Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Oracle 11g Anti-hacker's Cookbook
  • Table Of Contents Toc
Oracle 11g Anti-hacker's Cookbook

Oracle 11g Anti-hacker's Cookbook

By : Adrian Neagu
5 (5)
Buy this Book
close
close
Oracle 11g Anti-hacker's Cookbook

Oracle 11g Anti-hacker's Cookbook

5 (5)
By: Adrian Neagu
Buy this Book

Overview of this book

For almost all organizations, data security is a matter of prestige and credibility. The Oracle Database is one of the most rich in features and probably the most used Database in a variety of industries where security is essential. To ensure security of data both in transit and on the disk, Oracle has implemented the security technologies to achieve a reliable and solid system. In Oracle 11g Anti-Hacker's Cookbook, you will learn about the most important solutions that can be used for better database security."Oracle 11g Anti-hacker's Cookbook" covers all the important security measures and includes various tips and tricks to protect your Oracle Database."Oracle 11g Anti-hacker's Cookbook" uses real-world scenarios to show you how to secure the Oracle Database server from different perspectives and against different attack scenarios. Almost every chapter has a possible threads section, which describes the major dangers that can be confronted. The initial chapters cover how to defend the operating system, the network, the data and the users. The defense scenarios are linked and designed to prevent these attacks. The later chapters cover Oracle Vault, Oracle VPD, Oracle Labels, and Oracle Audit. Finally, in the Appendices, the book demonstrates how to perform a security assessment against the operating system and the database, and how to use a DAM tool for monitoring.
Table of Contents (16 chapters)
close
close
close
Oracle 11g Anti-hacker's Cookbook
Icon
Oracle 11g Anti-hacker's Cookbook
Credits
Icon
Credits
Foreword
Icon
Foreword
About the Author
Icon
About the Author
About the Reviewers
Icon
About the Reviewers
www.PacktPub.com
Icon
www.PacktPub.com
Preface
Icon
Preface
Lock Free Chapter
1
Operating System Security
chevron up
Icon
Operating System Security
Icon
Introduction
Icon
Using Tripwire for file integrity checking
Icon
Using immutable files to prevent modifications
Icon
Closing vulnerable network ports and services
Icon
Using network security kernel tunables to protect your system
Icon
Using TCP wrappers to allow and deny remote connections
Icon
Enforcing the use of strong passwords and restricting the use of previous passwords
Icon
Restricting direct login and su access
Icon
Securing SSH login
2
Securing the Network and Data in Transit
Icon
Securing the Network and Data in Transit
Icon
Introduction
Icon
Hijacking an Oracle connection
Icon
Using OAS network encryption for securing data in motion
Icon
Using OAS data integrity for securing data in motion
Icon
Using OAS SSL network encryption for securing data in motion
Icon
Encrypting network communication using IPSEC
Icon
Encrypting network communication with stunnel
Icon
Encrypting network communication using SSH tunneling
Icon
Restricting the fly listener administration using the ADMIN_RESTRICTION_LISTENER parameter
Icon
Securing external program execution (EXTPROC)
Icon
Controlling client connections using the TCP.VALIDNODE_CHECKING listener parameter
3
Securing Data at Rest
Icon
Securing Data at Rest
Icon
Introduction
Icon
Using block device encryption
Icon
Using filesystem encryption with eCryptfs
Icon
Using DBMS_CRYPTO for column encryption
Icon
Using Transparent Data Encryption for column encryption
Icon
Using TDE for tablespace encryption
Icon
Using encryption with data pump
Icon
Using encryption with RMAN
4
Authentication and User Security
Icon
Authentication and User Security
Icon
Introduction
Icon
Performing a security evaluation using Oracle Enterprise Manager
Icon
Using an offline Oracle password cracker
Icon
Using user profiles to enforce password policies
Icon
Using secure application roles
Icon
How to perform authentication using external password stores
Icon
Using SSL authentication
5
Beyond Privileges: Oracle Virtual Private Database
Icon
Beyond Privileges: Oracle Virtual Private Database
Icon
Introduction
Icon
Using session-based application contexts
Icon
Implementing row-level access policies
Icon
Using Oracle Enterprise Manager for managing VPD
Icon
Implementing column-level access policies
Icon
Implementing VPD grouped policies
Icon
Granting exemptions from VPD policies
6
Beyond Privileges: Oracle Label Security
Icon
Beyond Privileges: Oracle Label Security
Icon
Introduction
Icon
Creating and using label components
Icon
Defining and using compartments and groups
Icon
Using label policy privileges
Icon
Using trusted stored units
7
Beyond Privileges: Oracle Database Vault
Icon
Beyond Privileges: Oracle Database Vault
Icon
Introduction
Icon
Creating and using Oracle Database Vault realms
Icon
Creating and using Oracle Vault command rules
Icon
Creating and using Oracle Database Vault rulesets
Icon
Creating and using Oracle Database Vault factors
Icon
Creating and using Oracle Database Vault reports
8
Tracking and Analysis: Database Auditing
Icon
Tracking and Analysis: Database Auditing
Icon
Introduction
Icon
Determining how and where to generate audit information
Icon
Auditing sessions
Icon
Auditing statements
Icon
Auditing objects
Icon
Auditing privileges
Icon
Implementing fine-grained auditing
Icon
Integrating Oracle audit with SYSLOG
Icon
Auditing sys administrative users
1
Index
Icon
Index

