Description In this course, the students learn how they can use Oracle database features to meet the security and compliance requirements of their organization. The current regulatory environment of the Sarbanes-Oxley Act, HIPPA, the UK Data Protection Act, and others requires better security at the database level. Students learn how to secure their database and how to use the database features that enhance security. The course provides suggested architectures for common problems.
This course explains the security features of the database like auditing, column and file encryption, virtual private database, label security and enterprise user security. Some of the Oracle Network security topics like securing the listener and restricting connections by IP address are also covered.
Learn To:
Explain the fundamental security requirements
Manage Wallet manager
Protect sensitive data
Install Label Security
Describe group Policies
Objectifs
Use basic database security features
Choose a user authentication model
Secure the database and its listener
Use the Enterprise Security Manager tool
Manage users using proxy authentication
Implement Enterprise User Security
Describe the benefits and requirements associated with the Advanced Security Option
Manage secure application roles
Implement fine-grain access control
Manage the Virtual Private Database (VPD)
Implement fine-grain auditing
Use Transparent Data Encryption
Use file encryption
Encrypting and Decrypt table columns
Setup a simple Label Security policy
SOMMAIRE
Security Requirements
Security requirements
Basic Requirements
Components for enforcing security
Define Least Privilege
Enforce Security Policies
Security in Depth(OS/database/network) Hardening each level
Security Solutions
Preventing Exploits (Industry standard practices)
Data Protection California Breach Law
Data Access Control HIPPA, UK Data Protection
Middle-Tier Authentication/Authorization
Consistent checklist
Network Wide Authentication
Internal Database Security
Installation and patching
Privileged accounts
Manage user accounts and privileges
Database Auditing
Auditing Users that have Access
Managing the Audit Trail
Privileged user auditing (10g NF for 8i DBAs)
DML and DDL auditing with triggers (Wayne Reeser brown bag) Include autonomous transaction
Auditing with SYSLOG
Audit Vault
Fine-Grained Auditing
Concepts
Implementation
Data dictionary views
XML Format FGA logs
Basic User Authentication
Basic authentication
Protecting Passwords
Restricting Remote Database Authentication
Database Links
Strong Authentication
Example of Strong Authentication
Oracle provided tools
Enable Strong Authentication
Authentication adapters to Kerberos, Radius, et al
Secure External Password Store
External Security Module
Enterprise User Security
Enterprise User Security (EUS)requirements
EUS architecture
EUS vs. version of database
Authenticating enterpriser users
Setup Enterprise User Security
Authorizing Enterprise users
Create Enterprise roles
Creating Enterpriser users using Migration Utility
Proxy Authentication
Security Challenges of Three-tier Computing
Oracle 10g Proxy Authentication Solutions
Proxy Authentication
Data Dictionary Views
Auditing Actions Taken on Behalf of the Real User
Auditing the Real User
Authorization Methods
Discretionary access control
Securing Objects
Secure Application Roles
Data Dictionary Views: APPLICATION_ROLES
Using Application Context
Tools: PL/SQL Packages
Implementing a Local Context
Accessing the Application Context Globally
Guidelines
Data Dictionary views: *_CONTEXT
Fine-Grained Access Control
How Fine-Grained Access Control Works
EXEMPT ACCESS POLICY
Partitioned Fine Grained Access Control
Static vs. Dynamic Policies for Performance
FGAC: Creating a Virtual Private Database Policy: Tools
Implementation
Data Dictionary Views: *_POLICIES
Installing Label Security
Label Security: Overview
Access Control
VPD vs. Label Security
How Sensitivity Labels Are Used
Access Mediation
Installing Label Security
Configuring Label Security
Installing Policy Manager
Implementing Label Security
Implement Label Security
Analyze the Needs
Create policies
Create compartments
Setting user authorizations
Administering labels with Policy Manager
Add Labels to Data
Policy Special Privileges
Encrypting Data: Concepts
Principles of Data Encryption
Data Encryption Challenges
Solutions
Use Application Based Encryption
DBMS_CRYPTO Package (New)
Encrypt
Decrypt
Using MD5, SHA
Guidelines
Use Transparent Data Encryption
Transparent Data Encryption
Benefits of TDE
Using the External security Module
Using TDE
Export and Import with TDE
TDE Restrictions
Use File Encryption
RMAN Encrypted Backups
Encrypted Export Files
Oracle Secure Backup
Oracle Net Services Security Checklist
Overview of Net Services
Overview of firewalls
Network Security Checklist
Authenticate the Client
Securing the Listener
Restrict Network IP addresses
Limit Resource Usage by Unauthorized Connections
Restrict the Privileges of the Listener
Prevent unauthorized administration of the Oracle Listener
Prevent on-line administration
Secure External Procedures
Set listener log and trace file
Restrict CREATE LIBRARY privileges
Using Connection Manager as a Firewall
Oracle Connection Manager Overview
Oracle Connection Manager Architecture and processes
Starting and stopping Connection Manager
Access Control with Connection Manager
Monitor Connection Events Using the CMAN Log File
Prevent remote administration of the Oracle Connection Manager
