Using basic database security features. Choosing a user authentication model. Securing the database and its listener. Managing users using proxy authentication with an application context. Managing secure application roles. Implementing fine-grain
access control. Managing the Virtual Private Database (VPD). Implementing fine-grain auditing. Implementing a simple CMAN Firewall. Encrypting and Decrypt table columns. Setting up a Label Security policy
Introduction
Describe the fundamental security requirements
Describe the principle of least privilege
Develop checklists
Basic Database Security
Apply the principle of least privilege to the database
Maintain current software (Critical Patch Update)
Lock and expire default user accounts
Change default user passwords
Create Strong Passwords
Enforce password management
Protect the data dictionary
Revoke unnecessary privileges from PUBLIC
Database Auditing
Implement basic database auditing
Implement the Privileged User Auditing
Implement Fine-Grained Auditing (FGA)
Maintain FGA policies
Implement an FGA audit event handler
Read FGA audit events from the FGA audit trail
Oracle Net Services Security Checklists
Describe the items on the security checklist
Limit the privileges of the listener
Secure External Procedures
Restrict access by IP address
Mitigate the effects of a
DoS attack
Audit network connections using logs
Describe the issues with client authentication
Describe the role of ASO in Network Security
Using Connection Manager as a Firewall
Configure Connection Manger to accept and reject connection requests
Configure Connection Manager to log connection events
Read connection events from the Connection Manger log
Application Context
Describe the types of application contexts
Describe how application context is used with proxy users and FGAC
Implement a local context
Fine-Grained Access Control
Describe how FGAC and VPD work
Implement FGAC or VPD
Group policies
Label Security
Describe Label Security
Install Label Security
Implement a simple Label Security Policy
Enterprise Identity Management
Describe the Infrastructure required for EIM
Create an Enterprise User
Integrate the Enterprise User with Database Security
Audit the Enterprise User
Middle-tier authentication
Describe how proxy authentication works
Manage users being authenticated using proxy authentication
Describe how secure application roles work
Manage roles and users using secure application roles
Encrypting Table Data
Describe the encryption options available with
Oracle Database 10g Generate random encryption keys
Encrypt and decrypt table columns
Securing SQL*Plus and iSQL*Plus
Describe how the PRODUCT_USER_PROFILE (PUP) table is used in SQL*Plus
Use the PUP table to disable commands or roles in SQL*Plus using PUP
Describe how users
access iSQL*Plus
Disable and enable iSQL*Plus
Enable DBA access to iSQL*Plus
Enable iSQL*Plus authentication for users
Restrict the database instances accessible through iSQL*Plus
