Oracle 11g Anti-hacker's Cookbook

Oracle 11g Anti-hacker's Cookbook

By : Adrian Neagu

Buy this Book

Oracle 11g Anti-hacker's Cookbook

By: Adrian Neagu

Buy this Book

Overview of this book

For almost all organizations, data security is a matter of prestige and credibility. The Oracle Database is one of the most rich in features and probably the most used Database in a variety of industries where security is essential. To ensure security of data both in transit and on the disk, Oracle has implemented the security technologies to achieve a reliable and solid system. In Oracle 11g Anti-Hacker's Cookbook, you will learn about the most important solutions that can be used for better database security."Oracle 11g Anti-hacker's Cookbook" covers all the important security measures and includes various tips and tricks to protect your Oracle Database."Oracle 11g Anti-hacker's Cookbook" uses real-world scenarios to show you how to secure the Oracle Database server from different perspectives and against different attack scenarios. Almost every chapter has a possible threads section, which describes the major dangers that can be confronted. The initial chapters cover how to defend the operating system, the network, the data and the users. The defense scenarios are linked and designed to prevent these attacks. The later chapters cover Oracle Vault, Oracle VPD, Oracle Labels, and Oracle Audit. Finally, in the Appendices, the book demonstrates how to perform a security assessment against the operating system and the database, and how to use a DAM tool for monitoring.

Oracle 11g Anti-hacker's Cookbook

Credits

Foreword

About the Author

About the Reviewers

www.PacktPub.com

Preface

Free Chapter

Operating System Security

Introduction

Using Tripwire for file integrity checking

Using immutable files to prevent modifications

Closing vulnerable network ports and services

Using network security kernel tunables to protect your system

Using TCP wrappers to allow and deny remote connections

Enforcing the use of strong passwords and restricting the use of previous passwords

Restricting direct login and su access

Securing SSH login

Securing the Network and Data in Transit

Introduction

Hijacking an Oracle connection

Using OAS network encryption for securing data in motion

Using OAS data integrity for securing data in motion

Using OAS SSL network encryption for securing data in motion

Encrypting network communication using IPSEC

Encrypting network communication with stunnel

Encrypting network communication using SSH tunneling

Restricting the fly listener administration using the ADMIN_RESTRICTION_LISTENER parameter

Securing external program execution (EXTPROC)

Controlling client connections using the TCP.VALIDNODE_CHECKING listener parameter

Securing Data at Rest

Introduction

Using block device encryption

Using filesystem encryption with eCryptfs

Using DBMS_CRYPTO for column encryption

Using Transparent Data Encryption for column encryption

Using TDE for tablespace encryption

Using encryption with data pump

Using encryption with RMAN

Authentication and User Security

Introduction

Performing a security evaluation using Oracle Enterprise Manager

Using an offline Oracle password cracker

Using user profiles to enforce password policies

Using secure application roles

How to perform authentication using external password stores

Using SSL authentication

Beyond Privileges: Oracle Virtual Private Database

Introduction

Using session-based application contexts

Implementing row-level access policies

Using Oracle Enterprise Manager for managing VPD

Implementing column-level access policies

Implementing VPD grouped policies

Granting exemptions from VPD policies

Beyond Privileges: Oracle Label Security

Introduction

Creating and using label components

Defining and using compartments and groups

Using label policy privileges

Using trusted stored units

Beyond Privileges: Oracle Database Vault

Introduction

Creating and using Oracle Database Vault realms

Creating and using Oracle Vault command rules

Creating and using Oracle Database Vault rulesets

Creating and using Oracle Database Vault factors

Creating and using Oracle Database Vault reports

Tracking and Analysis: Database Auditing

Introduction

Determining how and where to generate audit information

Implementing fine-grained auditing

Integrating Oracle audit with SYSLOG

Auditing sys administrative users

Index

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Granting exemptions from VPD policies

Normally, once a policy is declared on an object it cannot be bypassed regardless of the user's privileges.

However, there are situations when a user has to have access rights on all data from an object that has a policy applied. In this recipe, we will show how to make an exemption from VPD policies.

In this recipe we will exempt the user HR from all the policies declared within the HR schema.

How to do it...

Connect as the user HR and issue a SELECT statement against the VIEW_REG_DATA_VPD view as follows:

SQL> conn HR
Enter password:
Connected.
SQL> select first_name,last_name from view_reg_data_vpd where phone_number='650.507.9833';

no rows selected

SQL>

Here on the view view_reg_data_vpd we have the policy "regions_vpd_policy" enforced.
```
Grant.
```

Connect as system and exempt the HR user from any VPD policy as follows:

SQL> conn system
Enter password:
Connected.
SQL> GRANT EXEMPT ACCESS POLICY TO HR;

Grant succeeded.

SQL>

Connect as...

Oracle 11g Anti-hacker's Cookbook

By : Adrian Neagu

Oracle 11g Anti-hacker's Cookbook

By: Adrian Neagu

Overview of this book

Related Content you might be interested in

Current Title:

Oracle 11g Anti-hacker's Cookbook

Granting exemptions from VPD policies

How to do it...