Book Image

Oracle 11g Anti-hacker's Cookbook

By : Adrian Neagu
Book Image

Oracle 11g Anti-hacker's Cookbook

By: Adrian Neagu

Overview of this book

For almost all organizations, data security is a matter of prestige and credibility. The Oracle Database is one of the most rich in features and probably the most used Database in a variety of industries where security is essential. To ensure security of data both in transit and on the disk, Oracle has implemented the security technologies to achieve a reliable and solid system. In Oracle 11g Anti-Hacker's Cookbook, you will learn about the most important solutions that can be used for better database security."Oracle 11g Anti-hacker's Cookbook" covers all the important security measures and includes various tips and tricks to protect your Oracle Database."Oracle 11g Anti-hacker's Cookbook" uses real-world scenarios to show you how to secure the Oracle Database server from different perspectives and against different attack scenarios. Almost every chapter has a possible threads section, which describes the major dangers that can be confronted. The initial chapters cover how to defend the operating system, the network, the data and the users. The defense scenarios are linked and designed to prevent these attacks. The later chapters cover Oracle Vault, Oracle VPD, Oracle Labels, and Oracle Audit. Finally, in the Appendices, the book demonstrates how to perform a security assessment against the operating system and the database, and how to use a DAM tool for monitoring.
Table of Contents (16 chapters)
Oracle 11g Anti-hacker's Cookbook
Credits
Foreword
About the Author
About the Reviewers
www.PacktPub.com
Preface
Index

Index

A

  • account security / Introduction
  • ADMIN_RESTRICTION_LISTENER parameter
    • used, for fly listener administration / Restricting the fly listener administration using the ADMIN_RESTRICTION_LISTENER parameter, How it works...
  • AES / How it works...
  • ARP
    • about / How it works...
    • stages / How it works...
  • ASM / Using Tripwire for file integrity checking
  • audit information generation
    • technique, determining / Determining how and where to generate audit information, How to do it..., How it works...
    • place, determining / Determining how and where to generate audit information, How to do it..., How it works...
  • auditing
    • sessions / Auditing sessions
    • statements / Auditing statements
    • object / Auditing objects
    • privileges / Auditing privileges
    • sys administrative users / Auditing sys administrative users
  • AUDIT_TRAIL / How to do it...
  • authentication
    • performing, external password stores used / How to perform authentication using external password stores, How to do it..., How it works...

B

  • block device encryption
    • about / Using block device encryption
    • using / How to do it...
    • working / How it works...

C

  • CBC / How it works...
  • CFB / How it works...
  • client connection
    • controlling, TCP.VALIDNODE_CHECKING listener parameter used / Controlling client connections using the TCP.VALIDNODE_CHECKING listener parameter, How to do it..., There's more...
  • colum encryption
    • TDE, using / Using Transparent Data Encryption for column encryption, How to do it..., How it works..., There's more...
  • column-level access policies
    • about / Implementing column-level access policies
    • implementing / How to do it...
    • working / How it works...
  • column encryption
    • DBMS_CRYPTO, using / Using DBMS_CRYPTO for column encryption, How to do it...
    • performance implications / Performance implications
    • limitations / Limitations:
    • recommendations / Recommendations
  • command rules, Oracle Database Vault
    • creating / How to do it...
    • using / How to do it...
    • working / How it works...
  • compartments
    • about / Defining and using compartments and groups
    • using / How to do it...
    • working / How it works...
  • control flag
    • required / How it works...
    • requisite / How it works...
    • sufficient / How it works...
    • optional / How it works...

D

  • Database Vault Account Management realm / There's more...
  • data encryption methods / Introduction
  • data motion
    • securing, OAS network encryption used / Using OAS network encryption for securing data in motion, How to do it..., How it works..., There's more...
    • securing, OAS data integrity used / Using OAS data integrity for securing data in motion, How it works...
    • securing, OAS SSL network encryption used / Using OAS SSL network encryption for securing data in motion, How to do it..., How it works...
  • data pump
    • encryption, using / Using encryption with data pump, How to do it...
    • working / How it works...
  • DBMS_CRYPTO
    • using, for column encryption / Using DBMS_CRYPTO for column encryption, How to do it...
    • working / How it works...
    • encryption algorithms / How it works...
  • dcredit / How it works...
  • dd command / Using Tripwire for file integrity checking
  • DELETE command / How to do it...
  • DES / How it works...
  • device-mapper / How to do it...
  • difok parameter / How it works...
  • direct login
    • restricting / Restricting direct login and su access, How to do it..., How it works...
  • DUL / Introduction
  • DVA
    • about / Creating and using Oracle Database Vault realms

