Skip Headers
Oracle® Database 2 Day + Security Guide
11
g
Release 2 (11.2)
Part Number E10575-08
Home
Book List
Index
Master Index
Contact Us
Next
PDF
·
Mobi
·
ePub
Contents
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
1
Introduction to Oracle Database Security
About This Guide
Before Using This Guide
What This Guide Is and Is Not
Common Database Security Tasks
Tools for Securing Your Database
Securing Your Database: A Roadmap
2
Securing the Database Installation and Configuration
About Securing the Database Installation and Configuration
Using the Default Security Settings
Securing the Oracle Data Dictionary
About the Oracle Data Dictionary
Enabling Data Dictionary Protection
Guidelines for Securing Operating System Access to Oracle Database
Guideline for Granting Permissions to Run-Time Facilities
Initialization Parameters Used for Installation and Configuration Security
Modifying the Value of an Initialization Parameter
3
Securing Oracle Database User Accounts
About Securing Oracle Database User Accounts
Predefined User Accounts Provided by Oracle Database
Predefined Administrative Accounts
Predefined Non-Administrative User Accounts
Predefined Sample Schema User Accounts
Expiring and Locking Database Accounts
Requirements for Creating Passwords
Finding and Changing Default Passwords
Guideline for Handling the Default Administrative User Passwords
Guideline for Enforcing Password Management
Parameters Used to Secure User Accounts
4
Managing User Privileges
About Privilege Management
Guideline for Granting Privileges
Guideline for Granting Roles to Users
Guideline for Handling Privileges for the PUBLIC Role
Controlling Access to Applications with Secure Application Roles
About Secure Application Roles
Tutorial: Creating a Secure Application Role
Step 1: Create a Security Administrator Account
Step 2: Create User Accounts for This Tutorial
Step 3: Create the Secure Application Role
Step 4: Create a Lookup View
Step 5: Create the PL/SQL Procedure to Set the Secure Application Role
Step 6: Grant the EXECUTE Privilege for the Procedure to Matthew and Winston
Step 7: Test the EMPLOYEE_ROLE Secure Application Role
Step 8: Optionally, Remove the Components for This Tutorial
Initialization Parameters Used for Privilege Security
5
Securing the Network
About Securing the Network
Securing the Client Connection on the Network
Guidelines for Securing Client Connections
Guidelines for Securing the Network Connection
Protecting Data on the Network by Using Network Encryption
About Network Encryption
Configuring Network Encryption
Initialization Parameters Used for Network Security
6
Securing Data
About Securing Data
Encrypting Data Transparently with Transparent Data Encryption
About Encrypting Sensitive Data
When Should You Encrypt Data?
How Transparent Data Encryption Works
Configuring Data to Use Transparent Data Encryption
Step 1: Configure the Wallet Location
Step 2: Create the Wallet
Step 3: Open (or Close) the Wallet
Step 4: Encrypt (or Decrypt) Data
Checking Existing Encrypted Data
Checking Whether a Wallet Is Open or Closed
Checking Encrypted Columns of an Individual Table
Checking All Encrypted Table Columns in the Current Database Instance
Checking Encrypted Tablespaces in the Current Database Instance
Choosing Between Oracle Virtual Private Database and Oracle Label Security
Controlling Data Access with Oracle Virtual Private Database
About Oracle Virtual Private Database
Tutorial: Creating an Oracle Virtual Private Database Policy
Step 1: If Necessary, Create the Security Administrator Account
Step 2: Update the Security Administrator Account
Step 3: Create User Accounts for This Tutorial
Step 4: Create the F_POLICY_ORDERS Policy Function
Step 5: Create the ACCESSCONTROL_ORDERS Virtual Private Database Policy
Step 6: Test the ACCESSCONTROL_ORDERS Virtual Private Database Policy
Step 7: Optionally, Remove the Components for This Tutorial
Enforcing Row-Level Security with Oracle Label Security
About Oracle Label Security
Guidelines for Planning an Oracle Label Security Policy
Tutorial: Applying Security Labels to the HR.LOCATIONS Table
Step 1: Register Oracle Label Security and Enable the LBACSYS Account
Step 2: Create a Role and Three Users for the Oracle Label Security Tutorial
Step 3: Create the ACCESS_LOCATIONS Oracle Label Security Policy
Step 4: Define the ACCESS_LOCATIONS Policy-Level Components
Step 5: Create the ACCESS_LOCATIONS Policy Data Labels
Step 6: Create the ACCESS_LOCATIONS Policy User Authorizations
Step 7: Apply the ACCESS_LOCATIONS Policy to the HR.LOCATIONS Table
Step 8: Add the ACCESS_LOCATIONS Labels to the HR.LOCATIONS Data
Step 9: Test the ACCESS_LOCATIONS Policy
Step 10: Optionally, Remove the Components for This Tutorial
Controlling Administrator Access with Oracle Database Vault
About Oracle Database Vault
Tutorial: Controlling Administrator Access to the OE Schema
Step 1: Enable Oracle Database Vault
Step 2: Grant the SELECT Privilege on the OE.CUSTOMERS Table to User SCOTT
Step 3: Select from the OE.CUSTOMERS Table as Users SYS and SCOTT
Step 4: Create a Realm to Protect the OE.CUSTOMERS Table
Step 5: Test the OE Protections Realm
Step 6: Optionally, Remove the Components for This Tutorial
7
Auditing Database Activity
About Auditing
Why Is Auditing Used?
Where Are Standard Audit Activities Recorded?
Auditing General Activities Using Standard Auditing
About Standard Auditing
Enabling or Disabling the Standard Audit Trail
Using Default Auditing for Security-Relevant SQL Statements and Privileges
Individually Auditing SQL Statements
Individually Auditing Privileges
Using Proxies to Audit SQL Statements and Privileges in a Multitier Environment
Individually Auditing Schema Objects
Auditing Network Activity
Tutorial: Creating a Standard Audit Trail
Step 1: Log In and Enable Standard Auditing
Step 2: Enable Auditing for SELECT Statements on the OE.CUSTOMERS Table
Step 3: Test the Audit Settings
Step 4: Optionally, Remove the Components for This Tutorial
Step 5: Remove the SEC_ADMIN Security Administrator Account
Guidelines for Auditing
Guideline for Using Default Auditing of SQL Statements and Privileges
Guidelines for Managing Audited Information
Guidelines for Auditing Typical Database Activity
Guidelines for Auditing Suspicious Database Activity
Initialization Parameters Used for Auditing
Index
Scripting on this page enhances content navigation, but does not change the content in any way.