You are previewing Oracle Database 12c Security Cookbook.
O'Reilly logo
Oracle Database 12c Security Cookbook

Book Description

Secure your Oracle Database 12c with this valuable Oracle support resource, featuring more than 100 solutions to the challenges of protecting your data

About This Book

  • Explore and learn the new security features introduced in Oracle Database 12c, to successfully secure your sensitive data

  • Learn how to identify which security strategy is right for your needs – and how to apply it

  • Each 'recipe' provides you with a single step-by-step solution, making this book a vital resource, delivering Oracle support in one accessible place

  • Who This Book Is For

    This book is for DBAs, developers, and architects who are keen to know more about security in Oracle Database 12c. This book is best suited for beginners and intermediate-level database security practitioners. Basic knowledge of Oracle Database is expected, but no prior experience of securing a database is required.

    What You Will Learn

  • Analyze application privileges and reduce the attack surface

  • Reduce the risk of data exposure by using Oracle Data Redaction and Virtual Private Database

  • Control data access and integrity in your organization using the appropriate database feature or option

  • Learn how to protect your databases against application bypasses

  • Audit user activity using the new auditing architecture

  • Restrict highly privileged users from accessing data

  • Encrypt data in Oracle Database

  • Work in a real-world environment where a multi-layer security strategy is applied

  • In Detail

    Businesses around the world are paying much greater attention toward database security than they ever have before. Not only does the current regulatory environment require tight security, particularly when dealing with sensitive and personal data, data is also arguably a company’s most valuable asset - why wouldn’t you want to protect it in a secure and reliable database? Oracle Database lets you do exactly that. It’s why it is one of the world’s leading databases – with a rich portfolio of features to protect data from contemporary vulnerabilities, it’s the go-to database for many organizations.

    Oracle Database 12c Security Cookbook helps DBAs, developers, and architects to better understand database security challenges. Let it guide you through the process of implementing appropriate security mechanisms, helping you to ensure you are taking proactive steps to keep your data safe. Featuring solutions for common security problems in the new Oracle Database 12c, with this book you can be confident about securing your database from a range of different threats and problems.

    Style and approach

    Each chapter explains the different aspects of security through a series of recipes. Each recipe presents instructions in a step-by-step manner, supported by explanations of the topic.

    Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the code file.

