On an almost daily basis, we hear stories of yet another computer system that has been compromised by someone—a curious teenager, a disgruntled employee, or a corporate or political spy. We are baffled and bemused by the number of “hackers” who have been able to get into systems that have, up until now, been viewed as invulnerable. Government computers, corporate computers, and university systems are all fair game. It would appear that no system is completely safe.
In this book, you will find tactics, methods, and approaches to help you better protect your Oracle database and your computer systems as a whole. Our objective in writing this book is to provide you with the information and tools you need to ensure that your data remains safe. We emphasize the tools provided within the basic Oracle software that can help you build as complete a security system as your company requires. We are not here to sell you extra products. However, in the last chapter of the book, we do provide a brief overview of three extra-cost Oracle products: Trusted Oracle, the Advanced Networking Option, and the Oracle Application Server (formerly referred to as the Web Application Server).
The book will explain how to implement basic security concepts and more complex security actions from both a database and an applications perspective. We will also examine the auditing of the database and application areas. Since today more and more emphasis is being placed on World Wide Web-enabled interaction with the Oracle database, we’ll also touch on methods for securing both the database and applications for Internet and Web interaction.
This book is intended to help you understand and implement security within and for your Oracle database systems. Although we touch on many products and strategies, our main goal is to provide you with a clear understanding of the basic tools available with the standard Oracle product delivery.
This book is divided into three parts:
This part of the book introduces security in an Oracle system and outlines the main files, database objects, and Oracle security concepts you need to understand before attempting to adopt the security strategies presented in this book.
Chapter 1, outlines the threats to your system and database, introduces the various levels of security in an Oracle system, and briefly discusses the concepts and products that the book will explore.
Chapter 2, introduces the physical operating system files that are particularly important to your system’s security.
Chapter 3, introduces the various database objects that help implement database security—for example, tables, triggers, roles, and profiles.
Chapter 4, introduces the data dictionary and discusses its relevance to database security.
Chapter 5, describes the roles and user accounts Oracle creates automatically when the database is initialized, and explains why they are important to security.
Chapter 6, discusses how you can use Oracle’s user profile, password, and synonym features to secure your system; these features include password expiration times, account locking for passwords, and account “hiding” for synonyms.
This part of the book describes the specific steps we recommend to make your Oracle system and database more secure. It includes a number of sample applications you might want to adapt for your own organization’s use.
Chapter 7, discusses the importance of creating policies and a security plan as a first step in securing your system and database.
Chapter 8, describes what you need to do to install and start Oracle databases and to begin to implement security—for example, determine the appropriate system-level approach for accessing the database.
Chapter 9, provides a basic example of a security application you may wish to adapt for your own environment.
Chapter 10, describes auditing in an Oracle system and discusses the choices you need to make about when and how to audit events.
Chapter 11, provides a simple but effective audit trail application you may wish to build upon.
Chapter 12, discusses the available types of backup and recovery options from a security perspective.
Chapter 13, describes the use of the OEM, a basic GUI toolkit provided by Oracle to simplify many aspects of database administration, including security management.
Chapter 14, provides a sample application you may wish to adapt for maintaining user accounts within your own system.
This part of the book describes some types of security that might be appropriate in certain types of environments.
Chapter 15, discusses the use of the OSS (supplied with the basic Oracle RDBMS), which uses encryption and certificates of authority to enable more secure access to your data.
Chapter 16, suggests a number of strategies for protecting your site from the risks posed by Internet and Web connections.
Chapter 17, looks briefly at several extra-cost Oracle products that you may wish to purchase for enhanced security—Trusted Oracle, the Advanced Networking Option, and the Oracle Application Server.
Appendix A, provides a list of additional books and online resources.
Get Oracle Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
