Harris, David Herron, and Stasia Iwanicki ISBN: 1-4200-6474-6 CISO Leadership: Essential Principles for Success Todd Fitzgerald and Micki Krause ISBN: 0-8493-7943-1 The Debugger's Handbo
Trang 2HOWTO Secure and Audit Oracle 10g and 11g
Trang 3AUERBACH PUBLICATIONS
www.auerbach-publications.com
To Order Call: 1-800-272-7737 • Fax: 1-800-374-3401
E-mail: orders@crcpress.com
The Business Value of IT: Managing Risks, Optimizing Performance and
Measuring Results
Michael D S Harris, David Herron, and Stasia Iwanicki
ISBN: 1-4200-6474-6
CISO Leadership: Essential Principles for Success
Todd Fitzgerald and Micki Krause ISBN: 0-8493-7943-1
The Debugger's Handbook
J.F DiMarzio ISBN: 0-8493-8034-0
Effective Software Maintenance and Evolution: A Reuse-Based Approach
Stanislaw Jarzabek ISBN: 0-8493-3592-2
The Ethical Hack: A Framework for Business Value Penetration Testing
James S Tiller ISBN: 084931609X
Implementing Electronic Document and Record Management Systems
Azad Adam ISBN: 0-8493-8059-6
Implementing the IT Balanced Scorecard:
Aligning IT with Corporate Strategy
Jessica Keyes ISBN: 0-8493-2621-4
Information Security Cost Management
Ioana V Bazavan and Ian Lim ISBN: 0-8493-9275-6
The Insider's Guide to Outsourcing Risks and Rewards
Johann Rost ISBN: 0-8493-7017-5
Interpreting the CMMI ® : A Process Improvement Approach, Second Edition
Margaret K Kulpa and Kent A Johnson ISBN: 1-4200-6052-X
Knowledge Management, Business Intelligence, and Content Management:
The IT Practitioner's Guide
Jessica Keyes ISBN: 0-8493-9385-X
Manage Software Testing
Peter Farrell-Vinay ISBN: 0-8493-9383-3
Managing Global Development Risk
James M Hussey and Steven E Hall ISBN: 1-4200-5520-8
Patterns for Performance and Operability:
Building and Testing Enterprise Software
Chris Ford, Ido Gileadi, Sanjiv Purba, and Mike Moerman
ISBN: 1-4200-5334-5
A Practical Guide to Information Systems Strategic Planning, Second Edition
Anita Cassidy ISBN: 0-8493-5073-5
Service-Oriented Architecture: SOA Strategy, Methodology, and Technology
James P Lawler and H Howell-Barber ISBN: 1-4200-4500-8
Six Sigma Software Development, Second Edition
Christine B Tayntor ISBN: 1-4200-4426-5
Successful Packaged Software Implementation
Christine B Tayntor ISBN: 0-8493-3410-1
OTHER NEW BOOKS FROM AUERBACH
Trang 4Secure and Audit Oracle 10g and 11g
Ron Ben Natan
Foreword by Pete Finnigan
Trang 5Auerbach Publications
Taylor & Francis Group
6000 Broken Sound Parkway NW, Suite 300
Boca Raton, FL 33487-2742
© 2009 by Taylor & Francis Group, LLC
Auerbach is an imprint of Taylor & Francis Group, an Informa business
No claim to original U.S Government works
Printed in the United States of America on acid-free paper
10 9 8 7 6 5 4 3 2 1
International Standard Book Number-13: 978-1-4200-8412-2 (Hardcover)
This book contains information obtained from authentic and highly regarded sources Reasonable efforts have been
made to publish reliable data and information, but the author and publisher cannot assume responsibility for the
valid-ity of all materials or the consequences of their use The authors and publishers have attempted to trace the copyright
holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this
form has not been obtained If any copyright material has not been acknowledged please write and let us know so we may
rectify in any future reprint
Except as permitted under U.S Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or
uti-lized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including
photocopy-ing, microfilmphotocopy-ing, and recordphotocopy-ing, or in any information storage or retrieval system, without written permission from the
publishers
For permission to photocopy or use material electronically from this work, please access www.copyright.com (http://
www.copyright.com/) or contact the Copyright Clearance Center, Inc (CCC), 222 Rosewood Drive, Danvers, MA 01923,
978-750-8400 CCC is a not-for-profit organization that provides licenses and registration for a variety of users For
orga-nizations that have been granted a photocopy license by the CCC, a separate system of payment has been arranged
Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for
identification and explanation without intent to infringe
Library of Congress Cataloging-in-Publication Data
Ben-Natan, Ron
How to secure and audit Oracle 10g and 11g / Ron Ben-Natan
p cm
Includes index
ISBN 978-1-4200-8412-2 (hardcover : alk paper)
1 Oracle (Computer file) 2 Computer security 3 Data protection 4 Database security I Title
QA76.9.A25B446 2009 005.8 dc22 2009001575
Visit the Taylor & Francis Web site at
http://www.taylorandfrancis.com
and the Auerbach Web site at
http://www.auerbach-publications.com
Trang 6454 䡲 Index
U
Unix
administrator audit records, 218
audit trail in, 190–191
mandatory auditing, 213, 215
pcap library, 132
UNLIMITED TABLESPACE system
privilege, 55 UPDATE ANY TABLE privilege, 324
UPDATE_CHECK, 362–363
User accounts
altering, 56–57
changing password, 58
creation of
ALTER USER format and, 56–57 CREATE TABLE privileges, 54–55 CREATE USER command for, 53–54 PASSWORD EXPIRE option, 54 UNLIMITED system privilege, 55–56 deleting, 57–58
as IDENTIFIED EXTERNALLY., 103
limiting system resources used by, 68–69
and profi les, viewing
DBA_PROFILES, 69 DBA_TS_QUOTAS and DBA_USERS, 70 USER_PASSWORD_LIMITS and USER_
RESOUCE_LIMITS, 71 unlocking, 58
USER_ENCRYPTED_COLUMNS, 166
USER_PASSWORD_LIMITS, 71
User qualifi ers, 199–200
USER_RESOUCE_LIMITS, 71
V
Valid node checking, 46–47
View privileges, 318–319
Virtual Private Database, see VPD
VPD
FGAC implementation, 359
policy groups, see Policy groups
security policies, see VPD security
policies
VPD security policies, 374 assigning to database object, 374
to check before and after conditions, 363 debugging, 374
adding indexes, 376–377 recursive defi nitions and, 376 SQL traces for, 376 V$VPD_POLICY view for, 375 default value for, 372
for optimal performance context sensitive and shared context sensitive policies, 373
dynamic and static policies, 372–373 qualifi ers for, 361–363
recursion, 376 row fi ltering, 359–361 sensitive column data hiding, 365–367 limiting access to, 364–365 users exempted from, 377–378
to view defi ned, 374–375 Vulnerabilities
checking for, 15 Vulnerability assessment tools change tracking, 430 checks performed by, 15 defi ning tests to be run in, 430–431 listener security, 429
scheduler, 17 vulnerabilities and CPUs, 17 V$XML_AUDIT_TRAIL, 207
W
WALLET_LOCATION parameter, 165 White lists, 298
Windump, 132 Winpcap, 132 Wired Equivalent Privacy (WEP), 77
X
XOR data, AES algorithm, 76