Effective Oracle Database 10g Security by Design

Name: Effective Oracle Database 10g Security by Design
Price: 5.19 USD
Availability: InStock
ISBN: 9780072231304

ISBN-10: 0072231300

ISBN-13: 9780072231304

Edition: 2004

Authors: David Knox

List price: $84.00

30 day, 100% satisfaction guarantee!

Marketplace

3 new & used from $5.19

what's this?

Rush Rewards U
Members Receive:

You have reached 400 XP and carrot coins. That is the daily max!

This text provides solutions for the Oracle security puzzle. The technologies are reviewed but the emphasis is on practical use.

Book details

List price: $84.00
Copyright year: 2004
Publisher: McGraw-Hill Education
Publication date: 7/8/2004
Binding: Paperback
Pages: 544
Size: 7.30" wide x 9.10" long x 1.14" tall
Weight: 1.936
Language: English

Dr. Dan L. Heitger is the Deloitte Professor of Accounting and Co-Director of the Center for Business Excellence at Miami University. He received his Ph.D. from Michigan State University and his undergraduate degree in accounting from Indiana University. He actively works with executives and students of all levels in developing and teaching courses in managerial accounting, business sustainability, risk management, stakeholder management, governance, and business reporting. He co-founded an organization that provides executive education for large international organizations. His interactions with business professionals, through executive education and the Center, allow him to bring a…



Foreword


Acknowledgments


Introduction



Quick Start



General Security Best Practices


Security Policies


Different Policies for Different Needs


Understanding Security Requirements


Policy Creation


Practical Policies


The Tenets of Security


Security by Design


Defense in Depth


Least Privileges


Risk Analysis


Document Your Risk Analysis


Expect the Unexpected


Contingency Planning and Incident Response


Snapshots and Situational Awareness


Cover All the Areas


Hardening the Infrastructure


The Operating System


The Network


The Application Server



Securing the Database


Securing (Default) User Accounts


Lock Down Example


Throw Out Anything Stale


Oracle Passwords


Application Password Authentication Using Oracle's Native Password Store


Checking for Weak or Default Passwords


Impossible Passwords


Managing and Ensuring Good Passwords


Limiting Database Resources


Resource Limits


Default Roles


Connect


Resource


DBA


Public Privileges


When to Grant Privileges to Public


Oracle Supplied Objects


Securing the Network


Encryption


Database Listener



Identification and Authentication



Understanding Identification and Authentication


Importance of Identification and Authentication


Identification Methods


User-Supplied Identification


Technological Identification


Identity Crisis


Spoofing


Identity Theft


Authentication


Methods


Best Practices for Secure Authentication


Single Sign-On


Why Single Sign-On Exists


Challenges to Single Sign-On


Database I&A


Associating Users with Database Schemas


Separate Users and Data


Identity Preservation


Determining the Appropriate Level of I&A



Connection Pools and Proxy Authentication


Heritage


Host-Based Identification and Authentication


Client-Server Identification and Authentication


Web Applications


The Stateless Environment


Web Databases


Connection Pools


Oracle Implicit Connection Cache


Security Risks


Session Pools and the Oracle OCI Connection Pool


OCI Connection Pool Example


Password Management Risk


Proxy Authentication


Proxy Example


Proxy Authentication Database Setup


Proxy Authentication Modes


Forcing Proxy Authentication



Identity Management and Enterprise Users


Identity Management


Directory Services


IM Components


Oracle Internet Directory (OiD)


Enterprise Users


History


Setting Up EUS


LDAP Setup


Database Setup


Applying EUS


Creating the Enterprise User


The Connection Process


User-Schema Mappings


Creating the Shared Schemas


Directory Mappings


Mapping Permutations Example


Exclusive Schemas


Considerations


Single Credentials and Performance


Dependencies



Identification and Authentication for Web Applications


Application Processes for Identification and Authentication


Integrated Authentication


Creating the Application User


Connecting the Application User to the Database


Getting the User Identity


Database Account Setup


User Database Account(s)


