SEARCH
Disclaimer: Authors have full rights over their works. Reproduction of any part of the content is prohibited without prior authorization.
BOOK ORACLE DATABASE 12C SECURITY
SUMMARY
-
Items Found: 337
- PART I
- Essential Database Security
- 1 Security for Today’s World 3
- The Security Landscape 4
- Base Assumptions 4
- Database Security Today 5
- Evolving Security Technologies 6
- Security Motivators 8
- Sensitive Data Categorization 9
- Principles 10
- Summary 11
- 2 Essential Elements of User Security 13
- Understanding Identification and Authentication 14
- Identification Methods 15
- Authentication 17
- Understanding Database Account Types 18
- Database Account Types in Oracle Database 12c
- Multitenant Architecture 21
- Privileged Database Account Management in Oracle Database 12c 22
- Administrative Privileges for Separation of Duty 22
- Methods for Privileged Database Account Management 24
- Account Management in Multitenant Oracle Database 12c 33
- Creating Common Database Accounts 34
- Managing Accounts in a Pluggable Database 34
- Managing Database Account Passwords and Profiles 39
- Managing Passwords for Local Database Accounts 40
- Managing Database Account Profiles 42
- Summary 51
- 3 Connection Pools and Enterprise Users 53
- External Identification and Authentication Challenges 54
- Connection Challenges 54
- Performance 55
- Connection Pools 55
- Security Risks 56
- External Identification and Authentication in Oracle Database 12c 56
- Oracle Proxy Authentication 57
- Oracle Enterprise User Security 63
- Oracle Kerberos Authentication 90
- Oracle RADIUS Authentication 91
- Summary 91
- 4 Foundational Elements for a Secure Database 93
- Access Control, Authorization, and Privilege 94
- Access Control 94
- Authorization 94
- Privilege 94
- Object Privileges 99
- Column Privileges 100
- Synonyms 102
- System and Object Privileges Together 105
- Privilege Conveyance and Retraction 106
- Roles 109
- Role and Privilege Immediacy 111
- Roles and Container Databases 112
- Public and Default Database Roles 113
- Role Hierarchies 115
- Object Privileges Through Roles and PL/SQL 115
- Selective Privilege Enablement 117
- Selective Privilege Use Cases 120
- Password-Protected Roles 122
- Password-Protected Role Example 123
- Password-Protected Roles and Proxy Authentication 124
- Challenges to Securing the Password 124
- Secure Application Roles 125
- Secure Application Role Example 126
- Global Roles and Enterprise Roles 130
- Creating and Assigning Global and Enterprise Roles 131
- Combining Standard and Global Roles 134
- Using Roles Wisely 135
- Too Many Roles 135
- Naming 135
- Dependencies 135
- Summary 136
- 5 Foundational Elements of Database Application Security 137
- Application Context 138
- Default Application Context (USERENV) 140
- Auditing with USERENV 141
- Database Session-Based Application Context 143
- Creating a Database Session-Based Application Context 144
- Setting Context Attributes and Values 145
- Applying the Application Context to Security 149
- Secure Use 153
- Common Mistakes 153
- Global Application Context 156
- GAC Uses 156
- GAC Example 156
- Global Context Memory Usage 161
- External and Initialized Globally 161
- Using Views in Security 163
- Views for Column- and Cell-Level Security 164
- Views for Row-Level Security 171
- Definer’s vs. Invoker’s Privileges/Rights for PL/SQL 175
- Definer’s Rights Invocation on PL/SQL Programs 175
- Invoker’s Rights Invocation for PL/SQL 177
- Definer’s vs. Invoker’s Privileges/Rights on Java Stored Procedures 180
- Java Stored Procedure and Definer’s Rights 180
- Java Stored Procedure and Invoker’s Rights 182
- Code-Based Security 183
- Granting Roles and Privileges to PL/SQL 183
- Entitlement Analytics 184
- Profile Application Use 185
- Privilege Reduction 187
- Oracle Enterprise Manager Cloud Control (OEMCC) 12c 188
- Sharing Application Code 191
- Managing Common Application Code with Pluggable Databases 192
- Managing Common Application Code with Database Links 192
- Summary 193
- 6 Real Application Security 195
