Learn how to secure your Oracle Databases!
Learn the security features built into the Oracle database in this hands-on class. This includes Standard Edition facilities, also facilities available only with Enterprise Edition licences and with EE options. Most of the activities require use of command line utilities. As with all SkillBuilders courses, this class (if conducted at your company facilities) is highly customizable to your specific training requirements. The content does not include detail of the Data Vault, or the Audit Vault and Database Firewall option. The current release of the database is used for exercises and demonstrations, and the content back-ported as necessary for previous releases.
Technical Requirements
Nothing is required for labs (workshops). SkillBuilders will provide everything you need for all hands-on labs. Modest PC or Mac specs are required to connect to the online class. Detailed specs can be found here.
Also, we strongly recommend using two monitors for this class.
Oracle Certified Master John Watson
Course Features
- Lecture 0
- Quiz 0
- Duration 5 Half Days (~20 hours)
- Skill level All levels
- Language English
- Students 24
- Assessments Yes
Introduction
- Standards and risks: assessing the need
- Developing a security policy
- Multi-layered security: defence in depth
- Selecting a security solution
SQL Injection
- What is SQL injection?
- How can injections be made?
- How can attempted injections be blocked?
User authentication
- Authentication delegated to the operating system
- Administrative user authentication
- Use of a password file
- Data dictionary password authentication
- Proxy authentication
- Using the external secure password store
- Authentication by external services
Basic Access control with roles and privileges
- Direct system and object privileges
- Grouping privileges into roles
- Enabling and disabling roles
Some more advanced topics with roles and PL/SQL
- Secure application roles
- Assigning roles through OS authentication
- The PL/SQL privilege model: definers and invokers rights code
- Code based access control
- Privilege inheritance and controlling privilege escalation
- Privilege usage analysis
Database links
- Public and private database links
- Authentication options for links
- Security risks and auditing of links
Virtual Private Database
- Local and global application contexts
- Using contexts for fine grained access control
- Row level security
- VPD performance issues
Control access to the operating system
- Access to the server file system with PL/SQL
- Use of directories
- Access to network facilities with PL/SQL
- Use of Scheduler external jobs
- External procedure
Encryption within the database
- Programmatic data encryption
- Transparent column encryption
- Transparent tablespace encryption
- Key management
Encryption outside the database
- Encryption in the redo stream
- Encrypted backups
- Encrypting in export dumps
Concealing data
- The Data Masking Pack
- Data redaction
- Transparent Sensitive Data Protection
Network security
- Encrypting network traffic
- Access control with Oracle Net
- Access control with the Connection Manager
Audit
- Traditional audit: users, privileges, and objects
- Fine Grained Auditing
- Auditing SYS activity
- Auditing with triggers
- Unified audit