Authentication Blueprint


Performance


Proxy Authentication Alternatives


Application Directed Security


Application User Proxy--Client Identifiers


Leveraging Database Security with Anonymous Connection Pools


Identifying Information



Authorizations and Auditing



Privilegs and Roles


Access Control, Authorizations, and Privileges


Access Control


Enforcing Access Control


Authorizations


Privileges


System Privileges


Object Privileges


Synonyms


System and Object Privileges Together


Privilege Persistence


Roles


Role Hierarchies


Designing for Definer and Invoker Rights


Selective Privilege Enablement


Selective Privilege Use Cases


Password-Protected Roles


Password-Protected Role Example


Password-Protected Roles and Proxy Authentication


Challenges to Securing the Password


Secure Application Roles


Secure Application Role Example


Global Roles and Enterprise Roles


Creating and Assigning Global and Enterprise Roles


Combining Standard and Global/Enterprise Roles


Using Roles Wisely


Too Many Roles


Naming


Dependencies


Example--Putting the Pieces Together


Application Authentication


Verifying the User


Setting the Secure Application Role


Securing the Source



Effective Auditing for Accountability


The Security Cycle


Auditing for Accountability


Auditing Provides the Feedback Loop


Auditing Is Not Overhead


Audit Methods


Application Server Logs


Application Auditing


Application Audit Example


Trigger Auditing


Trigger Audit Example


Autonomous Transactions and Auditing


Data Versioning


Flashback Version Query


Flashback Transaction Query


Standard Database Auditing


Mandatory Auditing


Auditing SYS


Enabling Standard Auditing


Auditing By User, Privilege, and Object


Auditing Best Practices


Determining the Audit Status


Extending the Audit Data with Client Identifiers


Performance Test


Caveats


Fine-Grained Auditing


Audit Conditions


Column Sensitivity


Capturing SQL


Acting on the Audit


Caveats



Fine-Grained Access Control



Application Contexts for Security and Performance


Application Context


Default Userenv Context


Local Context


Creating an Application Context


Setting Context Attributes and Values


Applying the Application Context to Security


Secure Use


Common Mistakes


Global Context


Uses


Examples


External and Initialized Globally



Implementing Fine-Grained Access Controls with Views


Introduction to Fine-Grained Access


Object Access


Fine-Grained Access


Secure Views


Views for Column-Level Security


Views for Row-Level Security


Viewing Problems



Row-Level Security with Virtual Private Database


The Need for Virtual Private Databases


Row-Level Security Quick Start


Quick Start Example


RLS In-Depth


Benefits


Setup


The RLS Layer of Security


RLS Exemption


Debugging RLS Policies


Partitioned Fine-Grained Access Control


Column Sensitive VPD


VPD Performance


Bind Variables


Code Location


Policy Caching


Caching Caution


Comparing VPD Performance to View-Based RLS



Oracle Label Security


Classifying Data


OLS Ancestry


Labels and Mandatory Access Control


Trusted Oracle


Oracle Label Security


How OLS Works


Installing OLS


Implementing Label Security


Label Example


Creating the Policy


Label Components


Levels


Creating Labels


Applying the Policy


Authorizing Access


Testing the Labels


Special OLS Privileges


Compartments


Adding Data to OLS Protected Tables


Groups


Using the Default Session Label


Comparing the Labels


Hiding the Label


Changing the Hidden Status


Writing to OLS Protected Tables


Understanding Write Authorizations


Groups and Compartments Dependency


Tips and Tricks


Restricted Updates to the Labels


Trusted Procedures


Label Functions


Storing the Labels in OID


Using Labels with Connection Pools and Shared Schemas


OLS Consideration Factors


VPD Versus Label Security


Advantages of OLS


Advantages of VPD


VPD and OLS



Database Encryption


Encryption 101


The Basics


Encryption Choices


When to Use Database Encryption


Reasons Not to Encrypt


Reasons to Encrypt


DBMS_CRYPTO


Encryption Routines


DBMS_CRYPTO Simple Example


DATA_CRYPTO Package


Encryption Examples


Encrypting Character, Numbers, and Dates


Encrypting CLOBs and BLOBs


Encryption In-Depth


Keys, Data, and IVs


Storing Encrypted Data


Encrypted Data Sizes


Hashing


DBMS_CRYPTO Hashing


Message Authentication Codes


Performance


Key Management


Key Management Options


The Best Key Management Strategy



Appendixes



Setting Up the Security Manager



DATA_CRYPTO Package



DBMS_CRYPTO Performance Test Results


Index