课程长度:4天/24小时
课程描述:
This Oracle Database 10g: Security Release 2 training teaches you how to use Oracle Database features to meet the security and compliance requirements of your organization. The current regulatory environment of the Sarbanes-Oxley Act, HIPPA, the UK Data Protection Act and others require better security at the database level.
Learn To:
• Explain the fundamental security requirements.
• Secure your database.
• Use the database features that enhance security.
• Use Wallet manager.
• Protect sensitive data.
• Install Label Security.
• Describe group policies.
• Use suggested architectures for common problems
课程目标:
• Use basic database security features
• Choose a user authentication model
• Secure the database and its listener
• Use the Enterprise Security Manager tool
• Manage users using proxy authentication
• Implement Enterprise User Security
• Describe the benefits and requirements associated with the Advanced Security Option
• Manage secure application roles
• Implement fine-grain access control
• Manage the Virtual Private Database (VPD)
• Implement fine-grain auditing
• Use Transparent Data Encryption
• Use file encryption
• Encrypting and Decrypt table columns
• Setup a simple Label Security policy
课程内容:
Security Requirements
• Security requirements
• Basic Requirements
• Components for enforcing security
• Define Least Privilege
• Enforce Security Policies
• Security in Depth(OS/database/network) Hardening each level
Security Solutions
• Preventing Exploits (Industry standard practices)
• Data Protection California Breach Law
• Data Access Control HIPPA, UK Data Protection
• Middle-Tier Authentication/Authorization
• Consistent checklist
• Network Wide Authentication
Internal Database Security
• Installation and patching
• Privileged accounts
• Manage user accounts and privileges
Database Auditing
• Auditing Users that have Access
• Managing the Audit Trail
• Privileged user auditing (10g NF for 8i DBAs)
• DML and DDL auditing with triggers (Wayne Reeser brown bag) Include autonomous transaction
• Auditing with SYSLOG
• Audit Vault
Fine-Grained Auditing