- Account Management in Oracle RAS 197
- Configuring DLAU Accounts 197
- Configuring Simple Application User Accounts 201
- Oracle RAS Roles 202
- Integration of Standard Database Roles with Oracle RAS Roles 202
- Role Management Procedures in Package XS_PRINCIPAL 204
- Out-of-the-Box Roles in Oracle RAS 205
- Lightweight Sessions in Oracle RAS 206
- Setting Privileges for Direct Login Application User Accounts 207
- Lightweight Session Management in Java 208
- Namespaces in Oracle RAS 212
- Server-Side Event Handling and Namespaces in Oracle RAS 217
- Session Performance in Oracle RAS 223
- Privilege Management and Data Security in Oracle RAS 224
- Security Classes, Application Privileges, and ACLs 226
- Data Security Policies 229
- Protecting Namespaces with ACLs 234
- Auditing in Oracle RAS 236
- Default Audit Policies for Oracle RAS 236
- Reporting on Audit Events and Audit Policies in RAS 237
- Validating Policies and Tracing in Oracle RAS 237
- Validating Policy Components 237
- Tracing Sessions and Data Security Policies 238
- Summary 240
- PART II
- Advanced Database Security
- 7 Controlled Data Access with Virtual Private Database 243
- Introduction to Virtual Private Database 244
- How VPD Works 244
- Benefits 245
- VPD Components 246
- Types of Control 246
- How to Use VPD 247
- Which Type of VPD Is Right for Me? 247
- Row-Level Security 248
- Table Fire with Row Filter 248
- Column Fire with Row Filter 255
- VPD and INSERT Statements 258
- VPD and INDEX Statements 260
- Column-Level Security 260
- Column Fire with Column Filter 260
- VPD Exemptions 263
- Audit EXEMPT ACCESS POLICY Privilege 263
- Verify EXEMPT ACCESS POLICY Privilege 264
- Verify Audit Trail 265
- Debugging and Troubleshooting VPD Policies 265
- Invalid Policy Functions 265
- Verifying and Validating Predicates 269
- VPD Performance 273
- Application Context and Logon Trigger 273
- Bind Variables 275
- VPD Caching 275
- Summary 286
- 8 Essential Elements of Sensitive Data Control 287
- Sensitive Data Protection Challenges 288
- Oracle Database 12c Transparent Sensitive Data Protection 289
- Discover Sensitive Information with Enterprise Manager 290
- Configuring a TSDP Administrator 296
- Defining Sensitive Information Types 296
- Mapping Sensitive Information Types to Columns 297
- Creating Sensitive Information Policies 297
- Mapping Sensitive Information Policies to Sensitive Types 299
- Enabling Sensitive Information Redaction 299
- Redacting Sensitive Information in the Database Audit Trail 301
- Summary 302
- 9 Access Controls with Oracle Label Security 305
- About Oracle Label Security 306
- History 306
- OLS Functional Overview 306
- OLS vs. VPD 306
- Label-Based Access Control 307
- OLS Label Types 310
- OLS Installation 311
- Installing OLS 311
- Register and Enable OLS in the Root Container 314
- Register and Enable OLS in a Pluggable Database 315
- Administering OLS 316
- OLS Role LBAC_DBA 316
- OLS Example 318
- Create a Policy 318
- Create Label Components 319
- Create OLS Labels 325
- Apply OLS Policy to a Table 332
- Authorize OLS Access 334
- Insert Data Using OLS Functions 336
- Querying Data from an OLS Protected Table 339
- OLS and the Connection Pool 340
- x Oracle Database 12c Security
- Auditing OLS Privileges and Use 341
- Trusted Stored Procedures 343
- Integrating OLS and Oracle Internet Directory 344
- Performance with OLS 344
- Summary 344
- 10 Oracle Database Vault: Securing for the Compliance Regulations,
- Cybersecurity, and Insider Threats 345
- History of Privileged Accounts 346
- SYS as SYSDBA (Super User 0) 347
- Security Should Haves 347
- Multifactored Security 347
- Conditional Security 348
- DBV Components 348
- Factors 349
- Rules 350
- Realms 351
- Command Rules 351
- DBV Secure Application Roles 352
- Configuring and Enabling DBV 352
- DBV Administration Using Common Accounts 352
- DBV Administration Using Delegated Accounts 354
- Manually Configuring DBV in a PDB 355
- Managing DBV Configuration 357
- DBV Administration PL/SQL Package and Configuration Views 357
