Why is Security Hard? Good security and no security can look the same – How does one know how secure they are? Many things to secure – People, equipment, OS, network, Application Servers, applications, and databases Difficult to prove good security – Bad security gets proven to/for us No system can be 100% secure – . . . → Read More: Oracle Protected Enterprise: Upsell Security and Identity Management into your Oracle Deals
|
|||||
|
Agenda Security Challenges The Market Opportunity With Governance, Risk, Compliance Three Brightest Lights Database Vault Advanced Security Options Audit Vault Products Overview Success Stories Getting Started Questions Where is the Light Brightest? Database Vault Recent and Planned Database Consolidations Personally Identifiable Information (PII) Advanced Security Option clients Peoplesoft Clients (validated DBV Application) eBS/Siebel clients Advanced . . . → Read More: Driving Security Revenue With Oracle Database 11g Security is at the forefront of every CIO’s mind. Security is no longer a technology issue, it’s a business issue. The growing number of high-profile incidents in which customer records, confidential information, and intellectual property are leaked, lost or stolen has created an explosive demand for solutions that protect against the deliberate or inadvertent release . . . → Read More: Tell Me About Oracle Database Security Products Sometimes,the columns are decrypted as a result and decrypt functions (appears as INTERNAL_FUNCTION in the execution plan) are applied on them, which can lead to poor approximations of column selectivity, leading to improper plans. This happens mostly when the encrypted columns are using SALT to encrypt the data, but it can happen for other reasons . . . → Read More: Internal_Function with Encryption in SQL PLAN WARNING ======= The method described in this article is not officially supported by development, therefore when you get errors using this procedure support cannot file a bug for it. Please make no mistakes when setting the HEX value with the VALUES keyword as bad values may cause internal errors. This undocumented feature exists to support . . . → Read More: Restoring a user’s original password Applies to: Oracle Server – Enterprise Edition – Version: 8.1.7.0 to 11.1.0.7 – Release: 8.1.7 to 11.1 Information in this document applies to any platform. Goal How to recover from lost sys password. Solution The methods to be used rely on: 1. OS authentication 2. passwordfile authentication. It is outside the scope of this . . . → Read More: How to recover from lost sys password 1. Enable audit. Set the parameter to audit_trail=db (or db,extended) 2. Restart the database instance to enable the audit settings. 3. Set up audit for session: audit session whenever successful; 4. After a relevant period of time, check the DBA_AUDIT_SESSION view, in the documentation LOGOFF_LREAD Logical reads for the session LOGOFF_PREAD Physical reads for . . . → Read More: Audit Logon above 9i 以下脚本可以用于收集数据库安全风险评估信息: REM list database vulnerability assessment info set escape on; set linesize 140 ; spool db_vulnerability_assessment.log Select role from dba_roles r where role not in (‘CONNECT’, ‘RESOURCE’, ‘DBA’, ‘SELECT_CATALOG_ROLE’, ‘EXECUTE_CATALOG_ROLE’, ‘DELETE_CATALOG_ROLE’, ‘EXP_FULL_DATABASE’, ‘WM_ADMIN_ROLE’, ‘IMP_FULL_DATABASE’, ‘RECOVERY_CATALOG_OWNER’, ‘AQ_ADMINISTRATOR_ROLE’, ‘AQ_USER_ROLE’, ‘GLOBAL_AQ_USER_ROLE’, ‘OEM_MONITOR’, ‘HS_ADMIN_ROLE’) and not exists (Select 1 from dba_role_privs p where p.granted_role = r.role) / select tp.grantee, . . . → Read More: Script:收集数据库安全风险评估信息 |
|
||||
|
Copyright © 2012 Oracle Clinic – Maclean Liu的个人技术博客 - All Rights Reserved |
|||||
最新评论