Book Image

Oracle 11g Anti-hacker's Cookbook

By : Adrian Neagu
Book Image

Oracle 11g Anti-hacker's Cookbook

By: Adrian Neagu

Overview of this book

For almost all organizations, data security is a matter of prestige and credibility. The Oracle Database is one of the most rich in features and probably the most used Database in a variety of industries where security is essential. To ensure security of data both in transit and on the disk, Oracle has implemented the security technologies to achieve a reliable and solid system. In Oracle 11g Anti-Hacker's Cookbook, you will learn about the most important solutions that can be used for better database security."Oracle 11g Anti-hacker's Cookbook" covers all the important security measures and includes various tips and tricks to protect your Oracle Database."Oracle 11g Anti-hacker's Cookbook" uses real-world scenarios to show you how to secure the Oracle Database server from different perspectives and against different attack scenarios. Almost every chapter has a possible threads section, which describes the major dangers that can be confronted. The initial chapters cover how to defend the operating system, the network, the data and the users. The defense scenarios are linked and designed to prevent these attacks. The later chapters cover Oracle Vault, Oracle VPD, Oracle Labels, and Oracle Audit. Finally, in the Appendices, the book demonstrates how to perform a security assessment against the operating system and the database, and how to use a DAM tool for monitoring.
Table of Contents (16 chapters)
Oracle 11g Anti-hacker's Cookbook
About the Author
About the Reviewers


For almost all organizations, data security is a matter of prestige and credibility. The Oracle Database is one of the richest in features and one of the most used databases in a variety of industries. Oracle has implemented security technologies to achieve a reliable and solid system. In this book, you will learn some of the most important solutions that can be used for better database security. This book covers all the important security measures and includes various tips and tricks to protect your Oracle Database. This book uses real-world scenarios to show you how to secure the Oracle Database server against different attack scenarios.

What this book covers

Chapter 1, Operating System Security, covers Tripwire and how it can be used for file integrity checking and intrusion detection in the first section. In the second and third sections, security measures related to user account security, network services and ports, security kernel tunables, local and remote login, and SSH are covered.

Chapter 2, Securing the Network and Data in Transit, contains recipes that explain how to secure data in transit, and covers the most important aspects related to Oracle listener security. In the first section, a step-by-step, classical, man-in-the-middle-type attack scenario is presented, in which an attacker placed in the middle hijacks an Oracle session, followed by the main measures to confront different interception-type attacks by using Oracle Advanced Security encryption and integrity, and alternatives such as IPSEC, stunnel, and SSH tunneling. The last part of this chapter has listener security as its main subject, covering features such as on-the-fly administration restriction, securing external procedure execution (extproc), and client connection control.

Chapter 3, Securing Data at Rest, contains recipes that explain how to use data at rest encryption, using an OS native method with LUKS for block device encryption, eCryptfs for filesystem encryption, DBMS_CRYPTO for column encryption, and Oracle Transparent Data Encryption for columns, tablespaces, data pump dumps, and database backups created with RMAN.

Chapter 4, Authentication and User Security, covers how to perform a security assessment using Oracle Enterprise Manager built in the policy security evaluation feature; the usage of a password cracker to check the real strength of database passwords; how to implement password policies and enforce the usage of strong passwords by using customized user profiles, secure application roles, passwordless authentication using external password stores, and SSL authentication.

Chapter 5, Beyond Privileges: Oracle Virtual Private Database, covers Oracle Virtual Private Database technology; here you will learn about session-based application contexts, how to implement row-level access policies using PL/SQL interface and OEM, column-level access policies, grouped policies, and how to implement exemptions from VPD policies.

Chapter 6, Beyond Privileges: Oracle Label Security, covers how to apply OLS label components to enforce row-level security, the usage of OLS compartments and groups for advanced row segregation, special label policy privileges, and how to grant access to label-protected data by using trusted stored units.

Chapter 7, Beyond Privileges: Oracle Database Vault, covers the main components of Oracle Database Vault, such as realm, command rules, rulesets, and factors, and how to use them to secure database access and objects. The last recipe covers the Oracle Database Vault audit and reporting interface, and how to use this interface for creating audit reports and various database entitlement reports.

Chapter 8, Tracking and Analysis: Database Auditing, covers the main aspects of the Oracle standard audit framework, such as session, statement, object and privilege auditing, fine-grained security, sys audit, and the integration of a standard audit with SYSLOG on Unix-like systems.

Appendix, Installing and Configuring Guardium, ODF, and OAV, covers the installation and configuration of IBM InfoSphere Database Security Guardium and how to perform security assessments, installation, and configuration of Oracle Database Firewall. It also covers the key capabilities and features, such as defining enforcement points and monitoring, installation, and configuration of Oracle Database Vault, its key capabilities, covering central repository installation, agent and collector deployments, and its reporting and real-time alerting interface.

This chapter is not present in the book, but is available as a free download from the link

What you need for this book

All database servers, clients, and other various hosts used through the book are virtual machines that are created and configured using Oracle Virtual Box. Some of the recipes will contain prerequisites about the operating system and the Oracle server and client versions to be used. You will need a system with sufficient processing power to sustain the many virtual machines that are running under Oracle Virtual Box simultaneously. We recommend you use a system very similar to Intel Corei3-2100 CPU 3.10 Ghz, 8 Gb RAM, MS Windows 7 Enterprise 64-bit SP1, which we used for all recipes in this book.

We must stress the importance of using a sandbox environment to duplicate the recipes in this book. Some recipes are intended for demonstration purposes and should not be done in a production environment.

Who this book is for

If you are an Oracle Database Administrator, Security Manager, IT professional, or Security Auditor looking to secure the Oracle Database or prevent it from being hacked, then this book is for you.

This book assumes that you have a basic understanding of security concepts and Oracle databases.


In this book, you will find a number of styles of text that distinguish between different kinds of information. Here are some examples of these styles, and an explanation of their meaning.

Code words in text are shown as follows: "Perform some modifications in listener.ora and sqlnet.ora, and move extjob and extproc to a different directory "

Any command-line input or output is written as follows:

[root@nodeorcl1 tripwire-]# ./make
g++  -O -pipe -Wall -Wno-non-virtual-dtor  -L../../lib -o tripwire  generatedb.o …………………………………………………………
/usr/bin/install -c -m 644 './twconfig.4' '/usr/local/share/man/man4/twconfig.4'

New terms and important words are shown in bold. Words that you see on the screen, in menus or dialog boxes for example, appear in the text like this: "clicking the Next button moves you to the next screen".


Warnings or important notes appear in a box like this.


Tips and tricks appear like this.

Reader feedback

Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or may have disliked. Reader feedback is important for us to develop titles that you really get the most out of.

To send us general feedback, simply send an e-mail to , and mention the book title via the subject of your message.

If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide on

Customer support

Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.

Downloading the example code

You can download the example code files for all Packt books you have purchased from your account at If you purchased this book elsewhere, you can visit and register to have the files e-mailed directly to you.


Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you would report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting, selecting your book, clicking on the errata submission form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded on our website, or added to any list of existing errata, under the Errata section of that title. Any existing errata can be viewed by selecting your title from


Piracy of copyright material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works, in any form, on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.

Please contact us at with a link to the suspected pirated material.

We appreciate your help in protecting our authors, and our ability to bring you valuable content.


You can contact us at if you are having a problem with any aspect of the book, and we will do our best to address it.