Save up to 30% on Elsevier print and eBooks with free shipping. No promo code needed.
Save up to 30% on print and eBooks.
Practical Oracle Security
Your Unauthorized Guide to Relational Database Security
1st Edition - November 12, 2007
Authors: Josh Shaul, Aaron Ingram
Language: English
eBook ISBN:9780080555669
9 7 8 - 0 - 0 8 - 0 5 5 5 6 6 - 9
This is the only practical, hands-on guide available to database administrators to secure their Oracle databases. This book will help the DBA to assess their current level of risk…Read more
Purchase options
LIMITED OFFER
Save 50% on book bundles
Immediately download your ebook while waiting for your print delivery. No promo code is needed.
This is the only practical, hands-on guide available to database administrators to secure their Oracle databases. This book will help the DBA to assess their current level of risk as well as their existing security posture. It will then provide practical, applicable knowledge to appropriately secure the Oracle database.
The only practical, hands-on guide for securing your Oracle database published by independent experts.
Your Oracle database does not exist in a vacuum, so this book shows you how to securely integrate your database into your enterprise.
Written for database administrators and security professionals responsible for securely deploying Oracle relational databases.
Author Acknowledgments
Authors
Technical Editor
Chapter 1: Oracle Security: The Big Picture
Introduction
A Brief History of Security Features in Oracle
The Regulatory Environment Driving Database Security
Major Data Theft Incidents
A Step-by-step Approach to Securing Oracle
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 2: File System
Introduction
Getting to Know Your Files
Reviewing Recommended Permissions
Managing Change
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 3: TNS Listener Security
Introduction
Introduction to the TNS Listener
Listener Vulnerabilities “By Design”
Fixing Listener Vulnerabilities by Applying Oracle Patch Sets and CPUs
Securing the Listener Configuration
Valid Node Checking
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 4: Managing Default Accounts
Introduction
The Role of Oracle Default Accounts From 9i to 10 g
Lock Accounts and Expire Default Passwords
Configure Strong Passwords
Unlock Accounts and Configure Impossible Passwords
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 5: PUBLIC Privileges
Introduction
The PUBLIC Group
Default Privileges on Sensitive Functions
Privileges You Should Never Grant to PUBLIC
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 6: Software Updates
Introduction
Understanding Oracle’s Patching Philosophy
Examining a CPU
Installing a Critical Patch Update
Evaluating Security Alerts
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 7: Passwords and Password Controls
Introduction
Configuring Strong Passwords
Password Controls Using Oracle Profiles
OS Authentication
Automated Scanning for Weak Passwords
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 8: Database Activity Monitoring
Introduction
Database Intrusion 101
Detecting Known Attack Patterns
Detecting Suspicious Activity
Tracking the Attacker
Adhering to Government and Industry Regulations
Summary
Solutions Fast Track
Frequently Asked Questions
Chapter 9: Implementation Guide
Introduction
Getting Started
Implementing Basic Security
Implementing Best Practices
Locking Down Your Database
Summary
Solutions Fast Track
Frequently Asked Questions
Index
No. of pages: 288
Language: English
Edition: 1
Published: November 12, 2007
Imprint: Syngress
eBook ISBN: 9780080555669
JS
Josh Shaul
Josh Shaul got started in the security industry with SafeNet, Inc. in 1997, working on the industry's first complete IPsec accelerator chip. During a five year tenure as a SafeNet developer, Josh spent time designing, developing and enhancing SafeNet's embedded security solutions for a wide range of applications. For the last four years Josh has focused primarily on field engineering, helping companies deploy security SW and HW into various Networking Devices, SoCs, and Processing Platforms. He is an expert on security protocols and standards, trusted computing, and application level security. Recently, Josh has focused primarily on database security, working to assist large organization in developing the proper defense-in-depth strategy to secure sensitive data at its source. Josh is currently responsible for Worldwide Systems Engineering at Application Security, Inc.
Affiliations and expertise
Director, Worldwide Systems Engineering at Application Security, Oracle Expert, New York, NY
AI
Aaron Ingram
Aaron has fifteen years experience developing enterprise software, focusing on database systems and security applications. After graduating with a Bachelor's degree in computer science from Columbia University, he worked at Accenture as a consultant for Fortune 500 financial and telecommunication companies and for various government agencies. He then worked for ShieldIP creating Digital Rights Protection technology. Most recently, he merged his extensive database background with his security skills to manage the development of Application Security's real-time database intrusion detection and security auditing solution, AppRadar.
Affiliations and expertise
Security Engineer at Application Security, Oracle and Spyglass Expert, New York, NY