Oracle Security: The Big Picture
:
This book will help the DBA to assess their current level of risk as well as their existing security posture. It will then provide practical, applicable knowledge to appropriately secure the Oracle database.
Eight Ways to Hack Oracle - Part 2
:
Part II of this series covers four vulnerable areas, the Oracle Listener, privilege escalation to get more access from a less privileged login we already have, executing operating system commands, which can be very powerful, and under appreciated, and lastly filesystem security.
Eight Ways to Hack Oracle
:
As with any computing system, there are ways to hack it, and Oracle
is no exception. This series discusses some of the ways
that you can get at data you're not supposed to, and how to defend
against those attacks.
Serving up Server Alerts: There are
several ways, some free and some hand-crafted, to expose alerts and messages.
Steve Callan explores some of the database options available.
Oracle 10gR2
Security, Part 3: Transparent Data Encryption : This article – the
third in this series – reviews how Oracle 10gR2 protects against an intruder’s
efforts to view the data stored within a database’s physical files by
implementing the impressive features of Transparent Data Encryption (TDE).
Oracle 10g
Security, Part 2: Virtual Private Database : Part 2 of this series
discusses how 10gR2's new row-level security features improve upon those in
prior releases and demonstrates how to implement VPD in any Oracle 10gR2
database.
Oracle 10g
Security, Part 1: Fine-Grained Auditing : This article – the first in
an ongoing series on Oracle 10g Security – demonstrates how to implement FGA in
Oracle 10g and illustrates how to take advantage of the newest Oracle 10g
Release 2 (10gR2) FGA features.
Oracle
10g: A Simple Security Approach - Part II : Part 2 of this series
describes setting up column level / row level security of data through custom
built views, and a critical review on the creation and maintenance of
procedures for truncating tables in third party schemas.
Oracle
10g: A Simple Security Approach - Part 1 : 'A Simple Security Approach'
examines methods for simplifying the setup and administration of database
security in an ever changing/volatile environment.
Database
Security and Patches – Part 5 : How do you validate and verify the fixes
made in Oracle's critical patch updates? Sometimes you need to test on your
own, but the test results may not be accurate because Oracle does not release
all of the details about a bug or security flaw. What are the types of security
holes present in Oracle, and where can you learn more about testing your own
system?
Database
Security and Oracle Patches – Part 4 : In part 3 of this series, a
patch for an Oracle 10.2.0.1 database was obtained from MetaLink and cached in
a cache repository. In Part 4, the Oracle's OPatch utility will be used to
actually apply the cached patch.
Database
Security and Patches – Part 1: Part 1 of this series provides a review
of database security and looks at a well-known security hole in Oracle 9.2.0.1.
If you have an interesting
column / article / short note etc., that you would
like to share with the rest of the DBA world, please
send it to webmaster@dbasupport.com.
