Oracle Database 2 Day + Security Guide has updates that affect Transparent Data Encryption, Oracle Database Vault, Oracle Data Redaction, Oracle Label Security, and auditing.
The following are changes in Oracle Database 2 Day + Security Guide for Oracle Database 12c Release 1 (12.1):
Several new features are covered in this guide.
Topics:
Oracle Database 12c Release 1 (12.1) introduces a unified key management infrastructure for Transparent Data Encryption (TDE) and other database components.
This eases key administration tasks, provides for better compliance and tracking, and also leads to better separation of duty between the database administrator and security administrator. For better security and separation of duty, users who are responsible for configuring TDE must have the SYSKM system privilege.
See Encrypting Data with Oracle Transparent Data Encryption.
In this release, Oracle Database Vault provides two new enhancements that affect this guide.
Easier and quicker way to enable Database Vault.
Full inclusion of Database Vault functionality in the Enterprise Manager Cloud Control pages. This feature replaces the Database Vault Administrator utility that was used in previous releases.
Oracle Data Redaction disguises (redacts) data from low-privileged users or applications.
For example, you can redact the credit card number 5105 1051 0510 5100 to appear as 5105 **** **** ****. The redaction occurs in real time, when the user accesses the data and it preserves the back-end referential integrity and constraints for the data. In addition to a partial redaction (as shown with the credit card example here), you can replace the entire data set with a fixed value or with randomized values. You also can easily apply Oracle Data Redaction policies throughout the databases in your enterprise.
See Limiting Access to Sensitive Data Using Oracle Data Redaction.
This release provides a number of auditing enhancements, four of which affect this guide.
Unified audit trail, which encompasses audit events from the default database installation, Oracle Database Vault, Oracle Label Security, Oracle Database Real Application Security, Oracle Recovery Manager, Oracle Data Pump, and Oracle SQL*Loader Direct Load Path. These events are available in a uniform format in a set of data dictionary views.
Faster audit performance
Ability to create named unified audit policies. The audit configuration is simplified by grouping a set of actions to be audited on specific conditions as named policies that you can enable and disable as needed. These policies define set of events to be captured.
New roles, AUDIT_ADMIN and AUDIT_VIEWER, for better security and separation of duty. (This guide only discusses the AUDIT_ADMIN role.)
Database Vault Administrator (DVA) has been deprecated. Its functionality is now part of the of Oracle Enterprise Manager Cloud Control interface.
Oracle Enterprise Manager Database Control is no longer supported by Oracle. See Oracle Database Upgrade Guide for a complete list of desupported features in this release.
Other changes for this release include Oracle Enterprise Manager Cloud Control (Cloud Control).
Topics:
In previous releases of Oracle Database, you used Oracle Enterprise Manager Database Control (Database Control) to administer database security from a graphical user interface.
In this release, you can use the Cloud Control graphical user interface. Cloud Control provides more functionality than Database Control.
You must install Cloud Control separately from Oracle Database.
Oracle Enterprise Manager Cloud Control Basic Installation Guide for information about installing Cloud Control