Skip Headers
Oracle® Database 2 Day + Security Guide
11g Release 1 (11.1)

Part Number B28337-03
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
View PDF

Index

A  B  C  D  E  F  G  H  I  K  L  M  N  O  P  R  S  T  U  V  W  X 

A

access control
data encryption, 6.2.2
enforcing, 5.2.1
Oracle Label Security, 6.4.1
administrative accounts
about, 3.2.1
access, 5.2.2
passwords, 3.6
predefined, listed, 3.2.1
administrators
privileges for listener.ora file, 5.2.2
restricting access of, 6.5
separation of duty, 6.5.1
ANONYMOUS user, 3.2.1
ANY system privilege, protecting data dictionary, 2.3.2
APEX_PUBLIC_USER user, 3.2.2
application contexts
Oracle Virtual Private Database, used with, 6.3.1
audit files
archiving and purging, 7.6.3
operating system file, writing to, 7.4.2
audit records
types, 7.3
viewing, 7.3
audit trail
DB setting, 7.4.2
XML file output, 7.4.2
auditing
about, 7.1
DDL statements, 7.4.4
default security setting, modified by, 7.4.3
DML statements, 7.4.4
fine-grained auditing, 7.1
guidelines, security, 7.6
historical information, 7.6.3
keeping information manageable, 7.6.2
monitoring user actions, 7.1
privilege audit options, 7.4.5
reasons to audit, 7.2
Sarbanes-Oxley Act
default auditing, 7.6.1
requirements, 7.4.3.1
suspicious activity, 7.6.4
viewing audit records, 7.3
where recorded, 7.3
authentication
certificate, 5.2.1
client, 5.2.1, 5.2.1
remote, 5.2.1, 5.2.1
strong, 3.7
user, 5.2.1
AUTHID CURRENT USER invoker's rights clause, 4.5.2.5

B

BFILEs
restricting access, 2.4
BI user, 3.2.3

C

certificate authentication, 5.2.1
certificate key algorithm, Secure Sockets Layer, 5.2.3
certificates for user and server authentication, 5.2.1
cipher suites, Secure Sockets Layer, 5.2.3
client connections
stolen, 5.2.1
client guidelines, 5.2.1
configuration files, 5.2.3, 5.2.3
listener.ora
administering listener remotely, 5.2.2
sample, 5.2.2
tnsnames.ora, 5.2.3
typical directory, 5.2.3, 5.2.3
CONNECT role, privilege available to, 4.4
CONNECT statement
AS SYSDBA privilege, connecting with, 2.3.2
connections
AS SYSDBA privilege, 2.3.2
securing, 5.2
SYS user, 4.2
CREATE ANY TABLE statement, 4.2
CREATE DBLINK statement, 4.4
CREATE EXTERNAL JOB privilege
default security setting, modified by, 2.2
CREATE SESSION statement, 4.4
CREATE TABLE statement, auditing, 7.4.4
CTXSYS user, 3.2.1

D

data definition language
auditing, 7.4.4
data dictionary
about, 2.3.1
securing, 2.3.2
data dictionary views
DBA_USERS, 3.7
DBA_USERS_WITH_DEFPWD, 3.5
data files
restricting access, 2.4
data manipulation language, auditing, 7.4.4
database
restarting, 7.5.2
shutting down, 7.5.2
starting, 7.5.2
database accounts
See user accounts
Database Configuration Assistant
auditing by default, 7.4.3.1
default passwords, changing, 3.6
Oracle Database Vault, installing, 6.5.2.1
Oracle Label Security, installing, 6.4.3.1
Database Control
See Oracle Enterprise Manager Database Control
DBA_USERS data dictionary view, 3.7
DBA_USERS_WITH_DEFPWD data dictionary view, 3.5
DBCA
See Database Configuration Assistant
DBSNMP user
about, 3.2.1
passwords, default, 3.6
default passwords
administrative accounts, using with, 3.6
importance of changing, 3.5
default permissions, 2.4
default security settings
about, 2.2
enabling, 2.2
Denial of Service (DoS) attacks
audit trail, writing to operating system file, 7.4.2
networks, addressing, 5.2.2
See also security attacks
DIP user, 3.2.2
disabling unnecessary services, 5.2.2
DROP ANY TABLE statement, 2.3.2
DROP TABLE statement, auditing, 7.4.4

E

encryption
about, 6.2.1
algorithms, described, 5.3.2
components, 6.2.1
data transfer, 5.2.2
network, 5.3
network traffic, 5.2.2
reasons not to encrypt, 6.2.2
reasons to encrypt, 6.2.2
Enterprise Edition, 3.7
examples
Oracle Label Security, 6.4.3
Oracle Virtual Private Database, 6.3.2
secure application roles, 4.5.2
standard auditing, 7.5
user session information, retrieving with SYS_CONTEXT, 6.3.2.4
EXECUTE privilege, 4.3
EXFSYS user, 3.2.1
external tables, 2.4

