did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9780072231304

Effective Oracle Database 10g Security by Design

by
  • ISBN13:

    9780072231304

  • ISBN10:

    0072231300

  • Edition: 1st
  • Format: Paperback
  • Copyright: 2004-07-08
  • Publisher: McGraw-Hill Education
  • View Upgraded Edition

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $69.00 Save up to $17.25
  • Digital
    $69.00
    Add to Cart

    DURATION
    PRICE

Supplemental Materials

What is included with this book?

Summary

Oracle security expert David Knox explains how to design and develop an integrated, secure Oracle environment. "In my experience in the security world, including 32 years at the Central Intelligence Agency, I've not found anyone with more experience in the theory and practice of protecting your data than David Knox." --Dave Carey, former Executive Director of the CIA

Author Biography

David Knox is the chief engineer for Oracle's Information Assurance Center

Table of Contents

Foreword xix
Acknowledgments xxi
Introduction xxiii
PART I Quick Start
General Security Best Practices
3(18)
Security Policies
4(4)
Different Policies for Different Needs
5(1)
Understanding Security Requirements
6(1)
Policy Creation
6(1)
Practical Policies
6(2)
The Tenets of Security
8(2)
Security by Design
8(1)
Defense in Depth
9(1)
Least Privileges
9(1)
Risk Analysis
10(3)
Document Your Risk Analysis
11(1)
Expect the Unexpected
11(1)
Contingency Planning and Incident Response
12(1)
Snapshots and Situational Awareness
13(1)
Cover All the Areas
13(1)
Hardening the Infrastructure
14(7)
The Operating System
15(1)
The Network
16(2)
The Application Server
18(3)
Securing the Database
21(34)
Securing (Default) User Accounts
22(7)
Lock Down Example
23(6)
Throw Out Anything Stale
29(1)
Oracle Passwords
29(12)
Application Password Authentication Using Oracle's Native Password Store
30(2)
Checking for Weak or Default Passwords
32(3)
Impossible Passwords
35(1)
Managing and Ensuring Good Passwords
36(5)
Limiting Database Resources
41(1)
Resource Limits
41(1)
Default Roles
42(3)
Connect
42(1)
Resource
43(1)
DBA
44(1)
Public Privileges
45(4)
When to Grant Privileges to Public
45(1)
Oracle Supplied Objects
46(3)
Securing the Network
49(6)
Encryption
49(1)
Database Listener
50(5)
PART II Identification and Authentication
Understanding Identification and Authentication
55(14)
Importance of Identification and Authentication
56(1)
Identification Methods
57(2)
User-Supplied Identification
57(1)
Technological Identification
58(1)
Identity Crisis
59(1)
Spoofing
59(1)
Identity Theft
60(1)
Authentication
60(3)
Methods
61(1)
Best Practices for Secure Authentication
62(1)
Single Sign-On
63(1)
Why Single Sign-On Exists
63(1)
Challenges to Single Sign-On
63(1)
Database I&A
64(5)
Associating Users with Database Schemas
64(3)
Separate Users and Data
67(1)
Identity Preservation
67(1)
Determining the Appropriate Level of I&A
67(2)
Connection Pools and Proxy Authentication
69(30)
Heritage
70(4)
Host-Based Identification and Authentication
70(3)
Client-Server Identification and Authentication
73(1)
Web Applications
74(4)
The Stateless Environment
75(1)
Web Databases
75(3)
Connection Pools
78(6)
Oracle Implicit Connection Cache
79(3)
Security Risks
82(2)
Session Pools and the Oracle OCI Connection Pool
84(4)
OCI Connection Pool Example
84(3)
Password Management Risk
87(1)
