This is the only practical, hands-on guide available to database administrators to secure their Oracle databases. This book will help the DBA to assess their current level of risk as well as their existing security posture. It will then provide practical, applicable knowledge to appropriately secure the Oracle database. The book’s companion Web site contains dozens of working scripts that DBA’s can use to secure and automate their Oracle databases.

Key Features

* The only practical, hands-on guide for securing your Oracle database published by independent experts. * Companion Web site contains dozens of scripts to help you automate security tasks. * Your Oracle database does not exist in a vacuum, so this book shows you how to securely integrate your database into your enterprise.


Written for database administrators and security professionals responsible for securely deploying Oracle relational databases.

Table of Contents

  • Author Acknowledgments
  • Authors
  • Technical Editor
  • Chapter 1: Oracle Security: The Big Picture
    • Introduction
    • A Brief History of Security Features in Oracle
    • The Regulatory Environment Driving Database Security
    • Major Data Theft Incidents
    • A Step-by-step Approach to Securing Oracle
    • Summary
    • Solutions Fast Track
    • Frequently Asked Questions
  • Chapter 2: File System
    • Introduction
    • Getting to Know Your Files
    • Reviewing Recommended Permissions
    • Managing Change
    • Summary
    • Solutions Fast Track
    • Frequently Asked Questions
  • Chapter 3: TNS Listener Security
    • Introduction
    • Introduction to the TNS Listener
    • Listener Vulnerabilities “By Design”
    • Fixing Listener Vulnerabilities by Applying Oracle Patch Sets and CPUs
    • Securing the Listener Configuration
    • Valid Node Checking
    • Summary
    • Solutions Fast Track
    • Frequently Asked Questions
  • Chapter 4: Managing Default Accounts
    • Introduction
    • The Role of Oracle Default Accounts From 9i to 10 g
    • Lock Accounts and Expire Default Passwords
    • Configure Strong Passwords
    • Unlock Accounts and Configure Impossible Passwords
    • Summary
    • Solutions Fast Track
    • Frequently Asked Questions
  • Chapter 5: PUBLIC Privileges
    • Introduction
    • The PUBLIC Group
    • Default Privileges on Sensitive Functions
    • Privileges You Should Never Grant to PUBLIC
    • Summary
    • Solutions Fast Track
    • Frequently Asked Questions
  • Chapter 6: Software Updates
    • Introduction
    • Understanding Oracle’s Patching Philosophy
    • Examining a CPU
    • Installing a Critical Patch Update


No. of pages:
© 2007
Print ISBN:
Electronic ISBN:

About the authors

Aaron Ingram

Aaron has fifteen years experience developing enterprise software, focusing on database systems and security applications. After graduating with a Bachelor's degree in computer science from Columbia University, he worked at Accenture as a consultant for Fortune 500 financial and telecommunication companies and for various government agencies. He then worked for ShieldIP creating Digital Rights Protection technology. Most recently, he merged his extensive database background with his security skills to manage the development of Application Security's real-time database intrusion detection and security auditing solution, AppRadar.

Josh Shaul

Josh Shaul got started in the security industry with SafeNet, Inc. in 1997, working on the industry's first complete IPsec accelerator chip. During a five year tenure as a SafeNet developer, Josh spent time designing, developing and enhancing SafeNet's embedded security solutions for a wide range of applications. For the last four years Josh has focused primarily on field engineering, helping companies deploy security SW and HW into various Networking Devices, SoCs, and Processing Platforms. He is an expert on security protocols and standards, trusted computing, and application level security. Recently, Josh has focused primarily on database security, working to assist large organization in developing the proper defense-in-depth strategy to secure sensitive data at its source. Josh is currently responsible for Worldwide Systems Engineering at Application Security, Inc.