咨询热线:    40000-53353(全国)    0571-28976118(浙江)    
 

Oracle Database 10g:Security 预约试听

 

课程长度:4天/24小时
课程描述:
This Oracle Database 10g: Security Release 2 training teaches you how to use Oracle Database features to meet the security and compliance requirements of your organization. The current regulatory environment of the Sarbanes-Oxley Act, HIPPA, the UK Data Protection Act and others require better security at the database level.
Learn To:
    • Explain the fundamental security requirements.
    • Secure your database.
    • Use the database features that enhance security.
    • Use Wallet manager.
    • Protect sensitive data.
    • Install Label Security.
    • Describe group policies.
    • Use suggested architectures for common problems


课程目标:
    • Use basic database security features
    • Choose a user authentication model
    • Secure the database and its listener
    • Use the Enterprise Security Manager tool
    • Manage users using proxy authentication
    • Implement Enterprise User Security
    • Describe the benefits and requirements associated with the Advanced Security Option
    • Manage secure application roles
    • Implement fine-grain access control
    • Manage the Virtual Private Database (VPD)
    • Implement fine-grain auditing
    • Use Transparent Data Encryption
    • Use file encryption
    • Encrypting and Decrypt table columns
    • Setup a simple Label Security policy


课程内容:
Security Requirements
    
• Security requirements
    • Basic Requirements
    • Components for enforcing security
    • Define Least Privilege
    • Enforce Security Policies
    • Security in Depth(OS/database/network) Hardening each level


Security Solutions
    • Preventing Exploits (Industry standard practices)
    • Data Protection California Breach Law
    • Data Access Control HIPPA, UK Data Protection
    • Middle-Tier Authentication/Authorization
    • Consistent checklist
    • Network Wide Authentication


Internal Database Security
    • Installation and patching
    • Privileged accounts
    • Manage user accounts and privileges


Database Auditing
    • Auditing Users that have Access
    • Managing the Audit Trail
    • Privileged user auditing (10g NF for 8i DBAs)
    • DML and DDL auditing with triggers (Wayne Reeser brown bag) Include autonomous transaction
    • Auditing with SYSLOG
    • Audit Vault


Fine-Grained Auditing
    
• Concepts
    • Implementation
    • Data dictionary views
    • XML Format FGA logs


Basic User Authentication
    
• Basic authentication
    • Protecting Passwords
    • Restricting Remote Database Authentication
    • Database Links


Strong Authentication
    • Example of Strong Authentication
    • Oracle provided tools
    • Enable Strong Authentication
    • Authentication adapters to Kerberos, Radius, et al
    • Secure External Password Store
    • External Security Module


Enterprise User Security
    • Enterprise User Security (EUS)requirements
    • EUS architecture
    • EUS vs. version of database
    • Authenticating enterpriser users
    • Setup Enterprise User Security
    • Authorizing Enterprise users
    • Create Enterprise roles
    • Creating Enterpriser users using Migration Utility


Proxy Authentication
    • Security Challenges of Three-tier Computing
    • Oracle 10g Proxy Authentication Solutions
    • Proxy Authentication
    • Data Dictionary Views
    • Auditing Actions Taken on Behalf of the Real User
    • Auditing the Real User


Authorization Methods
    
• Discretionary access control
    • Securing Objects
    • Secure Application Roles
    • Data Dictionary Views: APPLICATION_ROLES


Using Application Context
    
• Tools: PL/SQL Packages
    • Implementing a Local Context
    • Accessing the Application Context Globally
    • Guidelines
    • Data Dictionary views: *_CONTEXT


Fine-Grained Access Control
    • How Fine-Grained Access Control Works
    • EXEMPT ACCESS POLICY
    • Partitioned Fine Grained Access Control
    • Static vs. Dynamic Policies for Performance
    • FGAC: Creating a Virtual Private Database Policy: Tools
    • Implementation
    • Data Dictionary Views: *_POLICIES

 

Installing Label Security
    
• Label Security: Overview
    • Access Control
    • VPD vs. Label Security
    • How Sensitivity Labels Are Used
    • Access Mediation
    • Installing Label Security
    • Configuring Label Security
    • Installing Policy Manager


Implementing Label Security
    • Implement Label Security
    • Analyze the Needs
    • Create policies
    • Create compartments
    • Setting user authorizations
    • Administering labels with Policy Manager
    • Add Labels to Data
    • Policy Special Privileges


Encrypting Data: Concepts
    • Principles of Data Encryption
    • Data Encryption Challenges
    • Solutions


Use Application Based Encryption
    
• DBMS_CRYPTO Package (New)
    • Encrypt
    • Decrypt
    • Using MD5, SHA
    • Guidelines


Use Transparent Data Encryption
    • Transparent Data Encryption
    • Benefits of TDE
    • Using the External security Module
    • Using TDE
    • Export and Import with TDE
    • TDE Restrictions


Use File Encryption
    • RMAN Encrypted Backups
    • Encrypted Export Files
    • Oracle Secure Backup


Oracle Net Services Security Checklist
    
• Overview of Net Services
    • Overview of firewalls
    • Network Security Checklist
    • Authenticate the Client


Securing the Listener
    • Restrict Network IP addresses
    • Limit Resource Usage by Unauthorized Connections
    • Restrict the Privileges of the Listener
    • Prevent unauthorized administration of the Oracle Listener
    • Prevent on-line administration
    • Secure External Procedures
    • Set listener log and trace file
    • Restrict CREATE LIBRARY privileges


Using Connection Manager as a Firewall
    • Oracle Connection Manager Overview
    • Oracle Connection Manager Architecture and processes
    • Starting and stopping Connection Manager
    • Access Control with Connection Manager
    • Monitor Connection Events Using the CMAN Log File
    • Prevent remote administration of the Oracle Connection Manager


Securing SQL*Plus and iSQL*Plus
    • SQL*Plus
    • iSQL*plus