E

  • eCryptfs
    • about / Using filesystem encryption with eCryptfs
    • used, for filesystem encryption / Using filesystem encryption with eCryptfs, How to do it..., How it works...
    • working / How it works...
  • EFEK / How it works...
  • encryption
    • using, with RMAN / Using encryption with RMAN, How to do it...
  • ENCRYPTION parameter
    • ENCRYPTED_COLUMNS_ONLY value / How it works...
    • DATA_ONLY / How it works...
    • METADATA_ONLY value / How it works...
    • ALL value / How it works...
    • NONE value / How it works...
  • ENCRYPTION_MODE parameter
    • DUAL value / How it works...
    • TRANSPARENT value / How it works...
  • Enterprise Manager / Introduction
  • external password stores
    • used, for authentication performing / How to perform authentication using external password stores, How to do it..., How it works...
  • extproc
    • about / Securing external program execution (EXTPROC)
    • securing / Getting ready, How to do it...
    • security recommendations / There's more...

F

  • factors, Oracle Database Vault
    • using / How to do it..., How it works..., There's more...
    • creating / How to do it..., How it works..., There's more...
    • factor type / How it works...
    • factor identification / How it works...
    • factor identity / How it works...
    • evaluation / How it works...
  • FEKEK / How it works...
  • file integrity checking
    • Tripwire, using / Using Tripwire for file integrity checking, How to do it..., How it works...
  • filesystem encryption
    • eCryptfs, using / Using filesystem encryption with eCryptfs, How to do it..., How it works...
  • fine-grained auditing
    • about / Implementing fine-grained auditing, Getting ready
    • implementing / How to do it...
    • working / How it works...
    • alert mechanism / Alert mechanism, Other options
  • fly listener administration
    • disabling, ADMIN_RESTRICTION_LISTENER parameter used / Restricting the fly listener administration using the ADMIN_RESTRICTION_LISTENER parameter, How it works...

G

  • groups
    • about / Defining and using compartments and groups
    • using / How to do it...
    • working / How it works...

I

  • IDS / Using Tripwire for file integrity checking
  • immutable files
    • about / Using immutable files to prevent modifications
    • using / How to do it...
    • working / How it works..., There's more...
  • interprocess communication / How it works...
  • IPSEC
    • about / Encrypting network communication using IPSEC
    • used, for network communication encryption / Encrypting network communication using IPSEC, How it works...
  • IV / How it works...

J

  • John the Ripper password cracker tool / Performing a security assessment on current passwords with the John the Ripper password cracker tool

K

  • kernel tunables
    • using / How to do it...
    • working / How it works...

L

  • label components
    • about / Creating and using label components
    • using / How to do it...
    • creating / How to do it...
    • working / How it works..., There's more...
  • label policy privileges
    • about / Using label policy privileges
    • using / How to do it...
    • working / How it works...
    • security privileges / There's more...
  • lcap utility / There's more...
  • lcredit / How it works...
  • lsattr command / How to do it...
  • LUKS / Using block device encryption

M

  • MAC / There's more...
  • minlen / How it works...
  • MITM / Hijacking an Oracle connection
  • module types
    • account / How it works...
    • auth / How it works...
    • password / How it works...
    • session / How it works...

N

  • network communication encryption
    • IPSEC, using / Encrypting network communication using IPSEC, How it works...
    • stunnel, using / Encrypting network communication with stunnel, How to do it..., How it works...
    • SSH tunneling, using / Encrypting network communication using SSH tunneling, How to do it..., There's more...

