SlideShare ist ein Scribd-Unternehmen logo

Oracle Security Presentation

Francisco Alvarez
Francisco Alvarez

Some tips and ideas to secure your Oracle Database

Technologie
1 von 79
Downloaden Sie, um offline zu lesen
ORACLE SECURITY Francisco Munoz Alvarez Oracle ACE Director President CLOUG, LAOUC & NZOUG IOUC LA Spokesperson 8/9/10g/11g OCP, RAC OCE, AS OCA, E-Business OCP, SQL/PLSQL OCA, Oracle 7 OCM Oracle 7, 11GR2 & OVM 3.1 Beta Tester ITIL Certified 2010 Oracle Ace Director of the year by Oracle Magazine Blog: http://oraclenz.wordpress.com - Email: mbatec@hotmail.com – Twitter : fcomunoz Oracle Professional Services Manager Revera www.revera.co.nz
ORACLE SECURITY TIPS APAC OTN Tour 2012 By: Francisco Munoz Alvarez
Born here Grow up here Got Married Here DBIS - Copyright 2010 Mature here Now Living here 3
The Rule: “The most important rule with respect to data is to never put yourself into an unrecoverable situation.” The importance of this guideline cannot be stressed enough, but it does not mean that you can never use time saving or performance enhancing options.
Always Try it Before! When it comes to theory, “NEVER” believe anything you hear or read until you have tried it yourself. 5
6
Backup, Backup & Backup Why? Because bad stuff happens… 7
Information Security Has Changed
Hacking Steps
OFFICIAL STATISTICS from Secret Service Germany
SOME SHORT FACTS
HIGH SCORE LIST
2007/2008 SHOPPING LIST
CRISIS SHOPPING LIST 2009
CONCLUSION
Oracle Security Solutions
Oracle Security Solutions
Oracle Security Components
DB ENVIRONMENT
Security Data in Rest/Access Control
WHAT IS ASO?
What Security Problems does ASO solve?
ASO BENEFITS
TDE – Transparent Data Encryption
TDE – Transparent Data Encryption
TDE – Transparent Data Encryption
SECURING DATA IN MOTION
NETWORK ENCRYPTION
SECURING BACKUP
SECURING BACKUP Examples
DATAMASKING
WHAT IS DATAMASKING?
PREVENT MODIFICATIONS BY UNAUTHORIZED USERS
WHAT IS DATA VAULT?
DATA VAULT HELP TO SOLVE:
DATA VAULT Vs VPD and OLS
DATABASE VAULT Realms and Rule
DATA VAULT REPORTS
DATA VAULT EXAMPLES
HIGHLY SECURED ENVIROMENTS AUDIT VALT
AUDIT VAULT EXAMPLES
AUDIT VAULT REPORTS Who, What, When, Where
AUDIT VAULT DASHBOARD
AUDIT VAULT SUMMARY
27 Security Tips
Some Oracle Security Tips 1) Grant privileges only to a user or application which requires the privilege to accomplish necessary work. Excessive granting of unnecessary privileges can compromise security.
Some Oracle Security Tips 2)No administrative functions are to be performed by an application. For example create user, delete user, grant role, grant object privileges, etc.
Some Oracle Security Tips 3) Privileges for schema or database owner objects should be granted via a role and not explicitly. Do not use the “ALL” option when granting object privileges, instead specify the exact privilege needed, such as select, update, insert, delete.
Some Oracle Security Tips 4)Password protected roles may be implemented to allow an application to control access to its data. Thereby, end users may not access the application’s data from outside the application.
Some Oracle Security Tips 5)Access to Administrative or System user accounts should be restricted to authorized DBAs.
Some Oracle Security Tips 6) Do not grant system supplied database roles. These roles may have administrative privileges and the role privileges may change with new releases of the database.
Some Oracle Security Tips 7) Database catalog access should be restricted. Example: Use “USER_VIEWS” instead of “DBA_VIEWS” for an Oracle database.
Some Oracle Security Tips 8) Privileges granted to PUBLIC are accessible to every user and should be granted only when necessary.
Some Oracle Security Tips 9) Any password stored by applications in the database should be encrypted.
Some Oracle Security Tips 10) Applications should not “DROP”, “CREATE” or “ALTER” objects within the application.
Some Oracle Security Tips 11) Utilize the shared database infrastructure to share cost whenever possible.
Some Oracle Security Tips 12) Applications should not access the database with the same security as the owner of the database objects. For example on SQL Server do not grant the “dbowner” role and on Oracle do not use the Schema userid to connect to the database. Setup another userid with the necessary privileges to run the application.
Some Oracle Security Tips 13) Database integrity should be enforced on the database using foreign keys not in the application code. This helps prevent code outside the application from creating orphan records and/or invalid data.
Some Oracle Security Tips 14) Do not hard code username and passwords in the application source code. • Sqlplus /nolog @myscript – Create a password file (.password) fmunoz evelyn scott tiger – Create a shell script getpwd.sh fgrep $1 $HOME/tools/.password | cut –d “ “ –f2 – Use the script and the password file Getpwd.sh fmunoz | sqlplus –s fmunoz @script • RMAN rman target / connect catalog user/pwd@catdb
Some Oracle Security Tips 15) Protect your Listener : – – – – – – – LSNRCTL> Set Current Listener <ip_address> LSNRCTL> Set rawmode on LSNRCTL> Services LSNRCTL> Stop LSNRCTL> Set startup_waittime 20 LSNRCTL> Set logfile redo01a LSNRCTL> Set log_directory ‘/u01/app/oracle/redo’
Some Oracle Security Tips 15) Protect your Listener (Cont.): – Disable online modifications • LSNRCTL> Admin_restrictions _<listener_name>=ON – Set Password (<= 9i) • LSNRCTL> Change_password • LSNRCTL> Save_config – Disable OS Authentication • LOCAL_OS_AUTHENTICATION_<Listener_name>=OFF
Some Oracle Security Tips 16) Ensure external users have the least privilege possible.
Some Oracle Security Tips 17) Have a clear and well documented Backup and Recovery Strategy
Some Oracle Security Tips 18) Implement an strong password policy (user profile) and force all users to change their passwords constantly .
Some Oracle Security Tips 19) All important passwords need to be saved in a safe and replaced when changed.
Some Oracle Security Tips 20) Install only what’s really required.
Some Oracle Security Tips 21) Implement Audit, soon or later you will be ask to tell who changed that. Please, implement a purge strategy.
Some Oracle Security Tips 22) Create promotion procedures (DEV->TEST>PROD), lock your production environment and test environment. Don’t forget to implement and document a change register.
Some Oracle Security Tips 23) Implement an Indirect Login Policy – Each user have their own login account – Allow connections to oracle account (OS) only thru sudo – This will leaves an audit trail of actions #sudo –u oracle sqlplus / as sysdba
Some Oracle Security Tips 24) Prevent SYSDBA connection – Sqlplus / as sysdba • Change SQLNET.ORA SQLNET.AUTHENTICATION_SERVICES=(NONE)
Some Oracle Security Tips 25) Avoid Risk Connections (Ext. Procedures) – Listener.ora • (ADDRESS_LIST = (ADDRESS = (PROTOCOL = IPC) (KEY = EXTPROC)) Remove this lines, or move to a different listener
Some Oracle Security Tips 26) Enable Data Dictionary Protection Oracle Recommends that customers implement data dictionary protection to prevent users who have the “ANY” system privileges to modify or harm the Oracle data dictionary. Set 07_DICTIONARY_ACCESSIBILITY parameter to FALSE.
Some Oracle Security Tips 27) Create your own metadata repository. Use datapump for this $ expdp user/password content=metadata_only full=y directory=datapump dumpfile=metadata_24112010.dmp $ impdp user/password directory=datapump dumpfile= metadata_24112010.dmp sqlfile=metadata_24112010.sql
PROGRAM The Oracle ACE Program is designed to recognize and reward members of the Oracle Technology and Applications communities for their contributions to those communities. These individuals are technically proficient (when applicable) and willingly share their knowledge and experiences. The program comprises two levels: Oracle ACE and Oracle ACE Director. The former designation is Oracle's way of saying "thank you" to community contributors for their efforts; we (and the community) appreciate their enthusiasm. The latter designation is for community enthusiasts who not only share their knowledge (usually in extraordinary ways), but also want to increase their community advocacy and work more proactively with Oracle to find opportunities for the same. In this sense, Oracle ACE is "backward looking" and Oracle ACE Director is "forward looking."
PROGRAM
PROGRAM
PROGRAM
Questions?
Thank you !

