This Oracle Database Security Administration training course teaches attendees how to leverage the security features built into the Oracle database.
Skills Gained
- Learn about the security issues that must be addressed
- Work with Oracle’s standard security capabilities
- Use the Advanced Security Option
Prerequisites
- Understanding of Oracle database and instance architecture
- Familiarity with SQL and basic PL/SQL
- Able to work with Linux command-line tools
Outline
Introduction
- Standards and risks: assessing the need
- Developing a security policy
- Multi-layered security: defense in depth
- Selecting a security solution
SQL Injection
- What is SQL injection?
- How can injections be made?
- How can attempted injections be blocked?
User Authentication
- Authentication delegated to the operating system
- Administrative user authentication
- Use of a password file
- Data dictionary password authentication
- Proxy authentication
- Using the external secure password store
- Authentication by external services
Basic Access Control with Roles and Privileges
- Direct system and object privileges
- Grouping privileges into roles
- Enabling and disabling roles
Some More Advanced Topics with Roles and PL/SQL
- Secure application roles
- Assigning roles through OS authentication
- The PL/SQL privilege model: definers and invokers rights code
- Code-based access control
- Privilege inheritance and controlling privilege escalation
- Privilege usage analysis
Database links
- Public and private database links
- Authentication options for links
- Security risks and auditing of links
Virtual Private Database
- Local and global application contexts
- Using contexts for fine grained access control
- Row level security
- VPD performance issues
Control Access to the Operating System
- Access to the server file system with PL/SQL
- Use of directories
- Access to network facilities with PL/SQL
- Use of Scheduler external jobs
- External procedure
Encryption Within the Database
- Programmatic data encryption
- Transparent column encryption
- Transparent tablespace encryption
- Key management
Encryption Outside the Database
- Encryption in the redo stream
- Encrypted backups
- Encrypting in export dumps
Concealing Data
- The Data Masking Pack
- Data redaction
- Transparent Sensitive Data Protection
Network Security
- Encrypting network traffic
- Access control with Oracle Net
- Access control with the Connection Manager
Audit
- Traditional audit: users, privileges, and objects
- Fine Grained Auditing
- Auditing SYS activity
- Auditing with triggers
- Unified audit
Conclusion