HOWTO Secure and Audit Oracle 10g and 11g OTHER NEW BOOKS FROM AUERBACH The Business Value of IT: Managing Risks, Optimizing Performance and Measuring Results Michael D S Harris, David Herron, and Stasia Iwanicki ISBN: 1-4200-6474-6 CISO Leadership: Essential Principles for Success Todd Fitzgerald and Micki Krause ISBN: 0-8493-7943-1 The Debugger's Handbook J.F DiMarzio ISBN: 0-8493-8034-0 Effective Software Maintenance and Evolution: A Reuse-Based Approach Stanislaw Jarzabek ISBN: 0-8493-3592-2 The Ethical Hack: A Framework for Business Value Penetration Testing James S Tiller ISBN: 084931609X Implementing Electronic Document and Record Management Systems Azad Adam ISBN: 0-8493-8059-6 Implementing the IT Balanced Scorecard: Aligning IT with Corporate Strategy Jessica Keyes ISBN: 0-8493-2621-4 Interpreting the CMMI®: A Process Improvement Approach, Second Edition Margaret K Kulpa and Kent A Johnson ISBN: 1-4200-6052-X Knowledge Management, Business Intelligence, and Content Management: The IT Practitioner's Guide Jessica Keyes ISBN: 0-8493-9385-X Manage Software Testing Peter Farrell-Vinay ISBN: 0-8493-9383-3 Managing Global Development Risk James M Hussey and Steven E Hall ISBN: 1-4200-5520-8 Patterns for Performance and Operability: Building and Testing Enterprise Software Chris Ford, Ido Gileadi, Sanjiv Purba, and Mike Moerman ISBN: 1-4200-5334-5 A Practical Guide to Information Systems Strategic Planning, Second Edition Anita Cassidy ISBN: 0-8493-5073-5 Service-Oriented Architecture: SOA Strategy, Methodology, and Technology James P Lawler and H Howell-Barber ISBN: 1-4200-4500-8 Information Security Cost Management Ioana V Bazavan and Ian Lim ISBN: 0-8493-9275-6 Six Sigma Software Development, Second Edition Christine B Tayntor ISBN: 1-4200-4426-5 The Insider's Guide to Outsourcing Risks and Rewards Johann Rost ISBN: 0-8493-7017-5 Successful Packaged Software Implementation Christine B Tayntor ISBN: 0-8493-3410-1 AUERBACH PUBLICATIONS www.auerbach-publications.com To Order Call: 1-800-272-7737 • Fax: 1-800-374-3401 E-mail: orders@crcpress.com HOWTO Secure and Audit Oracle 10g and 11g Ron Ben Natan Foreword by Pete Finnigan Auerbach Publications Taylor & Francis Group 6000 Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742 © 2009 by Taylor & Francis Group, LLC Auerbach is an imprint of Taylor & Francis Group, an Informa business No claim to original U.S Government works Printed in the United States of America on acid-free paper 10 International Standard Book Number-13: 978-1-4200-8412-2 (Hardcover) This book contains information obtained from authentic and highly regarded sources Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint Except as permitted under U.S Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers For permission to photocopy or use material electronically from this work, please access www.copyright.com (http:// www.copyright.com/) or contact the Copyright Clearance Center, Inc (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400 CCC is a not-for-profit organization that provides licenses and registration for a variety of users For organizations that have been granted a photocopy license by the CCC, a separate system of payment has been arranged Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe Library of Congress Cataloging-in-Publication Data Ben-Natan, Ron How to secure and audit Oracle 10g and 11g / Ron Ben-Natan p cm Includes index ISBN 978-1-4200-8412-2 (hardcover : alk paper) Oracle (Computer file) Computer security Data protection Database security I Title QA76.9.A25B446 2009 005.8 dc22 Visit the Taylor & Francis Web site at http://www.taylorandfrancis.com and the Auerbach Web site at http://www.auerbach-publications.com 2009001575 454 Ⅲ Index U Unix administrator audit records, 218 audit trail in, 190–191 mandatory auditing, 213, 215 pcap library, 132 UNLIMITED TABLESPACE system privilege, 55 UPDATE ANY TABLE privilege, 324 UPDATE_CHECK, 362–363 User accounts altering, 56–57 changing password, 58 creation of ALTER USER format and, 56–57 CREATE TABLE privileges, 54–55 CREATE USER command for, 53–54 PASSWORD EXPIRE option, 54 UNLIMITED system privilege, 55–56 deleting, 57–58 as IDENTIFIED EXTERNALLY., 103 limiting system resources used by, 68–69 and profi les, viewing DBA_PROFILES, 69 DBA_TS_QUOTAS and DBA_USERS, 70 USER_PASSWORD_LIMITS and USER_ RESOUCE_LIMITS, 71 unlocking, 58 USER_ENCRYPTED_COLUMNS, 166 USER_PASSWORD_LIMITS, 71 User qualifiers, 199–200 USER_RESOUCE_LIMITS, 71 VPD security policies, 374 assigning to database object, 374 to check before and after conditions, 363 debugging, 374 adding indexes, 376–377 recursive definitions and, 376 SQL traces for, 376 V$VPD_POLICY view for, 375 default value for, 372 for optimal performance context sensitive and shared context sensitive policies, 373 dynamic and static policies, 372–373 qualifiers for, 361–363 recursion, 376 row filtering, 359–361 sensitive column data hiding, 365–367 limiting access to, 364–365 users exempted from, 377–378 to view defined, 374–375 Vulnerabilities checking for, 15 Vulnerability assessment tools change tracking, 430 checks performed by, 15 defining tests to be run in, 430–431 listener security, 429 scheduler, 17 vulnerabilities and CPUs, 17 V$XML_AUDIT_TRAIL, 207 W V Valid node checking, 46–47 View privileges, 318–319 Virtual Private Database, see VPD VPD FGAC implementation, 359 policy groups, see Policy groups security policies, see VPD security policies WALLET_LOCATION parameter, 165 White lists, 298 Windump, 132 Winpcap, 132 Wired Equivalent Privacy (WEP), 77 X XOR data, AES algorithm, 76 .. .HOWTO Secure and Audit Oracle 10g and 11g OTHER NEW BOOKS FROM AUERBACH The Business Value of IT: Managing Risks, Optimizing Performance and Measuring Results Michael... trademarks, and are used only for identification and explanation without intent to infringe Library of Congress Cataloging-in-Publication Data Ben-Natan, Ron How to secure and audit Oracle 10g and 11g... Order Call: 1-800-272-7737 • Fax: 1-800-374-3401 E-mail: orders@crcpress.com HOWTO Secure and Audit Oracle 10g and 11g Ron Ben Natan Foreword by Pete Finnigan Auerbach Publications Taylor & Francis