Empfohlen

Oracle Database Security
Oracle Database SecurityOracle Database Security
Oracle Database SecurityTroy Kitch
 
Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...Kal BO
 
Oracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12cOracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12cNabeel Yoosuf
 
Oracle Active Data Guard: Best Practices and New Features Deep Dive
Oracle Active Data Guard: Best Practices and New Features Deep Dive Oracle Active Data Guard: Best Practices and New Features Deep Dive
Oracle Active Data Guard: Best Practices and New Features Deep Dive Glen Hawkins
 
Backup & recovery with rman
Backup & recovery with rmanBackup & recovery with rman
Backup & recovery with rmanitsabidhussain
 
Data Guard Architecture & Setup
Data Guard Architecture & SetupData Guard Architecture & Setup
Data Guard Architecture & SetupSatishbabu Gunukula
 
What to Expect From Oracle database 19c
What to Expect From Oracle database 19cWhat to Expect From Oracle database 19c
What to Expect From Oracle database 19cMaria Colgan
 
Oracle Audit vault
Oracle Audit vaultOracle Audit vault
Oracle Audit vaultuzzal basak
 

Empfohlen

Oracle Database Security
Oracle Database SecurityOracle Database Security
Oracle Database SecurityTroy Kitch
 
Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...Best Practices for implementing Database Security Comprehensive Database Secu...
Best Practices for implementing Database Security Comprehensive Database Secu...Kal BO
 
Oracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12cOracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12cNabeel Yoosuf
 