F

files
audit
archiving, 7.6.3
DoS attacks, recommendations, 7.4.2
configuration, 5.2.2
listener.ora, 5.2.2, 5.2.3
restrict listener access, 5.2.2
restricting access, 2.4
server.key, 5.2.3
symbolic links, restricting, 2.4
tsnames.ora, 5.2.3
fine-grained auditing, 7.1
firewalls
Axent, 5.2.2
CheckPoint, 5.2.2
Cisco, 5.2.2
database server, keeping behind, 5.2.2
Firewall-1, 5.2.2
Gauntlet, 5.2.2
guidelines, 5.2.2
Network Associates, 5.2.2
PIX Firewall, 5.2.2
ports, 5.2.3
Raptor, 5.2.2
supported
packet-filtered, 5.2.2
proxy-enabled, 5.2.2
FLOWS_30000 user, 3.2.2
FLOWS_FILES user, 3.2.2
FTP service
disabling, 5.2.2

G

GRANT ALL PRIVILEGES privilege, 2.3.2
guidelines for security
auditing, security, 7.6
operating system accounts, limiting privileges, 2.4
operating system users, limiting number of, 2.4
Oracle home default permissions, disallowing modifying of, 2.4
passwords, 3.4
Secure Sockets Layer
mode, 5.2.3
TCPS protocol, 5.2.3
symbolic links, restricting, 2.4

H

HR user, 3.2.3
HTTPS port, 5.2.3

I

identity theft
See security attacks
initialization parameters
AUDIT_FILE_DESTINATION, 7.7
AUDIT_SYS_OPERATIONS, 7.7
AUDIT_SYSLOG_LEVEL, 7.7
AUDIT_TRAIL, 7.7
configuration related, 2.6
default security, modified by, 2.2
FAILED_LOGIN_ATTEMPTS, 3.8
installation related, 2.6
MAX_ENABLED_ROLES, 4.6
modifying, 2.6.1
O7_DICTIONARY_ACCESSIBILITY
about, 2.6
data dictionary, protecting, 2.3.2
default setting, 2.3.2
setting in Database Control, 2.3.2
OS_AUTHENT_PREFIX, 5.4
OS_ROLES, 4.6
PASSWORD_GRACE_TIME, 3.8
PASSWORD_LIFE_TIME, 3.8
PASSWORD_LOCK_TIME, 3.8
PASSWORD_REUSE_MAX, 3.8
PASSWORD_REUSE_TIME, 3.8
REMOTE_LISTENER, 5.4
REMOTE_OS_AUTHENT, 5.2.1, 5.4
REMOTE_OS_ROLES, 4.6, 5.4
SEC_CASE_SENSITIVE_LOGIN, 3.8
SEC_MAX_FAILED_LOGIN_ATTEMPTS, 3.8
SEC_RETURN_SERVER_RELEASE_BANNER, 2.6
SQL92_SECURITY, 4.6
invoker's rights, 4.5.2.5
IP addresses
falsifying, 5.2.2
guidelines, 5.2.1
IX user, 3.2.3

K

Kerberos authentication
password management, 3.7

L

LBACSYS user, 3.2.1
least privilege principle, 4.2, 4.2
listener
establishing a password, 5.2.2
not an Oracle owner, 5.2.2
preventing online administration, 5.2.2
restrict privileges, 5.2.2, 5.2.2
secure administration, 5.2.2
listener.ora file
administering remotely, 5.2.2
default location, 5.2.3
online administration, preventing, 5.2.2
TCPS, securing, 5.2.3
log files
restricting access, 2.4

M

MDDATA user, 3.2.2
MDSYS user, 3.2.1
MGMT_VIEW user, 3.2.1
monitoring
See auditing
multiplex multiple-client network sessions, 5.2.2
multitier environments, auditing, 7.4.6

N

Net8 network utility
See Oracle Net
network activity
auditing, 7.4.8
network authentication services, 3.7
smart cards, 3.7
token cards, 3.7
X.509 certificates, 3.7
network encryption
about, 5.3.1
components, 5.3.1
configuring, 5.3.2
network IP addresses, 5.2.2
network security
Denial of Service attacks, addressing, 5.2.2
guidelines for clients, 5.2.1
Secure Sockets Layer guidelines, 5.2.3

