1/14

Contents

Title and Copyright Information

Preface

• Audience
• Documentation Accessibility
• Related Documents
• Conventions

Changes in This Release for Oracle Database 2 Day + Security Guide

• Changes in Oracle Database 12c Release 1 (12.1)
  • New Features
  • Deprecated Feature
  • Desupported Features
  • Other Changes

1 Introduction to Oracle Database Security

• About This Guide
  • Before Using This Guide
  • What This Guide Is and Is Not
• Common Database Security Tasks
• Tools for Securing Your Database
• Securing Your Database: A Roadmap

2 Securing the Database Installation and Configuration

• About Securing the Database Installation and Configuration
• Securing Access to the Oracle Database Installation
  • Default Security Settings
  • Security for the Oracle Data Dictionary
  • Initialization Parameters Used for Installation and Configuration Security
  • Modifying the Value of an Initialization Parameter
• Security for the Network
  • About Securing the Network
  • Protecting Data on the Network by Using Network Encryption
  • Initialization Parameters Used for Network Security
• Securing User Accounts
  • About Securing Oracle Database User Accounts
  • Predefined User Accounts Provided by Oracle Database
  • Expiring and Locking Database Accounts
  • Requirements for Creating Passwords
  • Finding and Changing Default Passwords
  • Parameters Used to Secure User Accounts

3 Managing User Privileges

• About Privilege Management
• When to Grant Privileges to Users
• When to Grant Roles to Users
• Controlling Access to Applications with Secure Application Roles
  • About Secure Application Roles
  • Tutorial: Creating a Secure Application Role
• Initialization Parameters Used for Privilege Security

4 Encrypting Data with Oracle Transparent Data Encryption

• About Encrypting Sensitive Data
• When Should You Encrypt Data?
• How Transparent Data Encryption Works
• Configuring Data to Use Transparent Data Encryption
  • Step 1: Configure the Keystore Location
  • Step 2: Check the COMPATIBLE Initialization Parameter Setting
  • Step 3: Create the Software Password-Based Keystore
  • Step 4: Open (or Close) the Keystore
  • Step 5: Create the Master Encryption Key
  • Step 6: Encrypt Data
• Checking Existing Encrypted Data
  • Finding the Type of Keystore That Was Created
  • Finding the Keystore Location
  • Checking Whether a Keystore Is Open or Closed
  • Checking Encrypted Columns of an Individual Table
  • Checking All Encrypted Table Columns in the Current Database Instance
  • Data Dictionary Views for Checking Encrypted Tablespaces in the Current Database Instance

5 Controlling Access with Oracle Database Vault

• About Oracle Database Vault
• Tutorial: Controlling Administrator Access to a User Schema
  • Step 1: Enable Oracle Database Vault
  • Step 2: Grant the SELECT Privilege on the OE.CUSTOMERS Table to User SCOTT
  • Step 3: Select from the OE.CUSTOMERS Table as Users SYS and SCOTT
  • Step 4: Create a Realm to Protect the OE.CUSTOMERS Table
  • Step 5: Test the OE Protections Realm
  • Step 6: Optionally, Remove the Components for This Tutorial

6 Restricting Access with Oracle Virtual Private Database

• About Oracle Virtual Private Database
• Tutorial: Limiting Access to Data Based on the Querying User
  • About Limiting Access to Data Based on the Querying User
  • Step 1: Create User Accounts for This Tutorial
  • Step 2: If Necessary, Create the Security Administrator Account
  • Step 3: Update the Security Administrator Account
  • Step 4: Create the F_POLICY_ORDERS Policy Function
  • Step 5: Create the ACCESSCONTROL_ORDERS Virtual Private Database Policy
  • Step 6: Test the ACCESSCONTROL_ORDERS Virtual Private Database Policy
  • Step 7: Optionally, Remove the Components for This Tutorial

7 Limiting Access to Sensitive Data Using Oracle Data Redaction

• About Oracle Data Redaction
• Tutorial: Redacting Data for a Select Group of Users
  • About Redacting Data for a Select Group of Users
  • Step 1: Create User Accounts and Grant Them the Necessary Privileges
  • Step 2: Create and Populate the SALES_OPPS Sales Opportunities Table
  • Step 3: Create the SALES_OPPS_POL Oracle Data Redaction Policy
  • Step 5: Test the SALES_OPPS_POL Oracle Data Redaction Policy
  • Step 6: Optionally, Remove the Components for This Tutorial

8 Enforcing Row-Level Security with Oracle Label Security

• About Oracle Label Security
• Differences Between Virtual Private Database, Oracle Label Security, and Data Redaction
• Guidelines for Planning an Oracle Label Security Policy
• Tutorial: Creating Levels of Access to Table Data Based on the User
  • About Creating Levels of Access to Table Data Based on the User
  • Step 1: Enable Oracle Label Security
  • Step 2: Enable the LBACSYS Account
  • Step 3: Create a Role and Three Users for the Oracle Label Security Tutorial
  • Step 4: Create the ACCESS_LOCATIONS Oracle Label Security Policy
  • Step 5: Define the ACCESS_LOCATIONS Policy-Level Components
  • Step 6: Create the ACCESS_LOCATIONS Policy Data Labels
  • Step 7: Create the ACCESS_LOCATIONS Policy User Authorizations
  • Step 8: Apply the ACCESS_LOCATIONS Policy to the HR.LOCATIONS Table
  • Step 9: Add the ACCESS_LOCATIONS Labels to the HR.LOCATIONS Data
  • Step 10: Test the ACCESS_LOCATIONS Policy
  • Step 11: Optionally, Remove the Components for This Tutorial

9 Auditing Database Activity

• About Auditing
• Why Is Auditing Used?
• Tutorial: Creating a Unified Audit Policy
  • Step 1: If Necessary, Enable Unified Auditing
  • Step 2: Grant the SEC_ADMIN User the AUDIT_ADMIN Role
  • Step 3: Create and Enable a Unified Audit Policy
  • Step 4: Test the Unified Audit Policy
  • Step 5: Optionally, Remove the Components for This Tutorial
  • Step 6: Optionally, Remove the SEC_ADMIN Security Administrator Account

Index