Oracle Active Data Guard: Best Practices and New Features Deep Dive
Oracle Active Data Guard: Best Practices and New Features Deep Dive Oracle Active Data Guard: Best Practices and New Features Deep Dive
Oracle Active Data Guard: Best Practices and New Features Deep Dive Glen Hawkins
 
Backup & recovery with rman
Backup & recovery with rmanBackup & recovery with rman
Backup & recovery with rmanitsabidhussain
 
Data Guard Architecture & Setup
Data Guard Architecture & SetupData Guard Architecture & Setup
Data Guard Architecture & SetupSatishbabu Gunukula
 
What to Expect From Oracle database 19c
What to Expect From Oracle database 19cWhat to Expect From Oracle database 19c
What to Expect From Oracle database 19cMaria Colgan
 
Oracle Audit vault
Oracle Audit vaultOracle Audit vault
Oracle Audit vaultuzzal basak
 
Oracle Enterprise Manager Cloud Control 13c for DBAs
Oracle Enterprise Manager Cloud Control 13c for DBAsOracle Enterprise Manager Cloud Control 13c for DBAs
Oracle Enterprise Manager Cloud Control 13c for DBAsGokhan Atil
 
Ppt dbsec-oow2013-avdf
Ppt dbsec-oow2013-avdfPpt dbsec-oow2013-avdf
Ppt dbsec-oow2013-avdfMelody Liu
 
Oracle GoldenGate
Oracle GoldenGate Oracle GoldenGate
Oracle GoldenGate oracleonthebrain
 
Oracle RAC 19c and Later - Best Practices #OOWLON
Oracle RAC 19c and Later - Best Practices #OOWLONOracle RAC 19c and Later - Best Practices #OOWLON
Oracle RAC 19c and Later - Best Practices #OOWLONMarkus Michalewicz
 
Oracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best Practices
Oracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best PracticesOracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best Practices
Oracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best PracticesMarkus Michalewicz
 
Oracle GoldenGate Roadmap Oracle OpenWorld 2020
Oracle GoldenGate Roadmap Oracle OpenWorld 2020 Oracle GoldenGate Roadmap Oracle OpenWorld 2020
Oracle GoldenGate Roadmap Oracle OpenWorld 2020 Oracle
 
MySQL Security
MySQL SecurityMySQL Security
MySQL SecurityTed Wennmark
 
AV/DF Advanced Security Option
AV/DF Advanced Security OptionAV/DF Advanced Security Option
AV/DF Advanced Security OptionDLT Solutions
 
Introducing Oracle Audit Vault and Database Firewall
Introducing Oracle Audit Vault and Database FirewallIntroducing Oracle Audit Vault and Database Firewall
Introducing Oracle Audit Vault and Database FirewallTroy Kitch
 
Database security
Database securityDatabase security
Database securitySoftware Engineering
 
Oracle RAC 19c: Best Practices and Secret Internals
Oracle RAC 19c: Best Practices and Secret InternalsOracle RAC 19c: Best Practices and Secret Internals
Oracle RAC 19c: Best Practices and Secret InternalsAnil Nair
 
Data guard architecture
Data guard architectureData guard architecture
Data guard architectureVimlendu Kumar
 
Database security
Database securityDatabase security
Database securityMaryamAsghar9
 
Oracle Database Vault
Oracle Database VaultOracle Database Vault
Oracle Database VaultMarco Alamanni
 
What’s New in Oracle Database 19c - Part 1
What’s New in Oracle Database 19c - Part 1What’s New in Oracle Database 19c - Part 1
What’s New in Oracle Database 19c - Part 1Satishbabu Gunukula
 
Database Security
Database SecurityDatabase Security
Database SecurityShingalaKrupa
 
Oracle data guard for beginners
Oracle data guard for beginnersOracle data guard for beginners
Oracle data guard for beginnersPini Dibask
 
Exadata master series_asm_2020
Exadata master series_asm_2020Exadata master series_asm_2020
Exadata master series_asm_2020Anil Nair
 
PostgreSQL Administration for System Administrators
PostgreSQL Administration for System AdministratorsPostgreSQL Administration for System Administrators
PostgreSQL Administration for System AdministratorsCommand Prompt., Inc
 
Dataguard presentation
Dataguard presentationDataguard presentation
Dataguard presentationVimlendu Kumar
 
Databse & Technology 2 _ Francisco Munoz Alvarez _ Oracle Security Tips - Som...
Databse & Technology 2 _ Francisco Munoz Alvarez _ Oracle Security Tips - Som...Databse & Technology 2 _ Francisco Munoz Alvarez _ Oracle Security Tips - Som...
Databse & Technology 2 _ Francisco Munoz Alvarez _ Oracle Security Tips - Som...InSync2011
 
Dr3150012012202 1.getting started
Dr3150012012202 1.getting startedDr3150012012202 1.getting started
Dr3150012012202 1.getting startedNamgu Jeong
 

Weitere ähnliche Inhalte

Was ist angesagt?