Proxy Authentication
88(11)
Proxy Example
88(3)
Proxy Authentication Database Setup
91(5)
Proxy Authentication Modes
96(2)
Forcing Proxy Authentication
98(1)
Identity Management and Enterprise Users
99(22)
Identity Management
100(2)
Directory Services
100(1)
IM Components
101(1)
Oracle Internet Directory (OiD)
102(1)
Enterprise Users
102(1)
History
102(1)
Setting Up EUS
103(4)
LDAP Setup
103(1)
Database Setup
103(4)
Applying EUS
107(3)
Creating the Enterprise User
108(1)
The Connection Process
109(1)
User-Schema Mappings
110(9)
Creating the Shared Schemas
110(2)
Directory Mappings
112(1)
Mapping Permutations Example
112(5)
Exclusive Schemas
117(2)
Considerations
119(2)
Single Credentials and Performance
119(1)
Dependencies
120(1)
Identification and Authentication for Web Applications
121(32)
Application Processes for Identification and Authentication
122(1)
Integrated Authentication
122(12)
Creating the Application User
123(2)
Connecting the Application User to the Database
125(2)
Getting the User Identity
127(2)
Database Account Setup
129(1)
User Database Account(s)
130(1)
Authentication Blueprint
130(2)
Performance
132(2)
Proxy Authentication Alternatives
134(14)
Application Directed Security
134(2)
Application User Proxy---Client Identifiers
136(7)
Leveraging Database Security with Anonymous Connection Pools
143(5)
Identifying Information
148(5)
PART III Authorizations and Auditing
Privileges and Roles
153(48)
Access Control, Authorizations, and Privileges
154(1)
Access Control
154(1)
Enforcing Access Control
154(1)
Authorizations
154(1)
Privileges
155(14)
System Privileges
155(4)
Object Privileges
159(3)
Synonyms
162(1)
System and Object Privileges Together
163(1)
Privilege Persistence
164(5)
Roles
169(6)
Role Hierarchies
169(4)
Designing for Definer and Invoker Rights
173(2)
Selective Privilege Enablement
175(6)
Selective Privilege Use Cases
178(3)
Password-Protected Roles
181(3)
Password-Protected Role Example
181(1)
Password-Protected Roles and Proxy Authentication
182(1)
Challenges to Securing the Password
183(1)
Secure Application Roles
184(5)
Secure Application Role Example
184(5)
Global Roles and Enterprise Roles
189(3)
Creating and Assigning Global and Enterprise Roles
189(3)
Combining Standard and Global/Enterprise Roles
192(1)
Using Roles Wisely
192(2)
Too Many Roles
192(1)
Naming
192(1)
Dependencies
193(1)
Example---Putting the Pieces Together
194(7)
Application Authentication
194(1)
Verifying the User
195(2)
Setting the Secure Application Role
197(1)
Securing the Source
198(3)
Effective Auditing for Accountability
201(46)
The Security Cycle
202(2)
Auditing for Accountability
203(1)
Auditing Provides the Feedback Loop
203(1)
Auditing Is Not Overhead
203(1)
Audit Methods
204(12)
Application Server Logs
204(1)
Application Auditing
205(1)
Application Audit Example
205(6)
Trigger Auditing
211(1)
Trigger Audit Example
211(3)
Autonomous Transactions and Auditing
214(2)
Data Versioning
216(4)
Flashback Version Query
217(1)
Flashback Transaction Query
218(2)
Standard Database Auditing
220(13)
Mandatory Auditing
220(1)
Auditing SYS
220(2)
Enabling Standard Auditing
222(1)
Auditing By User, Privilege, and Object
222(1)
Auditing Best Practices
223(4)
Determining the Audit Status
227(1)
Extending the Audit Data with Client Identifiers
228(3)
Peformance Test
231(2)
Caveats
233(1)
Fine-Grained Auditing
233(14)
Audit Conditions
233(4)
