PacktLib: Oracle 11g Anti-hacker's Cookbook

Oracle 11g Anti-hacker's Cookbook



About the Author

About the Reviewers


Operating System Security


Using Tripwire for file integrity checking

Using immutable files to prevent modifications

Closing vulnerable network ports and services

Using network security kernel tunables to protect your system

Using TCP wrappers to allow and deny remote connections

Enforcing the use of strong passwords and restricting the use of previous passwords

Restricting direct login and su access

Securing SSH login

Securing the Network and Data in Transit


Hijacking an Oracle connection

Using OAS network encryption for securing data in motion

Using OAS data integrity for securing data in motion

Using OAS SSL network encryption for securing data in motion

Encrypting network communication using IPSEC

Encrypting network communication with stunnel

Encrypting network communication using SSH tunneling

Restricting the fly listener administration using the ADMIN_RESTRICTION_LISTENER parameter

Securing external program execution (EXTPROC)

Controlling client connections using the TCP.VALIDNODE_CHECKING listener parameter

Securing Data at Rest


Using block device encryption

Using filesystem encryption with eCryptfs

Using DBMS_CRYPTO for column encryption

Using Transparent Data Encryption for column encryption

Using TDE for tablespace encryption

Using encryption with data pump

Using encryption with RMAN

Authentication and User Security


Performing a security evaluation using Oracle Enterprise Manager

Using an offline Oracle password cracker

Using user profiles to enforce password policies

Using secure application roles

How to perform authentication using external password stores

Using SSL authentication

Beyond Privileges: Oracle Virtual Private Database


Using session-based application contexts

Implementing row-level access policies

Using Oracle Enterprise Manager for managing VPD

Implementing column-level access policies

Implementing VPD grouped policies

Granting exemptions from VPD policies

Beyond Privileges: Oracle Label Security


Creating and using label components

Defining and using compartments and groups

Using label policy privileges

Using trusted stored units

Beyond Privileges: Oracle Database Vault


Creating and using Oracle Database Vault realms

Creating and using Oracle Vault command rules

Creating and using Oracle Database Vault rulesets

Creating and using Oracle Database Vault factors

Creating and using Oracle Database Vault reports

Tracking and Analysis: Database Auditing


Determining how and where to generate audit information

Auditing sessions

Auditing statements

Auditing objects

Auditing privileges

Implementing fine-grained auditing

Integrating Oracle audit with SYSLOG

Auditing sys administrative users