Practical Oracle Security: Your Unauthorized Guide to Relational Database Security

Practical Oracle Security: Your Unauthorized Guide to Relational Database Security

by Josh Shaul, Aaron Ingram
     
 

View All Available Formats & Editions

This is the only practical, hands-on guide available to database administrators to secure their Oracle databases. This book will help the DBA to assess their current level of risk as well as their existing security posture. It will then provide practical, applicable knowledge to appropriately secure the Oracle database. The book’s companion Web site contains

See more details below

Overview

This is the only practical, hands-on guide available to database administrators to secure their Oracle databases. This book will help the DBA to assess their current level of risk as well as their existing security posture. It will then provide practical, applicable knowledge to appropriately secure the Oracle database. The book’s companion Web site contains dozens of working scripts that DBA’s can use to secure and automate their Oracle databases.

• The only practical, hands-on guide for securing your Oracle database published by independent experts.
• Companion Web site contains dozens of scripts to help you automate security tasks.
• Your Oracle database does not exist in a vacuum, so this book shows you how to securely integrate your database into your enterprise.

Editorial Reviews

Whether you need to secure one database or an entire enterprise-wide Oracle infrastructure, Practical Oracle Security is a start-to-finish blueprint for getting the job done. Authored by two world-class security experts, it'll help you define the right level of security for any database, discover where you stand now, and get to where you need to be, one step at a time. It discusses everything from database installation to demonstrating compliance. And it will be valuable to everyone concerned with Oracle security, from DBAs and security specialists to auditors and chief security officers.

The authors begin by defining three levels of Oracle security -- basic, best practice, and lockdown -- and helping you decide where each of your databases fits. With that framework in place, you can move on to installation and post-install configuration, then to securing default accounts and passwords. You'll learn how to determine which of the thousands of combinations of default credentials will get a hacker into your versions of Oracle, close down each of those hidden entryways, and make sure the passwords you do use actually resist attack.

Next, you'll turn to file permissions. The authors identify key files whose protection deserves special care, and discuss issues ranging from backup files to managing file changes. The book also contains a full chapter on patch sets, coverage of security metrics, and much more.

Throughout, the discussion is relentlessly realistic. And the book's sidebar features are especially valuable -- from "Tools & Traps" sections to end-of-chapter FAQs. ("How much work is involved in securing an Oracle database?" "How often should I scan my databases for default passwords?" "I've implemented encryption, but where do I store the private key?") If you’re not wondering about the answers to questions like these, one of your colleagues probably is. Bill Camarda, from the November 2007 Read Only

Product Details

ISBN-13:
9781597491983
Publisher:
Elsevier Science
Publication date:
11/26/2007
Pages:
288
Product dimensions:
7.50(w) x 9.25(h) x 0.61(d)

Meet the Author

Josh Shaul got started in the security industry with SafeNet, Inc. in 1997, working on the industry's first complete IPsec accelerator chip. During a five year tenure as a SafeNet developer, Josh spent time designing, developing and enhancing SafeNet's embedded security solutions for a wide range of applications. For the last four years Josh has focused primarily on field engineering, helping companies deploy security SW and HW into various Networking Devices, SoCs, and Processing Platforms. He is an expert on security protocols and standards, trusted computing, and application level security. Recently, Josh has focused primarily on database security, working to assist large organization in developing the proper defense-in-depth strategy to secure sensitive data at its source. Josh is currently responsible for Worldwide Systems Engineering at Application Security, Inc.

Aaron has fifteen years experience developing enterprise software, focusing on database systems and security applications. After graduating with a Bachelor's degree in computer science from Columbia University, he worked at Accenture as a consultant for Fortune 500 financial and telecommunication companies and for various government agencies. He then worked for ShieldIP creating Digital Rights Protection technology. Most recently, he merged his extensive database background with his security skills to manage the development of Application Security's real-time database intrusion detection and security auditing solution, AppRadar.

Customer Reviews

Average Review:

Write a Review

and post it to your social network

     

Most Helpful Customer Reviews

See all customer reviews >