- Consider examples of common security threats and sensitive data which might exist within an organization; Review the essentials of a sound and secure database installation;
- Consider known database security weaknesses and how these may be addressed;
- Consider examples of specific attacks which could be launched against individual components within a data center or within the public networks;
- Review the theory and concepts which underlie symmetric and asymmetric encryption;
- Consider the primary elements involved in asymmetric encryption, including private and public keys, the Public Key Infrastructure, certificates, Certificate Authorities and wallets;
- Discuss how symmetric or asymmetric encryption is applied to network traffic, database storage and external files; Consider the limits of encryption strategies and when encryption could be misapplied and counterproductive;
- Discuss the challenges and options available for encryption key storage;
- Apply Transparent Data Encryption (TDE) to tablespace, column, export file, RMAN backup set file and SecureFile LOB encryption;
- Use the Oracle Data Pump access driver to encrypt external tables;
- Configure Oracle Net Services to repel database attacks and implement advanced security using encrypted network communication;
- Implement an application-based encryption solution using the DBMS_CRYPTO() package;
- Review the types of attacks which can be launched using SQL injection, and which countermeasures should be applied to repel these;
- Implement enhanced application security using the Virtual Private Database (VPD) facility.
Overview