Securing Java In Oracle
In the absence of a patch from Oracle this paper provides information on how to fix the Java related vulnerabilities in both 10g and 11g which were detailed in David’s Blackhat presentation on February 2nd 2010.
|
|
A Simple Oracle Host-Based Scanner
As with any large software package, the default installation of Oracle does not provide for the most secure system out of the box. Indeed, some aspects of the default installation are remarkably insecure. There is a high dependency on the database administrator (dba) to ensure that the system is correctly configured, thereby avoiding some of these issues.
|
|
Introduction to Simple Oracle Auditing
This article will introduce the reader to the basics of auditing an Oracle database. Oracle's RDBMS is a functionally rich product and there are a number of auditing alternatives available to the reader. Because auditing Oracle is such a huge subject, doing all of it justice would take an entire book, so this paper will cover the basics of why, when and how to conduct an audit. It will also use a couple of good example cases to illustrate how useful Oracle audit can be to an organization.
|
|
Oracle Row Level Security: Part 1
In this short paper I want to explore the rather interesting row level security feature added to Oracle 8i and above, starting with version 8.1.5. This functionality has been described as fine grained access control or row level security or virtual private databases but they all essentially mean the same thing. We will come back to this shortly but before we do that lets get to what this paper is about. This paper is meant as an overview
|
|
Oracle Row Level Security: Part 2
In part one of this short article series we looked at some of the advantages of Oracle's row level security, what it can be used for, and looked at a simple example of how it works. We'll conclude this series by testing the policies that have been setup, demonstrate a few of the data dictionary views that allow for management and monitoring, cover some other issues and features, and then see if the data can be viewed by hackers or malicious users through the use of trace files.
|
|
An Overview of Oracle Database Security Features
The intent of this paper is to give a new user of Oracle database software, or anyone cons idering the use of Oracle or an Oracle application, a basic understanding of the security capabilities of Oracle database software. It is beyond the scope of this paper to cover all of the countless security features and options available in Oracle. This paper covers Oracle 8i release 3, unless otherwise noted. Although the newest vers ion, Oracle 9i is expected to be available during the Spring of 2001, Oracle 8i is currently the most widely used. Oracle database software has many sophisticated security features which make it an excellent database system for practically any application. Data confidentiality, integrity, and availability can all be well protected with a properly designed Oracle database.
|
|
Database Administration with Protected Enterprise Data
This document tries to address the issue of "enabling DBAs to carry out their tasks without being exposed to enterprise data, especially in remote-administration environments". Many organizations may not want to disclose their enterprise data to the technicians though they expect their database to be managed seamlessly. This issue is of particular importance in today's growing trend of out-sourced administration of databases. This is also a matter of concern for an organization that is compelled to keep the database open to "greenhorn" DBAs till they prove their commitment to the organization's ethical standards and security. The purpose of this document is to have an essential discussion over devising a proper security policy for each of the possible tasks that can be carried out while being in full accordance and conformance with enterprise's security concerns.
|
|
Oracle Database Listener Security Guide
A guide to properly securing the Oracle Database Listener. Integrigy Consulting has found the Database Listener to be one of the most frequently overlooked security risks at customers. An overview of the Database Listener, its unique security risks, and step-by-step recommendations for securing it are provided.
|
|
An Oracle 10g Upgrade Case Study: Looking at System Performance Before and After the Upgrade
This paper is intended to share our company's experience upgrading from Oracle 8i to Oracle 10g. On one hand, many of our DBA colleagues would like to upgrade their databases to the latest Oracle release so that they can put the newest features to work. But on the other hand, most of those same conservative DBAs would hesitate to take a system that is running perfectly well and put it at risk by moving to the bleeding edge of Oracle's latest offering.
|
|
Graceful Failover and Failback Procedures in Non-Data Guard Environments
This paper describes the procedures to perform "graceful" failovers and failbacks of hot standby databases in Oracle environments that are not using Data Guard. A "graceful" failover is one that does not require databases to be opened with the RESETLOGS option and as a result, graceful failbacks do not require the primary database to be rebuilt. (That is, they do not require the standby database's datafiles to be copied to the primary server.) Graceful failovers and failbacks are also known as "switchovers" and "switchbacks".
|
|
Wait Event Enhancements in Oracle 10g
The wait event interface has continued to be an invaluable tool for DBAs as it offers both breadth and depth in the information it provides to aid in troubleshooting and boosting system performance. Throughout this paper we will assume the reader is familiar with wait event concepts and the wait event interface in Oracle. In particular, this paper is designed for DBAs who have experience using the wait event facility in Oracle 9i or earlier and want to learn what enhancements have been made in Oracle 10g.
|
|
Installing and Configuring Oracle Database 10g on the Solaris Platform
This paper will walk you through the steps of installing Oracle Database 10g release 1 (Oracle version 10.1.0) in a Sun Solaris SPARC environment. About 90% of the material presented here applies to other platforms as well. Everything you read in this paper is hands on, roll-up-your-sleeves-and-get-busy material for Oracle users who want to get an Oracle database up and running quickly without reading hundreds of pages of documentation and "readme" files.
|
|
Protecting Oracle Databases
Of course, if you are going to open up your database to the world, it's imperative that you properly secure it from the threats and vulnerabilities of the outside world. Securing your database involves not only establishing strong password policy, but also adequate access controls. In this paper, we will cover various ways databases are attacked and how to prevent them from being "hacked".
|
|
Oracle Database 10g: Top Features for DBAs Part 1
Oracle ACE Arup Nanda presents his list of the top new Oracle Database 10g Release 2 features for database administrators. Transparent Data Encryption and XQuery support are the two major new SQL-related features in Oracle Database 10g Release 2, but the list doesn't end there.
|
|