Protecting Oracle Database 12c

Protecting
Oracle Database 12c helps you solve the problem of maximizing the safety, resilience, and security of an Oracle database whilst preserving performance, availability, and integration despite ongoing and new security issues in the software. The book demonstrates, through coded examples, how you can enable the consolidation features of Oracle
Database 12c without increasing risk of either internal corruption or external vulnerability. In addition, new protections not publicly available are included, so that you can see how demonstrable risk improvements can be achieved, measured, and reported through Enterprise Manager 12c. Most importantly, the challenge of privileged access control within a consolidation environment will be addressed, thus enabling a safe move to greater efficiency.

What you’ll learn

• Oracle database security issues and how to defend against new risks introduced by Oracle Database
  12c and pre-existing architectural vulnerabilities, such as incoming DBlinks
• Control and audit the use of SYS privilege over a large estate using native tools
• Use Oracle native audit as an IPS to block threats in real-time
• Leverage root segregation to secure Oracle DB
• Secure privileged access control and break-glass sessions
• Scale automated security controls through Enterprise Manager to a large estate
• Improve your ability to pass audits and stay compliant

Who this book is for

Protecting Oracle Database 12c is primarily aimed at Oracle database administrators, DBA managers, and security staff who are working to safely and securely implement Oracle Database 12c in their environment. The book especially targets those using privileged access control to enable consolidation and the new cloud features set, including it’s multi-tenant database capabilities.

Table of Contents

PART
I. SECURITY OVERVIEW AND HISTORY

1. Oracle Security History

2. Current state of the Art

3. Extrapolating Current Trends

PART
II. DEFENSE COOKBOOK

4. Managing Users in Oracle

5. Oracle Vulnerability Scanner

6. Centralized Native Auditing and IPS

7. Pluggable Database Primer

PART
III. SECURITY IN THE 12C RELEASE

8. New Security Features in 12C

9. Design Flaws, Fixed and Remaining in 12C

10. New Security Issues in 12C

11. Advanced Defenses and Forensic Response

PART
IV. SECURITY IN CONSOLIDATION

12. Privileged Access Control Foundations

13. Privileged Access Control Methods

14. Securing Privileged Access Control
Systems

15. Rootkit Checker and Security Monitoring

PART
V. ARCHITECTURAL RISK MANAGEMENT

16. Oracle Security Architecture
Foundations

17. Enterprise Manager 12c As a Security Tool

18. Defending Enterprise
Manager 12c

19. The Cloud and Privileged Access

20. Management and Conclusions