Oracle Enterprise Manager Cloud Control 13c for DBAs
Oracle Enterprise Manager Cloud Control 13c for DBAsOracle Enterprise Manager Cloud Control 13c for DBAs
Oracle Enterprise Manager Cloud Control 13c for DBAsGokhan Atil
 
Ppt dbsec-oow2013-avdf
Ppt dbsec-oow2013-avdfPpt dbsec-oow2013-avdf
Ppt dbsec-oow2013-avdfMelody Liu
 
Oracle RAC 19c and Later - Best Practices #OOWLON
Oracle RAC 19c and Later - Best Practices #OOWLONOracle RAC 19c and Later - Best Practices #OOWLON
Oracle RAC 19c and Later - Best Practices #OOWLONMarkus Michalewicz
 
Oracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best Practices
Oracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best PracticesOracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best Practices
Oracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best PracticesMarkus Michalewicz
 
Oracle GoldenGate Roadmap Oracle OpenWorld 2020
Oracle GoldenGate Roadmap Oracle OpenWorld 2020 Oracle GoldenGate Roadmap Oracle OpenWorld 2020
Oracle GoldenGate Roadmap Oracle OpenWorld 2020 Oracle
 
AV/DF Advanced Security Option
AV/DF Advanced Security OptionAV/DF Advanced Security Option
AV/DF Advanced Security OptionDLT Solutions
 
Introducing Oracle Audit Vault and Database Firewall
Introducing Oracle Audit Vault and Database FirewallIntroducing Oracle Audit Vault and Database Firewall
Introducing Oracle Audit Vault and Database FirewallTroy Kitch
 
Oracle RAC 19c: Best Practices and Secret Internals
Oracle RAC 19c: Best Practices and Secret InternalsOracle RAC 19c: Best Practices and Secret Internals
Oracle RAC 19c: Best Practices and Secret InternalsAnil Nair
 
Data guard architecture
Data guard architectureData guard architecture
Data guard architectureVimlendu Kumar
 
What’s New in Oracle Database 19c - Part 1
What’s New in Oracle Database 19c - Part 1What’s New in Oracle Database 19c - Part 1
What’s New in Oracle Database 19c - Part 1Satishbabu Gunukula
 
Oracle data guard for beginners
Oracle data guard for beginnersOracle data guard for beginners
Oracle data guard for beginnersPini Dibask
 
Exadata master series_asm_2020
Exadata master series_asm_2020Exadata master series_asm_2020
Exadata master series_asm_2020Anil Nair
 
PostgreSQL Administration for System Administrators
PostgreSQL Administration for System AdministratorsPostgreSQL Administration for System Administrators
PostgreSQL Administration for System AdministratorsCommand Prompt., Inc
 
Dataguard presentation
Dataguard presentationDataguard presentation
Dataguard presentationVimlendu Kumar
 

Was ist angesagt? (20)

Oracle Enterprise Manager Cloud Control 13c for DBAs
Oracle Enterprise Manager Cloud Control 13c for DBAsOracle Enterprise Manager Cloud Control 13c for DBAs
Oracle Enterprise Manager Cloud Control 13c for DBAs
 
Ppt dbsec-oow2013-avdf
Ppt dbsec-oow2013-avdfPpt dbsec-oow2013-avdf
Ppt dbsec-oow2013-avdf
 
Oracle GoldenGate
Oracle GoldenGate Oracle GoldenGate
Oracle GoldenGate
 
Oracle RAC 19c and Later - Best Practices #OOWLON
Oracle RAC 19c and Later - Best Practices #OOWLONOracle RAC 19c and Later - Best Practices #OOWLON
Oracle RAC 19c and Later - Best Practices #OOWLON
 
Oracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best Practices
Oracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best PracticesOracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best Practices
Oracle Real Application Clusters (RAC) 12c Rel. 2 - Operational Best Practices
 
Oracle GoldenGate Roadmap Oracle OpenWorld 2020
Oracle GoldenGate Roadmap Oracle OpenWorld 2020 Oracle GoldenGate Roadmap Oracle OpenWorld 2020
Oracle GoldenGate Roadmap Oracle OpenWorld 2020
 
MySQL Security
MySQL SecurityMySQL Security
MySQL Security
 
AV/DF Advanced Security Option
AV/DF Advanced Security OptionAV/DF Advanced Security Option
AV/DF Advanced Security Option
 
Introducing Oracle Audit Vault and Database Firewall
Introducing Oracle Audit Vault and Database FirewallIntroducing Oracle Audit Vault and Database Firewall
Introducing Oracle Audit Vault and Database Firewall
 
Database security
Database securityDatabase security
Database security
 
Oracle RAC 19c: Best Practices and Secret Internals
Oracle RAC 19c: Best Practices and Secret InternalsOracle RAC 19c: Best Practices and Secret Internals
Oracle RAC 19c: Best Practices and Secret Internals
 
Data guard architecture
Data guard architectureData guard architecture
Data guard architecture
 
Database security
Database securityDatabase security
Database security
 
Oracle Database Vault
Oracle Database VaultOracle Database Vault
Oracle Database Vault
 
What’s New in Oracle Database 19c - Part 1
What’s New in Oracle Database 19c - Part 1What’s New in Oracle Database 19c - Part 1
What’s New in Oracle Database 19c - Part 1
 