Column Sensitivity
237(2)
Capturing SQL
239(1)
Acting on the Audit
239(4)
Caveats
243(4)
PART IV Fine-Grained Access Control
Application Contexts for Security and Performance
247(30)
Application Context
248(1)
Default Userenv Context
249(2)
Local Context
251(10)
Creating an Application Context
251(1)
Setting Context Attributes and Values
252(3)
Applying the Application Context to Security
255(3)
Secure Use
258(1)
Common Mistakes
258(3)
Global Context
261(12)
Uses
261(1)
Examples
261(12)
External and Initialized Globally
273(4)
Implementing Fine-Grained Access Controls with Views
277(16)
Introduction to Fine-Grained Access
278(1)
Object Access
278(1)
Fine-Grained Access
279(1)
Secure Views
279(14)
Views for Column-Level Security
281(7)
Views for Row-Level Security
288(3)
Viewing Problems
291(2)
Row-Level Security with Virtual Private Database
293(44)
The Need for Virtual Private Databases
294(1)
Row-Level Security Quick Start
295(2)
Quick Start Example
295(2)
RLS In-Depth
297(23)
Benefits
297(1)
Setup
298(7)
The RLS Layer of Security
305(3)
RLS Exemption
308(2)
Debugging RLS Policies
310(10)
Partitioned Fine-Grained Access Control
320(1)
Column Sensitive VPD
320(2)
VPD Performance
322(15)
Bind Variables
322(1)
Code Location
323(1)
Policy Caching
323(9)
Caching Caution
332(1)
Comparing VPD Performance to View-Based RLS
333(4)
Oracle Label Security
337(64)
Classifying Data
338(1)
OLS Ancestry
339(2)
Labels and Mandatory Access Control
339(1)
Trusted Oracle
340(1)
Oracle Label Security
341(2)
How OLS Works
342(1)
Installing OLS
342(1)
Implementing Label Security
342(1)
Label Example
343(3)
Creating the Policy
343(3)
Label Components
346(29)
Levels
347(1)
Creating Labels
348(2)
Applying the Policy
350(2)
Authorizing Access
352(1)
Testing the Labels
353(1)
Special OLS Privileges
354(3)
Compartments
357(4)
Adding Data to OLS Protected Tables
361(4)
Groups
365(6)
Using the Default Session Label
371(3)
Comparing the Labels
374(1)
Hiding the Label
375(4)
Changing the Hidden Status
375(4)
Writing to OLS Protected Tables
379(8)
Understanding Write Authorizations
379(4)
Groups and Compartments Dependency
383(4)
Tips and Tricks
387(8)
Restricted Updates to the Labels
387(2)
Trusted Procedures
389(2)
Label Functions
391(3)
Storing the Labels in OID
394(1)
Using Labels with Connection Pools and Shared Schemas
394(1)
OLS Consideration Factors
395(1)
VPD Versus Label Security
396(5)
Advantages of OLS
396(1)
Advantages of VPD
396(1)
VPD and OLS
397(4)
Database Encryption
401(88)
Encryption 101
402(4)
The Basics
403(1)
Encryption Choices
403(3)
When to Use Database Encryption
406(2)
Reasons Not to Encrypt
407(1)
Reasons to Encrypt
408(1)
DBMS_Crypto
408(7)
Encryption Routines
409(1)
DBMS_Crypto Simple Example
410(1)
Data_Crypto Package
411(4)
Encryption Examples
415(7)
Encrypting Character, Numbers, and Dates
415(4)
Encrypting CLOBs and BLOBs
419(3)
Encryption In-Depth
422(10)
Keys, Data, and IVs
422(4)
Storing Encrypted Data
426(3)
Encrypted Data Sizes
429(3)
Hashing
432(5)
DBMS_Crypto Hashing
433(2)
Message Authentication Codes
435(2)
Performance
437(4)
Key Management
441(12)
Key Management Options
442(8)
The Best Key Management Strategy
450(3)
PART V Appendixes
A Setting Up the Security Manager
453(4)
B Data_Crypto Package
457(22)
D DBMS_Crypto Performance Test Results
479(10)
Index 489

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program