O

  • OAS data integrity
    • used, for data motion secure / Using OAS data integrity for securing data in motion, How it works...
  • OAS network encryption
    • used, for data motion secure / Using OAS network encryption for securing data in motion, How to do it..., How it works..., There's more...
  • OAS SSL network encryption
    • used, for data motion secure / Using OAS SSL network encryption for securing data in motion, How to do it..., How it works...
  • objects auditing
    • about / Auditing objects
    • working / How it works..., How it works...
  • ocredit / How it works...
  • ocredit parameters
    • minlen / How it works...
    • lcredit / How it works...
    • uncredit / How it works...
    • dcredit / How it works...
    • ocredit / How it works...
  • OEM
    • using, for managing VPD / Using Oracle Enterprise Manager for managing VPD, How to do it...
  • OFB / How it works...
  • OLS
    • about / Introduction
  • operating security threats / Introduction
  • Oracle audit integration
    • SYSLOG, using / Integrating Oracle audit with SYSLOG, How to do it..., There is more...
  • Oracle connection
    • hijacking / Hijacking an Oracle connection, How to do it...
    • working / How it works..., There's more...
  • Oracle Cryptographic API / Using DBMS_CRYPTO for column encryption
  • Oracle databases
    • auditing / Introduction
  • Oracle Database Vault
    • about / Introduction
    • using / Introduction
    • potential threats / Introduction
    • command rules, using / Creating and using Oracle Vault command rules
    • command rules, creating / Creating and using Oracle Vault command rules
    • rulesets, using / Creating and using Oracle Database Vault rulesets
    • rulesets, creating / Creating and using Oracle Database Vault rulesets
    • factors, creating / Creating and using Oracle Database Vault factors
    • factors, using / Creating and using Oracle Database Vault factors
    • reports, creating / Creating and using Oracle Database Vault reports
    • reports, using / Creating and using Oracle Database Vault reports
  • Oracle Database Vault option / How to do it...
  • Oracle Database Vault realms
    • about / Creating and using Oracle Database Vault realms
    • using / How to do it...
    • creating / How to do it...
    • Oracle Vault Administration Console, using / How to do it...
    • working / How it works...
    • defining / There's more...
  • Oracle Data Dictionary realm
    • defining / There's more...
  • Oracle Enterprise Edition 11.2.0.3 / Introduction
  • Oracle Enterprise Manager
    • used, for security evaluation performing / Performing a security evaluation using Oracle Enterprise Manager, How to do it..., How it works..., There's more...
    • about / How to do it...
  • Oracle Enterprise Manager realm
    • defining / There's more...
  • Oracle wallets / Using OAS SSL network encryption for securing data in motion

P

  • padding / How it works...
  • PAM
    • about / Enforcing the use of strong passwords and restricting the use of previous passwords
    • working / How it works...
    • rules, enforcing / How it works...
    • security assessment. performing / Performing a security assessment on current passwords with the John the Ripper password cracker tool
  • password policies
    • enforcing, user profiles used / Using user profiles to enforce password policies, How to do it..., There's more...
  • previous password usage
    • restricting / Enforcing the use of strong passwords and restricting the use of previous passwords, How to do it...
  • privileges auditing
    • about / Getting ready
    • working / How it works..., There's more...

R

  • remember parameter / How it works...
  • remote connections
    • denying, TCP wrappers used / How to do it..., How it works...
    • allowing, TCP wrappers used / How to do it...
  • reports, Oracle Database Vault
    • using / How to do it...
    • creating / How to do it...
  • Rijndael cipher / How it works...
  • RMAN
    • encryption, using / Using encryption with RMAN, How to do it...
    • working / How it works...
  • row-level access policies
    • about / Implementing row-level access policies
    • implementing / How to do it...
    • working / How it works..., There's more...
  • rulesets, Oracle Database Vault
    • creating / Creating and using Oracle Database Vault rulesets , How to do it..., How it works...
    • using / Creating and using Oracle Database Vault rulesets , How to do it..., How it works...