Database Security
Database SecurityDatabase Security
Database Security
 
Oracle data guard for beginners
Oracle data guard for beginnersOracle data guard for beginners
Oracle data guard for beginners
 
Exadata master series_asm_2020
Exadata master series_asm_2020Exadata master series_asm_2020
Exadata master series_asm_2020
 
PostgreSQL Administration for System Administrators
PostgreSQL Administration for System AdministratorsPostgreSQL Administration for System Administrators
PostgreSQL Administration for System Administrators
 
Dataguard presentation
Dataguard presentationDataguard presentation
Dataguard presentation
 

Ähnlich wie Oracle Security Presentation

Databse & Technology 2 _ Francisco Munoz Alvarez _ Oracle Security Tips - Som...
Databse & Technology 2 _ Francisco Munoz Alvarez _ Oracle Security Tips - Som...Databse & Technology 2 _ Francisco Munoz Alvarez _ Oracle Security Tips - Som...
Databse & Technology 2 _ Francisco Munoz Alvarez _ Oracle Security Tips - Som...InSync2011
 
Dr3150012012202 1.getting started
Dr3150012012202 1.getting startedDr3150012012202 1.getting started
Dr3150012012202 1.getting startedNamgu Jeong
 
DOAG Oracle Database Vault
DOAG Oracle Database VaultDOAG Oracle Database Vault
DOAG Oracle Database VaultStefan Oehrli
 
security-checklist-database
security-checklist-databasesecurity-checklist-database
security-checklist-databaseMohsen B
 
Exachk Customer Presentation
Exachk Customer PresentationExachk Customer Presentation
Exachk Customer PresentationSandesh Rao
 
Oracle ORAchk & EXAchk overview
Oracle ORAchk & EXAchk overviewOracle ORAchk & EXAchk overview
Oracle ORAchk & EXAchk overviewGareth Chapman
 
Database security best_practices
Database security best_practicesDatabase security best_practices
Database security best_practicesTarik Essawi
 
Securing data in Oracle Database 12c - 2015
Securing data in Oracle Database 12c - 2015Securing data in Oracle Database 12c - 2015
Securing data in Oracle Database 12c - 2015Connor McDonald
 
MySQL Administration and Monitoring
MySQL Administration and MonitoringMySQL Administration and Monitoring
MySQL Administration and MonitoringMark Leith
 
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)Andrejs Prokopjevs
 
Presentation deploying oracle database 11g securely on oracle solaris
Presentation deploying oracle database 11g securely on oracle solarisPresentation deploying oracle database 11g securely on oracle solaris
Presentation deploying oracle database 11g securely on oracle solarisxKinAnx
 
Getting optimal performance from oracle e-business suite presentation
Getting optimal performance from oracle e-business suite presentationGetting optimal performance from oracle e-business suite presentation
Getting optimal performance from oracle e-business suite presentationBerry Clemens
 
KoprowskiT_SQLSatHolland_SQLServerSecurityInTheCloud
KoprowskiT_SQLSatHolland_SQLServerSecurityInTheCloudKoprowskiT_SQLSatHolland_SQLServerSecurityInTheCloud
KoprowskiT_SQLSatHolland_SQLServerSecurityInTheCloudTobias Koprowski
 
Oracle Solaris 11.1 New Features
Oracle Solaris 11.1 New FeaturesOracle Solaris 11.1 New Features
Oracle Solaris 11.1 New FeaturesOrgad Kimchi
 
20160821 coscup-my sql57docstorelab01
20160821 coscup-my sql57docstorelab0120160821 coscup-my sql57docstorelab01
20160821 coscup-my sql57docstorelab01Ivan Ma
 
Less04 instance
Less04 instanceLess04 instance
Less04 instanceImran Ali
 
Oracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxOracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxSatishbabu Gunukula
 
Monitor Engineered Systems from a Single Pane of Glass: Oracle Enterprise Man...
Monitor Engineered Systems from a Single Pane of Glass: Oracle Enterprise Man...Monitor Engineered Systems from a Single Pane of Glass: Oracle Enterprise Man...
Monitor Engineered Systems from a Single Pane of Glass: Oracle Enterprise Man...Alfredo Krieg
 

Ähnlich wie Oracle Security Presentation (20)

Databse & Technology 2 _ Francisco Munoz Alvarez _ Oracle Security Tips - Som...
Databse & Technology 2 _ Francisco Munoz Alvarez _ Oracle Security Tips - Som...Databse & Technology 2 _ Francisco Munoz Alvarez _ Oracle Security Tips - Som...
Databse & Technology 2 _ Francisco Munoz Alvarez _ Oracle Security Tips - Som...
 