- DBV Security Policies in Action 360
- Installed DBV Roles 360
- SoD with Roles, Realms, and Command Rules 362
- Default Audit Policies 367
- General Database Maintenance and Operations Authorizations 368
- Creating Custom DBV Policies 368
- Summary 387
- 11 Oracle Transparent Data Encryption: Securing for the
- Compliance Regulations, Cybersecurity, and Insider Threats 389
- Encryption 101 390
- Goal of Encryption 390
- The Basics 391
- Encryption Choices 391
- The Algorithm and the Key 392
- Encrypting Data Stored in the Database 394
- Where the Data “Rests” 395
- Protecting the Data 396
- Applied Example 398
- Encrypting in the Database 398
- The Transparent Data Encryption Solution 399
- Key Management Facilities 400
- Key Management Roles 401
- Creating Keystores and a Master Key in the Root Container 402
- Creating Master Keys in Pluggable Databases 406
- Creating an Encrypted Column in a New Table 407
- Determining TDE Encrypted Columns 411
- Encrypting an Existing Column 412
- Caveats to Column-Level TDE 413
- Tablespace Encryption 414
- TDE and Oracle Database Tools Interoperability 415
- Performance 416
- Advanced Encryption Protection Support 418
- Configuring FIPS 140-2 Support 418
- Summary 419
- PART III
- Security and Auditing for the Cloud
- 12 Audit for Accountability 423
- The Security Cycle 424
- Auditing for Accountability 425
- Auditing Provides the Feedback Loop 425
- Auditing Is Not Overhead 425
- Audit Methods 425
- Infrastructure and Application Server Logs 425
- Application Auditing 426
- Trigger Auditing 427
- Database Auditing 428
- Enabling Auditing in the Database 429
- Audit Destination for Standard Auditing and FGA 429
- Enable Oracle Unified Auditing in Oracle Database 12c 430
- Who Conducts the Audit Policy and Audit Reporting? 432
- Audit Administrator Role 432
- Audit Reporting Role 433
- What Should be Audited? Creating the Audit Policy 434
- Best Practices for Audit Polices 435
- OUA Audit Policy Configuration 437
- Traditional Audit Policy Configuration 448
- Fine-Grained Auditing 453
- Enabling FGA 453
- Acting on the Audit 454
- Audit Storage, Audit Retention, and Reporting 455
- Oracle Audit Vault 455
- Audit Trail Retention Under OUA 456
- Audit Trail Retention Under Traditional Auditing 458
- Reporting on Database History 459
- Summary 460
- 13 An Applied Approach to Multitenancy and Cloud Security 461
- System Baseline and Configuration 462
- Facility and Infrastructure Security 462
- Personnel Security 464
- Configuration Management 465
- Equipment 465
- Secure Virtualization 466
- Operating System 467
- Jobs, Users, Groups/Roles, and Privileges 468
- Oracle Database 12c Multitenancy and Cloud Computing 471
- Cloud Computing 472
- Oracle 12c Software Installation 472
- Security-Related Installation Prerequisites and Installation Options 472
- Choosing the Number of Oracle Homes 473
- Securing the Oracle Home 473
- Are You Still Secure? 474
- Securing the Listener 474
- Managing Passwords 474
- Secure Database Initialization Parameters 475
- Installing and Securing Your Application 475
- Sensitive Data Discovery 475
- Account Management 476
- Privilege Management 477
- Least Privilege 477
- Data Access Controls 478
- Protecting Your Company Intellectual Property 478
- Database Firewall 479
- Data Encryption 480
- Network Data Encryption and Integrity 480
- Encryption of Data at Rest 481
- Encryption of Backup Data 482
- Auditing 484
- Oracle Auditing 484
- Oracle Audit Vault 485
- Audit Life Cycle Management 485
- Locking Down Your System 488
- Standards for Lockdown 488
- Secure Patching 490
- Monitoring and Alerting 492
- Monitoring Audit Events 492
- System Monitoring Using OEMCC 492
- Availability, Backup and Recovery, and Continuity of Operations 494
- Availability 495
- Backup and Recovery 496
- Summary 496
- A Sample Preparation Scripts 499
- Sample Pluggable Databases 500
- SALES Pluggable Database 500
- Human Resources (HR) Pluggable Database 500
- Sample Security Manager Account Creation 501
- Root Container 501
- Pluggable Databases 503
- Index 505