O

object privileges, 4.2
OE user, 3.2.3
OLAPSYS user, 3.2.1
operating system access, restricting, 2.4
operating system account privileges, limiting, 2.4
operating system users, limiting number of, 2.4
operating systems
compromised, 5.2.1
default permissions, 2.4
Oracle Advanced Security
authentication protection, 3.7
network traffic encryption, 5.2.2
Oracle Connection Manager
firewall configuration, 5.2.2
Oracle Database Vault
about, 6.5.1
components, 6.5.1
example, 6.5.2
installing, 6.5.2.1, 6.5.2.1
registering with database, 6.5.2.1
regulatory compliances, how meets, 6.5.1
Oracle Enterprise Manager Database Control
about, 1.3
starting, 2.3.2
Oracle home
default permissions, disallowing modifying of, 2.4
Oracle Java Virtual Machine (OJVM), 2.5
Oracle Label Security (OLS)
about, 6.4.1
components, 6.4.1
example, 6.4.3
guidelines in planning, 6.4.2
how it works, 6.4.1
installing, 6.4.3.1
Oracle Net
encrypting network traffic, 5.3.2
firewall support, 5.2.2
Oracle Virtual Private Database (VPD)
about, 6.3.1
advantages, 6.3.1
application contexts, 6.3.1
components, 6.3.1
example, 6.3.2
Oracle Wallet Manager
wallet, creating, 6.2.4.1
with transparent data encryption, 6.2.4.2
ORACLE_OCM user, 3.2.2
ORDPLUGINS user, 3.2.1
ORDSYS user, 3.2.1
OUTLN user, 3.2.1
OWBSYS user, 3.2.1

P

pass phrase
read and parse server.key file, 5.2.3
passwords
administrative, 3.6
administrative user, 3.6
changing, 3.5
complexity, 3.7
default security setting, modified by, 2.2
default user account, 3.5
history, 3.7
length, 3.7
listener, establishing for, 5.2.2
management, 3.7
management rules, 3.7
profiles
enabling default settings, 7.4.3.2
SYS user, 3.6
SYSTEM user, 3.6
passwords for security
requirements, 3.4
permissions
default, 2.4
run-time facilities, 2.5
PM user, 3.2.3
principle of least privilege, 4.2, 4.2
privileges
about, 4.1
auditing, 7.4.5, 7.4.5
CREATE DBLINK statement, 4.4
system
ANY, 2.3.2
DROP ANY TABLE, 2.3.2
SELECT ANY DICTIONARY, 2.3.2
SYSTEM and OBJECT, 4.2
using proxies to audit, 7.4.6
PUBLIC user, 3.2.2
PUBLIC user group, revoking unnecessary privileges and roles, 4.3

R

remote authentication, 5.2.1, 5.2.1
REMOTE_OS_AUTHENT initialization parameter, 5.2.1
roles
CONNECT, 4.4
create your own, 4.4
job responsibility privileges only, 4.4
root file paths
for files and packages outside the database, 2.5
RSA private key, 5.2.3
run-time facilities, restricting permissions, 2.5

S

Sarbanes-Oxley Act
auditing requirements, 7.4.3.1
default auditing, 7.6.1
schema objects, auditing, 7.4.7
SCOTT user
about, 3.2.3
restricting privileges of, 4.4
sec_admin example security administrator
creating, 4.5.2.1
removing, 7.5.5
secure application roles
about, 4.5.1
advantages, 4.5.1
components, 4.5.1
example, 4.5.2
invoker's rights, 4.5.2.5
user environment information from SYS_CONTEXT SQL function, 4.5.2.5
Secure Sockets Layer (SSL)
administering listener remotely, 5.2.2
certificate key algorithm, 5.2.3
certificates, enabling for user and server, 5.2.1
cipher suites, 5.2.3
configuration files, securing, 5.2.3
guidelines for security, 5.2.3
mode, 5.2.3
pass phrase, 5.2.3
RSA private key, 5.2.3
server.key file, 5.2.3
TCPS, 5.2.3
security administrator
example of creating, 4.5.2.1
removing sec_admin, 7.5.5
security attacks
applications, 5.2.1
client connections, 5.2.1
Denial of Service, 5.2.2
eavesdropping, 5.2.1
falsified IP addresses, 5.2.1
falsified or stolen client system identities, 5.2.1
network connections, 5.2.2
Secure Sockets Layer connections, 5.2.3
security tasks, common, 1.2
SELECT ANY DICTIONARY privilege
data dictionary, accessing, 2.3.2
GRANT ALL PRIVILEGES privilege, not included in, 2.3.2
sensitive data
Oracle Label Security, 6.4.1
Oracle Virtual Private Database, 6.3.1
secure application roles, 4.5.1
separation of duty concepts, 4.5.2.1
separation-of-duty principles
about, 6.5.1
Oracle Database Vault, 6.5.2.2
server.key file
pass phrase to read and parse, 5.2.3
session information, retrieving, 6.3.1
SH user, 3.2.3
SI_INFORMTN_SCHEMA user, 3.2.1
smart cards, 3.7
SPATIAL_CSW_ADMIN_USR user, 3.2.2
SPATIAL_WFS_ADMIN_USR user, 3.2.2
SQL statements
auditing, 7.4.4
using proxies to audit, 7.4.6
SQL*Net network utility, 5.2.2
SSL
See Secure Sockets Layer
standard auditing
about, 7.4.1
auditing by default, 7.4.3.1
enabling or disabling audit trail, 7.4.2
example, 7.5
in multitier environment, 7.4.6
network activity, 7.4.8
privileges, 7.4.5
proxies, 7.4.6, 7.4.6
schema objects, 7.4.7
SQL statements, 7.4.4
strong authentication, 3.7
symbolic links, restricting, 2.4
SYS user
about, 3.2.1
password use, 3.6
SYS_CONTEXT SQL function
example, 6.3.2.4
validating users, 4.5.2.5
SYS.AUD$ database audit trail table
about, 7.4.2
DB (database) option, 7.5.1
DB, EXTENDED option, 7.4.2
XML, EXTENDED option, 7.4.2
SYSDBA system privilege, 7.5.2
SYSMAN user
about, 3.2.1
password use, 3.6
passwords, default, 3.6
SYS-privileged connections, 4.2
system administrator
See administrative accounts, security administrator
system identities, stolen, 5.2.1
system privileges, 4.2
ANY, 2.3.2
DROP ANY TABLE statement, 2.3.2
SELECT ANY DICTIONARY, 2.3.2
SYSTEM user
about, 3.2.1
password use, 3.6