Introduction

The number of security threats related to operating systems and databases are increasing every day, and this trend is expected to continue. Therefore, effective countermeasures to reduce or eliminate these threats must be found and applied. The database administrators and system administrators should strive to maintain a secure and stable environment for the systems they support. The need for securing and ensuring that the database servers are operational is crucial, especially in cases in which we are working with mission critical systems that require uninterrupted access to data stored in Oracle Databases.

In this chapter, we will focus on some operating system security measures to be taken to have a reliable, stable, and secure system. Obviously operating system security is a vast domain and to cover this subject in a few pages is not possible. However, we can briefly describe several key items that can provide a starting point to address some of the concerns we will highlight in our recipes.

Briefly, the possible operating security threats are:

  • Denial of service

  • Exploits and vulnerabilities

  • Backdoors, viruses, and worms

  • Operating system bugs

Recommendations and guidelines:

  • Develop a patching policy.

  • Perform security assessments regularly.

  • Try to use hard-to-guess passwords.

  • Disable direct root login and create a special login user. It would be also easier to perform auditing.

  • Limit the number of users.

  • Limit the number of users who can issue the su command to become the root or oracle owner user.

  • Limit the number of services started, use only the necessary ones.

  • Limit the number of open ports.

  • Refrain from using symbolic links whenever possible.

  • Do not give more permissions to users than is necessary.

  • Secure ssh.

  • Use firewalls.

In these series of recipes for the server environment, we will use the operating system Red Hat Enterprise Linux Server release 6.0 (Santiago) 64-bit version. For the client environment we will use the Fedora 11 update 11 64-bit version. The server hostname will be nodeorcl1 and the client hostname will be nodeorcl5. All machines used are virtual machines, created with Oracle Virtual Box 4.1.12.

As a preliminary task before we start, prepare the server environment in terms of kernel parameters, directories, users, groups, and software installation as instructed in Oracle® Database Installation Guide 11g Release 2 (11.2) for Linux (http://docs.oracle.com/cd/E11882_01/install.112/e24321/toc.htm). Download and install Oracle Enterprise Edition 11.2.0.3, create a database called HACKDB, configured with Enterprise Manager and Sample Schemas, and define a listener called LISTENER with a default port of 1521.

Due to the limited page constraints, we will omit the description of each command and their main differences on other Linux distributions or Unix variants. The most important thing to understand is the main concept behind every security measure.

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Oracle 11g Anti-hacker's Cookbook
End of Section 1
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon