Skip Headers
Oracle® Database 2 Day + Security Guide
11g Release 1 (11.1)
Part Number B28337-03
Home
Book List
Index
Master Index
Contact Us
Next
View PDF
Contents
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
1
Introduction to Oracle Database Security
1.1
About This Guide
1.1.1
Before Using This Guide
1.1.2
What This Guide Is and Is Not
1.2
Common Database Security Tasks
1.3
Tools for Securing Your Database
1.4
Securing Your Database: A Roadmap
2
Securing the Database Installation and Configuration
2.1
About Securing the Database Installation and Configuration
2.2
Enabling the Default Security Settings
2.3
Securing the Oracle Data Dictionary
2.3.1
About the Oracle Data Dictionary
2.3.2
Enabling Data Dictionary Protection
2.4
Restricting Operating System Access
2.5
Restricting Permissions on Run-Time Facilities
2.6
Initialization Parameters Used for Installation and Configuration Security
2.6.1
Modifying the Value of an Initialization Parameter
3
Securing Oracle Database User Accounts
3.1
About Securing Oracle Database User Accounts
3.2
Predefined User Accounts Provided by Oracle Database
3.2.1
Predefined Administrative Accounts
3.2.2
Predefined Non-Administrative User Accounts
3.2.3
Predefined Sample Schema User Accounts
3.3
Expiring and Locking Database Accounts
3.4
Requirements for Creating Passwords
3.5
Finding and Changing Default Passwords
3.6
Changing the Default Administrative User Passwords
3.7
Enforcing Password Management
3.8
Initialization Parameters Used to Secure User Accounts
4
Managing User Privileges
4.1
About Privilege Management
4.2
Granting Necessary Privileges Only
4.3
Revoking Privileges from the PUBLIC User Group
4.4
Granting Roles to Users
4.5
Controlling Access to Applications with Secure Application Roles
4.5.1
About Secure Application Roles
4.5.2
Example: Creating a Secure Application Role
4.5.2.1
Step 1: Create a Security Administrator Account
4.5.2.2
Step 2: Create User Accounts for This Example
4.5.2.3
Step 3: Create the Secure Application Role
4.5.2.4
Step 4: Create a Lookup Table
4.5.2.5
Step 5: Create the PL/SQL Package to Set the Secure Application Role
4.5.2.6
Step 6: Grant EXECUTE Privileges for the Procedure to Matthew and Winston
4.5.2.7
Step 7: Test the EMPLOYEE_ROLE Secure Application Role
4.5.2.8
Step 8: Optionally, Remove the Components for This Example
4.6
Initialization Parameters Used for Privilege Security
5
Securing the Network
5.1
About Securing the Network
5.2
Securing the Client Connection on the Network
5.2.1
Guidelines for Securing Client Connections
5.2.2
Securing the Network Connection
5.2.3
Securing a Secure Sockets Layer Connection
5.3
Protecting Data on the Network by Using Network Encryption
5.3.1
About Network Encryption
5.3.2
Configuring Network Encryption
5.4
Initialization Parameters Used for Network Security
6
Securing Data
6.1
About Securing Data
6.2
Encrypting Data Transparently with Transparent Data Encryption
6.2.1
About Encrypting Sensitive Data
6.2.2
When Should You Encrypt Data?
6.2.3
How Transparent Data Encryption Works
6.2.4
Configuring Data to Use Transparent Data Encryption
6.2.4.1
Step 1: Configure the Wallet Location
6.2.4.2
Step 2: Create the Wallet
6.2.4.3
Step 3: Open (or Close) the Wallet
6.2.4.4
Step 4: Encrypt (or Decrypt) Data
6.2.5
Checking Existing Encrypted Data
6.2.5.1
Checking Whether a Wallet Is Open or Closed
6.2.5.2
Checking Encrypted Columns of an Individual Table
6.2.5.3
Checking All Encrypted Table Columns in the Current Database Instance
6.2.5.4
Checking Encrypted Tablespaces in the Current Database Instance
6.3
Controlling Data Access with Oracle Virtual Private Database
6.3.1
About Oracle Virtual Private Database
6.3.2
Example: Creating an Oracle Virtual Private Database Policy
6.3.2.1
Step 1: If Necessary, Create the Security Administrator Account
6.3.2.2
Step 2: Update the Security Administrator Account
6.3.2.3
Step 3: Create User Accounts for This Example
6.3.2.4
Step 4: Create the F_POLICY_ORDERS Policy Function
6.3.2.5
Step 5: Create the ACCESSCONTROL_ORDERS Virtual Private Database Policy
6.3.2.6
Step 6: Test the ACCESSCONTROL_ORDERS Virtual Private Database Policy
6.3.2.7
Step 7: Optionally, Remove the Components for This Example
6.4
Enforcing Row-Level Security with Oracle Label Security
6.4.1
About Oracle Label Security
6.4.2
Guidelines for Planning an Oracle Label Security Policy
6.4.3
Example: Applying Security Labels to the HR.LOCATIONS Table
6.4.3.1
Step 1: Install Oracle Label Security and Enable User LBACSYS
6.4.3.2
Step 2: Create a Role and Three Users for the Oracle Label Security Example
6.4.3.3
Step 3: Create the ACCESS_LOCATIONS Oracle Label Security Policy
6.4.3.4
Step 4: Define the ACCESS_LOCATIONS Policy-Level Components
6.4.3.5
Step 5: Create the ACCESS_LOCATIONS Policy Data Labels
6.4.3.6
Step 6: Create the ACCESS_LOCATIONS Policy User Authorizations
6.4.3.7
Step 7: Apply the ACCESS_LOCATIONS Policy to the HR.LOCATIONS Table
6.4.3.8
Step 8: Add the ACCESS_LOCATIONS Labels to the HR.LOCATIONS Data
6.4.3.9
Step 9: Test the ACCESS_LOCATIONS Policy
6.4.3.10
Step 10: Optionally, Remove the Components for This Example
6.5
Controlling Administrator Access with Oracle Database Vault
6.5.1
About Oracle Database Vault
6.5.2
Example: Controlling Administrator Access to the OE Schema
6.5.2.1
Step 1: Install and Register Oracle Database Vault, and Enable Its User Accounts
6.5.2.2
Step 2: Grant the SELECT Privilege on the OE.CUSTOMERS Table to User SCOTT
6.5.2.3
Step 3: Select from the OE.CUSTOMERS Table as Users SYS and SCOTT
6.5.2.4
Step 4: Create a Realm to Protect the OE.CUSTOMERS Table
6.5.2.5
Step 5: Test the OE Protections Realm
6.5.2.6
Step 6: Optionally, Remove the Components for This Example
7
Auditing Database Activity
7.1
About Auditing
7.2
Why Is Auditing Used?
7.3
Where Are Standard Audited Activities Recorded?
7.4
Auditing General Activities Using Standard Auditing
7.4.1
About Standard Auditing
7.4.2
Enabling or Disabling the Standard Audit Trail
7.4.3
Using Default Auditing for Security-Relevant SQL Statements and Privileges
7.4.3.1
About Default Auditing
7.4.3.2
Enabling Default Auditing
7.4.4
Individually Auditing SQL Statements
7.4.5
Individually Auditing Privileges
7.4.6
Using Proxies to Audit SQL Statements and Privileges in a Multitier Environment
7.4.7
Individually Auditing Schema Objects
7.4.8
Auditing Network Activity
7.5
Example: Creating a Standard Audit Trail
7.5.1
Step 1: Log In and Enable Standard Auditing
7.5.2
Step 2: Enable Auditing for SELECT Statements on the OE.CUSTOMERS Table
7.5.3
Step 3: Test the Audit Settings
7.5.4
Step 4: Optionally, Remove the Components for This Example
7.5.5
Step 5: Remove the SEC_ADMIN Security Administrator Account
7.6
Guidelines for Auditing
7.6.1
Enabling Default Auditing of SQL Statements and Privileges
7.6.2
Keeping Audited Information Manageable
7.6.3
Auditing Typical Database Activity
7.6.4
Auditing Suspicious Database Activity
7.7
Initialization Parameters Used for Auditing
Index