T

tablespaces
encrypting, 6.2.4.4.2
TCP ports
closing for ALL disabled services, 5.2.2
TCPS protocol
Secure Sockets Layer, used with, 5.2.2
tnsnames.ora file, used in, 5.2.3
TDE
See transparent data encryption
TELNET service, disabling, 5.2.2
TFTP service
disabling, 5.2.2
token cards, 3.7
trace files restricting access, 2.4
transparent data encryption
about, 6.2.3
advantages, 6.2.3
components, 6.2.3
configuring, 6.2.4
how it works, 6.2.3
performance effects, 6.2.3
storage space, 6.2.3
table columns
checking in database instances, 6.2.5.3
checking individual tables, 6.2.5.2
encrypting, 6.2.4.4.1
tablespaces
checking, 6.2.5.4
tablespaces, encrypting, 6.2.4.4.2
wallets, 6.2.4.2
TSMSYS user, 3.2.1
tsnames.ora
guidelines, 5.2.3
typical directory, 5.2.3

U

UDP ports
closing for ALL disabled services, 5.2.2
user accounts
about, 3.1
administrative user passwords, 3.6
default, changing password, 3.5
expiring, 3.3
finding information about, 3.7
locking, 3.3
password requirements, 3.4
predefined
administrative, 3.2.1
non-administrative, 3.2.2
sample schema, 3.2.3
securing, 3
unlocking, 3.3
user accounts, predefined
ANONYMOUS, 3.2.1
APEX_PUBLIC_USER, 3.2.2
BI, 3.2.3
CTXSYS, 3.2.1
DBSNMP, 3.2.1
DIP, 3.2.2
EXFSYS, 3.2.1
FLOWS_30000, 3.2.2
FLOWS_FILES, 3.2.2
HR, 3.2.3
IX, 3.2.3
LBACSYS, 3.2.1
MDDATA, 3.2.2
MDSYS, 3.2.1
MGMT_VIEW, 3.2.1
OE, 3.2.3
OLAPSYS, 3.2.1
ORACLE_OCM, 3.2.2
ORDPLUGINS, 3.2.1
ORDSYS, 3.2.1
OUTLN, 3.2.1
OWBSYS, 3.2.1
PM, 3.2.3
PUBLIC, 3.2.2
SCOTT, 3.2.3, 4.4
SH, 3.2.3
SI_INFORMTN_SCHEMA, 3.2.1
SPATIAL_CSW_ADMIN_USR, 3.2.2
SPATIAL_WFS_ADMIN_USR, 3.2.2
SYS, 3.2.1
SYSMAN, 3.2.1
SYSTEM, 3.2.1
TSMSYS, 3.2.1
WK_TEST, 3.2.1
WKPROXY, 3.2.1
WKSYS, 3.2.1
WMSYS, 3.2.1
XDB, 3.2.1
XS$NULL, 3.2.2
user session information, retrieving, 6.3.1

V

valid node checking, 5.2.2
views
See data dictionary views
Virtual Private Database
See Oracle Virtual Private Database
VPD
See Oracle Virtual Private Database
vulnerable run-time call, 2.5
made more secure, 2.5

W

WK_TEST user, 3.2.1
WKPROXY user, 3.2.1
WKSYS user, 3.2.1
WMSYS user, 3.2.1

X

X.509 certificates, 3.7
XDB user, 3.2.1
XS$NULL user, 3.2.2