    Table of Contents

    1. Oracle Database 12c Security Cookbook
      1. Oracle Database 12c Security Cookbook
      2. Credits
      3. About the Authors
      4. About the Reviewers
      5. www.PacktPub.com
        1. eBooks, discount offers, and more
          1. Why subscribe?
          2. Instant updates on new Packt books
      6. Preface
        1. What this book covers
        2. What you need for this book
        3. Who this book is for
        4. Sections
          1. Getting ready
          2. How to do it…
          3. How it works…
          4. There's more…
          5. See also
        5. Conventions
        6. Reader feedback
        7. Customer support
          1.  Downloading the example code 
          2. Errata
          3. Piracy
          4. Questions
      7. 1. Basic Database Security
        1. Introduction
        2. Creating a password profile
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
          5. See also
        3. Creating password-authenticated users
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
            1. How to create a user using EM Express
          5. See also
        4. Changing a user's password
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
          5. See also
        5. Creating a user with the same credentials on another database
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
          5. See also
        6. Locking a user account
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. See also
        7. Expiring a user's password
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. See also
        8. Creating and using OS-authenticated users
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        9. Creating and using proxy users
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        10. Creating and using database roles
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
          5. See also
        11. The sysbackup privilege – how, when, and why should you use it?
          1. Getting ready
          2. How to do it...
            1. Database authentication
            2. OS authentication
          3. How it works...
          4. There's more...
          5. See also
        12. The syskm privilege – how, when, and why should you use it?
          1. Getting ready
          2. How to do it...
            1. Database authentication
            2. OS authentication
          3. How it works...
          4. There's more...
          5. See also
        13. The sysdg privilege – how, when, and why should you use it?
          1. Getting ready
          2. How to do it...
            1. Database authentication
            2. OS authentication
          3. How it works...
          4. There's more...
          5. See also
      8. 2. Security Considerations in Multitenant Environment
        1. Introduction
        2. Creating a common user
          1. Getting ready
          2. How to do it...
          3. How it works...
            1. Rules/guidelines for creating and managing common users
          4. There's more...
            1. How to create a common user using OEM 12c
        3. Creating a local user
          1. Getting ready
          2. How to do it...
          3. How it works...
            1. Rules/guidelines for creating and managing local users
          4. There's more...
            1. How to create a local user using OEM 12c
        4. Creating a common role
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
            1. How to create a common role using OEM 12c
        5. Creating a local role
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
            1. How to create a local role using OEM 12c
        6. Granting privileges and roles commonly
          1. Getting ready
          2. How to do it...
          3. How it works...
        7. Granting privileges and roles locally
          1. Getting ready
          2. How to do it...
          3. How it works...
        8. Effects of plugging/unplugging operations on users, roles, and privileges
          1. Getting ready
          2. How to do it...
          3. How it works...
      9. 3. PL/SQL Security
        1. Introduction
        2. Creating and using definer's rights procedures
          1. Getting ready
          2. How to do it...
          3. How it works...
        3. Creating and using invoker's right procedures
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        4. Using code-based access control
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        5. Restricting access to program units by using accessible by
          1. Getting ready
          2. How to do it...
          3. How it works...
      10. 4. Virtual Private Database
        1. Introduction
        2. Creating different policy functions
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
          5. See also
        3. Creating Oracle Virtual Private Database row-level policies
          1. Getting ready
          2. How to do it...
          3. There's more...
          4. See also
        4. Creating column-level policies
          1. Getting ready
          2. How to do it...
          3. How it works...
        5. Creating a driving context
          1. Getting ready
          2. How to do it...
        6. Creating policy groups
          1. Getting ready
          2. How to do it...
        7. Setting context as a driving context
          1. Getting ready
          2. How to do it...
        8. Adding policy to a group
          1. Getting ready
          2. How to do it...
        9. Exempting users from VPD policies
          1. Getting ready
          2. How to do it...
      11. 5. Data Redaction
        1. Introduction
        2. Creating a redaction policy when using full redaction
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
            1. How to change the default value
          5. See also
        3. Creating a redaction policy when using partial redaction
          1. How to do it...
          2. How it works...
          3. There's more...
        4. Creating a redaction policy when using random redaction
          1. Getting ready
          2. How to do it...
          3. How it works...
        5. Creating a redaction policy when using regular expression redaction
          1. Getting ready
          2. How to do it...
          3. How it works...
        6. Using Oracle Enterprise Manager Cloud Control 12c to manage redaction policies
          1. Getting ready
          2. How to do it...
        7. Changing the function parameters for a specified column
          1. Getting ready
          2. How to do it...
        8. Add a column to the redaction policy
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. See also
        9. Enabling, disabling, and dropping redaction policy
          1. Getting ready
          2. How to do it...
          3. See also
        10. Exempting users from data redaction policies
          1. Getting ready
          2. How to do it...
          3. How it works...
      12. 6. Transparent Sensitive Data Protection
        1. Introduction
        2. Creating a sensitive type
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        3. Determining sensitive columns
          1. Getting ready