Dr3150012012202 1.getting started
Dr3150012012202 1.getting startedDr3150012012202 1.getting started
Dr3150012012202 1.getting started
 
Vault_KT.pptx
Vault_KT.pptxVault_KT.pptx
Vault_KT.pptx
 
DOAG Oracle Database Vault
DOAG Oracle Database VaultDOAG Oracle Database Vault
DOAG Oracle Database Vault
 
security-checklist-database
security-checklist-databasesecurity-checklist-database
security-checklist-database
 
Database security issues
Database security issuesDatabase security issues
Database security issues
 
Exachk Customer Presentation
Exachk Customer PresentationExachk Customer Presentation
Exachk Customer Presentation
 
Oracle ORAchk & EXAchk overview
Oracle ORAchk & EXAchk overviewOracle ORAchk & EXAchk overview
Oracle ORAchk & EXAchk overview
 
Database security best_practices
Database security best_practicesDatabase security best_practices
Database security best_practices
 
Securing data in Oracle Database 12c - 2015
Securing data in Oracle Database 12c - 2015Securing data in Oracle Database 12c - 2015
Securing data in Oracle Database 12c - 2015
 
MySQL Administration and Monitoring
MySQL Administration and MonitoringMySQL Administration and Monitoring
MySQL Administration and Monitoring
 
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
 
Presentation deploying oracle database 11g securely on oracle solaris
Presentation deploying oracle database 11g securely on oracle solarisPresentation deploying oracle database 11g securely on oracle solaris
Presentation deploying oracle database 11g securely on oracle solaris
 
Getting optimal performance from oracle e-business suite presentation
Getting optimal performance from oracle e-business suite presentationGetting optimal performance from oracle e-business suite presentation
Getting optimal performance from oracle e-business suite presentation
 
KoprowskiT_SQLSatHolland_SQLServerSecurityInTheCloud
KoprowskiT_SQLSatHolland_SQLServerSecurityInTheCloudKoprowskiT_SQLSatHolland_SQLServerSecurityInTheCloud
KoprowskiT_SQLSatHolland_SQLServerSecurityInTheCloud
 
Oracle Solaris 11.1 New Features
Oracle Solaris 11.1 New FeaturesOracle Solaris 11.1 New Features
Oracle Solaris 11.1 New Features
 
20160821 coscup-my sql57docstorelab01
20160821 coscup-my sql57docstorelab0120160821 coscup-my sql57docstorelab01
20160821 coscup-my sql57docstorelab01
 
Less04 instance
Less04 instanceLess04 instance
Less04 instance
 
Oracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxOracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptx
 
Monitor Engineered Systems from a Single Pane of Glass: Oracle Enterprise Man...
Monitor Engineered Systems from a Single Pane of Glass: Oracle Enterprise Man...Monitor Engineered Systems from a Single Pane of Glass: Oracle Enterprise Man...
Monitor Engineered Systems from a Single Pane of Glass: Oracle Enterprise Man...
 

Mehr von Francisco Alvarez

11g New Features and Enhancements for Backup and Recovery
11g New Features and Enhancements for Backup and Recovery11g New Features and Enhancements for Backup and Recovery
11g New Features and Enhancements for Backup and RecoveryFrancisco Alvarez
 
Don't be afraid of auditors - Presentation
Don't be afraid of auditors - PresentationDon't be afraid of auditors - Presentation
Don't be afraid of auditors - PresentationFrancisco Alvarez
 
White Paper - What is new at 11g for Backup and Recovery
White Paper - What is new at 11g for Backup and RecoveryWhite Paper - What is new at 11g for Backup and Recovery
White Paper - What is new at 11g for Backup and RecoveryFrancisco Alvarez
 
White Paper, How to improve your Oracle career
White Paper, How to improve your Oracle careerWhite Paper, How to improve your Oracle career
White Paper, How to improve your Oracle careerFrancisco Alvarez
 
White Paper - Why Use Oracle VM for Oracle Databases
White Paper - Why Use Oracle VM for Oracle DatabasesWhite Paper - Why Use Oracle VM for Oracle Databases
White Paper - Why Use Oracle VM for Oracle DatabasesFrancisco Alvarez
 
Why Use Oracle VM for Oracle Databases? Revera Presentation
Why Use Oracle VM for Oracle Databases? Revera PresentationWhy Use Oracle VM for Oracle Databases? Revera Presentation
Why Use Oracle VM for Oracle Databases? Revera PresentationFrancisco Alvarez
 
Oracle Enterprise Manager 12c - OEM12c Presentation
Oracle Enterprise Manager 12c - OEM12c PresentationOracle Enterprise Manager 12c - OEM12c Presentation
Oracle Enterprise Manager 12c - OEM12c PresentationFrancisco Alvarez
 
Magic With Oracle - Presentation
Magic With Oracle - PresentationMagic With Oracle - Presentation
Magic With Oracle - PresentationFrancisco Alvarez
 
Why everyone speaks about DR but only few use it?
Why everyone speaks about DR but only few use it?Why everyone speaks about DR but only few use it?
Why everyone speaks about DR but only few use it?Francisco Alvarez
 
DBA Tips and Tricks - Presentation
DBA Tips and Tricks - PresentationDBA Tips and Tricks - Presentation
DBA Tips and Tricks - PresentationFrancisco Alvarez
 
What is new on 12c for Backup and Recovery? Presentation
What is new on 12c for Backup and Recovery? PresentationWhat is new on 12c for Backup and Recovery? Presentation
What is new on 12c for Backup and Recovery? PresentationFrancisco Alvarez
 

Mehr von Francisco Alvarez (11)