S

  • Sample Schemas / Introduction
  • secure application roles
    • about / Using secure application roles
    • using / Getting ready, How to do it...
    • working / How it works..., There's more...
  • security evaluation
    • performing, Oracle Enterprise Manager used / Performing a security evaluation using Oracle Enterprise Manager, How to do it..., How it works..., There's more...
  • security privileges
    • READ / There's more...
    • FULL / There's more...
    • WRITEUP / There's more...
    • WRITEDOWN / There's more...
    • WRITEACROSS / There's more...
    • COMPACCESS / There's more...
  • security threats
    • about / Introduction
  • session-based application contexts
    • about / Using session-based application contexts
    • using / Getting ready, How to do it...
    • working / How it works...
  • session auditing
    • about / Auditing sessions
    • steps / How to do it...
    • working / How it works...
  • SQLNET.WALLET_OVERRIDE parameter / How it works...
  • ssh login
    • about / Securing SSH login, How to do it...
    • securing / How it works..., There's more...
    • public key authentication, setting up / Setting up public key authentication
  • SSH tunneling
    • used, for network communication encryption / Encrypting network communication using SSH tunneling, How to do it..., There's more...
  • SSL authentication
    • about / Using SSL authentication
    • using / How to do it...
    • working / How it works..., There's more...
  • statement auditing
    • about / Getting ready
    • steps / How to do it...
    • working / How it works...
  • strong passwords
    • enforcing / Enforcing the use of strong passwords and restricting the use of previous passwords, How to do it...
    • about / How to do it...
  • stunnel
    • used, for network communication encryption / Encrypting network communication with stunnel, How to do it..., How it works...
    • about / Encrypting network communication with stunnel
  • su access
    • restricting / Restricting direct login and su access, How to do it..., How it works...
  • SYN attack / How to do it...
  • SYN cookies / How to do it...
  • SYN flood / How to do it...
  • SYN queue / How to do it...
  • sys administrative users
    • auditing / Auditing sys administrative users, How to do it...
  • SYSLOG
    • used, for Oracle audit integration / Integrating Oracle audit with SYSLOG, How to do it...
    • about / Integrating Oracle audit with SYSLOG

T

  • tablespace encryption
    • TDE, using / Using TDE for tablespace encryption, How to do it...
    • working / How it works...
  • TCP.VALIDNODE_CHECKING listener parameter
    • used, for client connection controlling / Controlling client connections using the TCP.VALIDNODE_CHECKING listener parameter, How to do it..., There's more...
  • TCP wrappers
    • used, for remote connection denying / Using TCP wrappers to allow and deny remote connections, How to do it...
    • used, for remote connection allowing / Using TCP wrappers to allow and deny remote connections, How to do it...
    • working / How it works...
  • TDE
    • using, for column encryption / Using Transparent Data Encryption for column encryption, How to do it..., How it works..., There's more...
    • about / Using Transparent Data Encryption for column encryption
    • working / How it works...
    • used, for tablespace encryption / Using TDE for tablespace encryption, How to do it...
  • Tripwire
    • used, for file integrity checking / Using Tripwire for file integrity checking, How to do it..., How it works...
    • administrative options / Other administrative options
  • trusted stored units
    • about / Using trusted stored units
    • using / How to do it...
    • working / How it works...
  • tunables
    • about / Using network security kernel tunables to protect your system
    • TCP SYN cookie protection, enabling / How to do it...
    • IP source routingTopicn Source routing, disabling / How to do it...
    • ICMP redirect acceptance, disabling / How to do it...
    • IP spoofing protection, enabling / How to do it...
    • ping requests, ignoring / How to do it...
    • bad error message protection, enabling / How to do it...

U

  • ucredit / How it works...
  • UGA / How it works...
  • user profiles
    • used, for password policy enforcing / Using user profiles to enforce password policies, How to do it..., There's more...

V

  • VFS / How it works...
  • VPD
    • about / Introduction
    • managing, OEM used / Using Oracle Enterprise Manager for managing VPD, How to do it...
  • VPD grouped policies
    • about / Implementing VPD grouped policies
    • implementing / How to do it..., How it works...
  • VPD policies
    • exemptions, granting / Granting exemptions from VPD policies, How to do it..., There's more...
  • vulnerable network ports
    • closing / Closing vulnerable network ports and services, How to do it...
    • working / How it works...

W

  • woraauthbf
    • about / Using an offline Oracle password cracker
    • using / How to do it...
    • working / How it works...
  • world writeable permissions / How to do it...