Oracle 10g Security

Security Requirements and Risks in an Internet Environment·

Fundamental Data Security Requirements

• Processes for Enforcing Confidentiality
• Data Integrity and Service Availability
• Compromised Authentication and Authorization
• Data or Service Theft, Corruption, and Disruption
• The Internet and Security
• Increased Data and Service Access
• Hosted Systems and Exchanges

Security Solutions· Encryption and Decryption

• Public Key Infrastructure (PKI)
• Firewalls
• Oracle Real Application Clusters
• Distributed Computing Environment (DCE)
• Wallet Password Management
• Enterprise User Security

Oracle Label Security and Internet Directory

Implementing a Security Policy· Implementing Your Security Policy

• Defining Security Requirements
• Security Levels
• Examine All Aspects of Security
• Security Requirements
• Developing Security Procedures and Security Checklists
• Implementing a Security Policy

Oracle9i Database Security Checklist· Database Security Checklist

• Enforce Password Management
• Protect the Data Dictionary
• Revoke Unnecessary Privileges from PUBLIC
• Restrict the Directories Accessible by the User
• Limit Users with Administrative Privileges
• Restrict Remote Database Authentication
• Shutdown the HTTP Server

Using Application Context· Application Context

• Application Context Data Sources
• Application Context Accessed Globally
• How Globally Accessed Application Context Works
• PL/SQL Procedures and Packages
• Implementing a Local Context
• Implementing Globally Accessed Application Context
• Data Dictionary Views

Using Middle-Tier Authentication· Security Challenges of Three-Tier Computing

• Proxy Authentication and Secure Application Role
• Real User ID: Database, Enterprise, and Application Users
• Creating Proxy Authentication for Database and Enterprise Users
• Revoking Proxy Authentication
• Auditing Actions Taken on Behalf of the Real User
• Limiting the Privilege of the Middle-Tier with Database Users
• Implementing a Secure Application Role

Using Fine Grain Access Control· FGAC and VPD

• User Models and Virtual Private Database
• How Fine-Grained Access Control Works
• Grouping Security Policies
• Oracle Policy Manager
• Returning Different Predicates
• Grouping Policies
• Data Dictionary Views

Using Fine-Grained Auditing· Fine Grained Auditing (FGA)

• Database Auditing Comparisons
• DBMS_FGA Package
• Adding a Policy with Default Auditing and with an Audit Event Handler
• Creating an Audit Event Handler
• Enabling, Disabling, and Dropping an FGA Policy
• Triggering Audit Events
• Data Dictionary Views

Encrypting Table Data

Encryption Issues Data Encryption Challenges Encryption Key Management Encrypting Special Types of Data DBMS_OBFUSCATION_TOOLKIT Package Using DESEncrypt and DESDecrypt Using DES3GetKey and DES3Encrypt Using MD5

Securing SQL*Plus and iSQL*Plus

Limiting Commands Available in SQL*Plus The PRODUCT_USER_PROFILE Table Commands That Can Be Disabled Disabling a Role iSQL*Plus Security Enabling DBA Access Enabling Server Authentication for Users

Enabling Restricted Database Access