11g New Features and Enhancements for Backup and Recovery
11g New Features and Enhancements for Backup and Recovery11g New Features and Enhancements for Backup and Recovery
11g New Features and Enhancements for Backup and Recovery
 
Don't be afraid of auditors - Presentation
Don't be afraid of auditors - PresentationDon't be afraid of auditors - Presentation
Don't be afraid of auditors - Presentation
 
White Paper - What is new at 11g for Backup and Recovery
White Paper - What is new at 11g for Backup and RecoveryWhite Paper - What is new at 11g for Backup and Recovery
White Paper - What is new at 11g for Backup and Recovery
 
White Paper, How to improve your Oracle career
White Paper, How to improve your Oracle careerWhite Paper, How to improve your Oracle career
White Paper, How to improve your Oracle career
 
White Paper - Why Use Oracle VM for Oracle Databases
White Paper - Why Use Oracle VM for Oracle DatabasesWhite Paper - Why Use Oracle VM for Oracle Databases
White Paper - Why Use Oracle VM for Oracle Databases
 
Why Use Oracle VM for Oracle Databases? Revera Presentation
Why Use Oracle VM for Oracle Databases? Revera PresentationWhy Use Oracle VM for Oracle Databases? Revera Presentation
Why Use Oracle VM for Oracle Databases? Revera Presentation
 
Oracle Enterprise Manager 12c - OEM12c Presentation
Oracle Enterprise Manager 12c - OEM12c PresentationOracle Enterprise Manager 12c - OEM12c Presentation
Oracle Enterprise Manager 12c - OEM12c Presentation
 
Magic With Oracle - Presentation
Magic With Oracle - PresentationMagic With Oracle - Presentation
Magic With Oracle - Presentation
 
Why everyone speaks about DR but only few use it?
Why everyone speaks about DR but only few use it?Why everyone speaks about DR but only few use it?
Why everyone speaks about DR but only few use it?
 
DBA Tips and Tricks - Presentation
DBA Tips and Tricks - PresentationDBA Tips and Tricks - Presentation
DBA Tips and Tricks - Presentation
 
What is new on 12c for Backup and Recovery? Presentation
What is new on 12c for Backup and Recovery? PresentationWhat is new on 12c for Backup and Recovery? Presentation
What is new on 12c for Backup and Recovery? Presentation
 

Kürzlich hochgeladen

Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMKumar Satyam
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)Samir Dash
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 

Kürzlich hochgeladen (20)

Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 

Oracle Security Presentation

  • 1. ORACLE SECURITY Francisco Munoz Alvarez Oracle ACE Director President CLOUG, LAOUC & NZOUG IOUC LA Spokesperson 8/9/10g/11g OCP, RAC OCE, AS OCA, E-Business OCP, SQL/PLSQL OCA, Oracle 7 OCM Oracle 7, 11GR2 & OVM 3.1 Beta Tester ITIL Certified 2010 Oracle Ace Director of the year by Oracle Magazine Blog: http://oraclenz.wordpress.com - Email: mbatec@hotmail.com – Twitter : fcomunoz Oracle Professional Services Manager Revera www.revera.co.nz
  • 2. ORACLE SECURITY TIPS APAC OTN Tour 2012 By: Francisco Munoz Alvarez
  • 3. Born here Grow up here Got Married Here DBIS - Copyright 2010 Mature here Now Living here 3
  • 4. The Rule: “The most important rule with respect to data is to never put yourself into an unrecoverable situation.” The importance of this guideline cannot be stressed enough, but it does not mean that you can never use time saving or performance enhancing options.
  • 5. Always Try it Before! When it comes to theory, “NEVER” believe anything you hear or read until you have tried it yourself. 5
  • 6. 6
  • 7. Backup, Backup & Backup Why? Because bad stuff happens… 7
  • 20. Security Data in Rest/Access Control
  • 22. What Security Problems does ASO solve?
  • 24. TDE – Transparent Data Encryption
  • 25. TDE – Transparent Data Encryption
  • 26. TDE – Transparent Data Encryption
  • 34. WHAT IS DATA VAULT?
  • 35. DATA VAULT HELP TO SOLVE:
  • 36. DATA VAULT Vs VPD and OLS
  • 42. AUDIT VAULT REPORTS Who, What, When, Where
  • 46. Some Oracle Security Tips 1) Grant privileges only to a user or application which requires the privilege to accomplish necessary work. Excessive granting of unnecessary privileges can compromise security.
  • 47. Some Oracle Security Tips 2)No administrative functions are to be performed by an application. For example create user, delete user, grant role, grant object privileges, etc.
  • 48. Some Oracle Security Tips 3) Privileges for schema or database owner objects should be granted via a role and not explicitly. Do not use the “ALL” option when granting object privileges, instead specify the exact privilege needed, such as select, update, insert, delete.
  • 49. Some Oracle Security Tips 4)Password protected roles may be implemented to allow an application to control access to its data. Thereby, end users may not access the application’s data from outside the application.
  • 50. Some Oracle Security Tips 5)Access to Administrative or System user accounts should be restricted to authorized DBAs.
  • 51. Some Oracle Security Tips 6) Do not grant system supplied database roles. These roles may have administrative privileges and the role privileges may change with new releases of the database.
  • 52. Some Oracle Security Tips 7) Database catalog access should be restricted. Example: Use “USER_VIEWS” instead of “DBA_VIEWS” for an Oracle database.
  • 53. Some Oracle Security Tips 8) Privileges granted to PUBLIC are accessible to every user and should be granted only when necessary.
  • 54. Some Oracle Security Tips 9) Any password stored by applications in the database should be encrypted.
  • 55. Some Oracle Security Tips 10) Applications should not “DROP”, “CREATE” or “ALTER” objects within the application.
  • 56. Some Oracle Security Tips 11) Utilize the shared database infrastructure to share cost whenever possible.
  • 57. Some Oracle Security Tips 12) Applications should not access the database with the same security as the owner of the database objects. For example on SQL Server do not grant the “dbowner” role and on Oracle do not use the Schema userid to connect to the database. Setup another userid with the necessary privileges to run the application.
  • 58. Some Oracle Security Tips 13) Database integrity should be enforced on the database using foreign keys not in the application code. This helps prevent code outside the application from creating orphan records and/or invalid data.
  • 59. Some Oracle Security Tips 14) Do not hard code username and passwords in the application source code. • Sqlplus /nolog @myscript – Create a password file (.password) fmunoz evelyn scott tiger – Create a shell script getpwd.sh fgrep $1 $HOME/tools/.password | cut –d “ “ –f2 – Use the script and the password file Getpwd.sh fmunoz | sqlplus –s fmunoz @script • RMAN rman target / connect catalog user/pwd@catdb
  • 60. Some Oracle Security Tips 15) Protect your Listener : – – – – – – – LSNRCTL> Set Current Listener <ip_address> LSNRCTL> Set rawmode on LSNRCTL> Services LSNRCTL> Stop LSNRCTL> Set startup_waittime 20 LSNRCTL> Set logfile redo01a LSNRCTL> Set log_directory ‘/u01/app/oracle/redo’
  • 61. Some Oracle Security Tips 15) Protect your Listener (Cont.): – Disable online modifications • LSNRCTL> Admin_restrictions _<listener_name>=ON – Set Password (<= 9i) • LSNRCTL> Change_password • LSNRCTL> Save_config – Disable OS Authentication • LOCAL_OS_AUTHENTICATION_<Listener_name>=OFF
  • 62. Some Oracle Security Tips 16) Ensure external users have the least privilege possible.
  • 63. Some Oracle Security Tips 17) Have a clear and well documented Backup and Recovery Strategy
  • 64. Some Oracle Security Tips 18) Implement an strong password policy (user profile) and force all users to change their passwords constantly .
  • 65. Some Oracle Security Tips 19) All important passwords need to be saved in a safe and replaced when changed.
  • 66. Some Oracle Security Tips 20) Install only what’s really required.
  • 67. Some Oracle Security Tips 21) Implement Audit, soon or later you will be ask to tell who changed that. Please, implement a purge strategy.
  • 68. Some Oracle Security Tips 22) Create promotion procedures (DEV->TEST>PROD), lock your production environment and test environment. Don’t forget to implement and document a change register.
  • 69. Some Oracle Security Tips 23) Implement an Indirect Login Policy – Each user have their own login account – Allow connections to oracle account (OS) only thru sudo – This will leaves an audit trail of actions #sudo –u oracle sqlplus / as sysdba
  • 70. Some Oracle Security Tips 24) Prevent SYSDBA connection – Sqlplus / as sysdba • Change SQLNET.ORA SQLNET.AUTHENTICATION_SERVICES=(NONE)
  • 71. Some Oracle Security Tips 25) Avoid Risk Connections (Ext. Procedures) – Listener.ora • (ADDRESS_LIST = (ADDRESS = (PROTOCOL = IPC) (KEY = EXTPROC)) Remove this lines, or move to a different listener
  • 72. Some Oracle Security Tips 26) Enable Data Dictionary Protection Oracle Recommends that customers implement data dictionary protection to prevent users who have the “ANY” system privileges to modify or harm the Oracle data dictionary. Set 07_DICTIONARY_ACCESSIBILITY parameter to FALSE.
  • 73. Some Oracle Security Tips 27) Create your own metadata repository. Use datapump for this $ expdp user/password content=metadata_only full=y directory=datapump dumpfile=metadata_24112010.dmp $ impdp user/password directory=datapump dumpfile= metadata_24112010.dmp sqlfile=metadata_24112010.sql
  • 74. PROGRAM The Oracle ACE Program is designed to recognize and reward members of the Oracle Technology and Applications communities for their contributions to those communities. These individuals are technically proficient (when applicable) and willingly share their knowledge and experiences. The program comprises two levels: Oracle ACE and Oracle ACE Director. The former designation is Oracle's way of saying "thank you" to community contributors for their efforts; we (and the community) appreciate their enthusiasm. The latter designation is for community enthusiasts who not only share their knowledge (usually in extraordinary ways), but also want to increase their community advocacy and work more proactively with Oracle to find opportunities for the same. In this sense, Oracle ACE is "backward looking" and Oracle ACE Director is "forward looking."