Is Enabled
    8. 17.7 HOWTO Better Understand DV’s Impact on Performance
    9. 17.8 Miscellaneous Discussion—Is Auditing Alone Enough?
  25. Appendix A: Payment Card Industry (PCI) Data Security Standard (DSS) Version 1.1: Impact on Oracle Security Implementations (1/3)
  26. Appendix A: Payment Card Industry (PCI) Data Security Standard (DSS) Version 1.1: Impact on Oracle Security Implementations (2/3)
  27. Appendix A: Payment Card Industry (PCI) Data Security Standard (DSS) Version 1.1: Impact on Oracle Security Implementations (3/3)
  28. Appendix B: Using an “All-in-One” Solution: An Example
    1. B.1 Discovery
    2. B.2 Vulnerability Assessments
    3. B.3 Change Tracking
    4. B.4 Auditing
    5. B.5 Database Activity Monitoring
    6. B.6 Data Access Protection
    7. B.7 Compliance
  29. Back Cover

Product information

  • Title: HOWTO Secure and Audit Oracle 10g and 11g
  • Author(s): Ron Ben-Natan
  • Release date: March 2009
  • Publisher(s): Auerbach Publications
  • ISBN: 9781420084139