          2. How to do it...
          3. How it works...
        4. Creating transparent sensitive data protection policy
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. See also
        5. Associating transparent sensitive data protection policy with sensitive type
          1. Getting ready
          2. How to do it...
          3. There's more...
          4. See also
        6. Enabling, disabling, and dropping policy
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        7. Altering transparent sensitive data protection policy
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. See also
      13. 7. Privilege Analysis
        1. Introduction
        2. Creating database analysis policy
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
          5. See also
        3. Creating role analysis policy
          1. Getting ready
          2. How to do it...
          3. There's more...
          4. See also
        4. Creating context analysis policy
          1. Getting ready
          2. How to do it...
          3. There's more...
          4. See also
        5. Creating combined analysis policy
          1. Getting ready
          2. How to do it...
          3. There's more...
          4. See also
        6. Starting and stopping privilege analysis
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        7. Reporting on used system privileges
          1. Getting ready
          2. How to do it...
          3. There's more...
        8. Reporting on used object privileges
          1. Getting ready
          2. How to do it...
          3. There's more...
        9. Reporting on unused system privileges
          1. Getting ready
          2. How to do it...
          3. There's more...
        10. Reporting on unused object privileges
          1. Getting ready
          2. How to do it...
          3. There's more...
        11. How to revoke unused privileges
          1. How to do it...
          2. There's more...
        12. Dropping the analysis
          1. Getting ready
          2. How to do it...
          3. There's more...
      14. 8. Transparent Data Encryption
        1. Introduction
        2. Configuring keystore location in sqlnet.ora
          1. How to do it...
        3. Creating and opening the keystore
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        4. Setting master encryption key in software keystore
          1. Getting ready
          2. How to do it...
          3. There's more...
          4. See also
        5. Column encryption - adding new encrypted column to table
          1. Getting ready
          2. How to do it...
        6. Column encryption - creating new table that has encrypted column(s)
          1. Getting ready
          2. How to do it...
        7. Using salt and MAC
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        8. Column encryption - encrypting existing column
          1. Getting ready
          2. How to do it...
          3. There's more...
        9. Auto-login keystore
          1. Getting ready
          2. How to do it...
          3. How it works...
        10. Encrypting tablespace
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        11. Rekeying
          1. Getting ready
          2. How to do it...
          3. How it works...
        12. Backup and Recovery
          1. How to do it...
          2. There's more...
      15. 9. Database Vault
        1. Introduction
        2. Registering Database Vault
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
          5. See also
        3. Preventing users from exercising system privileges on schema objects
          1. Getting ready
          2. How to do it...
          3. There's more...
          4. See also
        4. Securing roles
          1. Getting ready
          2. How to do it...
          3. There's more...
          4. See also
        5. Preventing users from executing specific command on specific object
          1. How to do it...
          2. How it works...
        6. Creating a rule set
          1. Getting ready
          2. How to do it...
          3. There's more...
        7. Creating a secure application role
          1. How to do it...
          2. There's more...
          3. See also
        8. Using Database Vault to implement that administrators cannot view data
          1. How to do it...
          2. There's more...
        9. Running Oracle Database Vault reports
          1. How to do it...
        10. Disabling Database Vault
          1. How to do it...
        11. Re-enabling Database Vault
          1. How to do it...
      16. 10. Unified Auditing
        1. Introduction
        2. Enabling Unified Auditing mode
          1. Getting ready
          2. How to do it...
          3. How it works...
            1. Predefined unified audit policies
          4. There's more...
          5. See also
        3. Configuring whether loss of audit data is acceptable
          1. Getting ready
          2. How to do it...
          3. How it works...
        4. Which roles do you need to have to be able to create audit policies and to view audit data?
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        5. Auditing RMAN operations
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. See also
        6. Auditing Data Pump operations
          1. Getting ready
          2. How to do it...
          3. See also
        7. Auditing Database Vault operations
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
          5. See also
        8. Creating audit policies to audit privileges, actions and roles under specified conditions
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. See also
        9. Enabling audit policy
          1. Getting ready
          2. How to do it...
          3. How it works...
        10. Finding information about audit policies and audited data
          1. Getting ready
          2. How to do it...
        11. Auditing application contexts
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
          5. See also
        12. Purging audit trail
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        13. Disabling and dropping audit policies
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. See also
      17. 11. Additional Topics
        1. Introduction
        2. Exporting data using Oracle Data Pump in Oracle Database Vault environment
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
          5. See also
        3. Creating factors in Oracle Database Vault
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
          5. See also
        4. Using TDE in a multitenant environment
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. See also
      18. 12. Appendix – Application Contexts
        1. Introduction
        2. Exploring and using built-in contexts
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
          5. See also
        3. Creating an application context
          1. Getting ready
          2. How to do it...
          3. How it works...
        4. Setting application context attributes
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
          5. See also
        5. Using an application context
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. See also