Author(s): David Knox, Scott Gaetjen, Hamza Jahangir, Tyler Muth, Patrick Sack, Richard Wark, Bryan Wise
Edition: 1
Publisher: McGraw-Hill Osborne Media
Year: 2009
Language: English
Pages: 641
Contents......Page 14
Foreword......Page 22
Acknowledgments......Page 24
Part I: Oracle Database Security New Features......Page 28
1 Security Blueprints and New Thinking......Page 30
About This Book......Page 31
Database Security Today......Page 33
Security Motivators......Page 35
Modeling Secure Schemas......Page 39
Getting Started......Page 43
Summary......Page 47
2 Transparent Data Encryption......Page 48
Encryption 101......Page 50
Encrypting Data Stored in the Database......Page 55
The Transparent Data Encryption Solution......Page 60
Tablespace Encryption: New with Oracle 11g......Page 71
Oracle 11g Configuration......Page 72
Summary......Page 82
3 Applied Auditing and Audit Vault......Page 84
An Era of Governance......Page 85
The Audit Data Warehouse......Page 86
What to Audit and When to Audit......Page 90
The Audit Warehouse Becomes the Audit Vault......Page 95
Installation Options......Page 97
Summary......Page 115
Part II: Oracle Database Vault......Page 118
4 Database Vault Introduction......Page 120
The Security Gap......Page 121
Database Vault Components......Page 127
Installing Oracle Database Vault......Page 132
Summary: Database Vault Is Differentiating Security......Page 143
5 Database Vault Fundamentals......Page 144
Realms......Page 145
Command Rules......Page 163
Rule Sets......Page 174
Factors......Page 184
DBV Secure Application Roles......Page 221
Summary......Page 225
6 Applied Database Vault for Custom Applications......Page 226
Notional Database Applications Environment......Page 227
Requirements Technique: Use Cases and Scenarios......Page 229
Identify Coarse-Grained Security Profile......Page 232
Identify Fine-Grained Security Profile......Page 235
Identify DBV Factors Based on Business or System Conditions......Page 236
Identify DBV Realms and Realm Objects Based on Objects......Page 251
Identify Accounts, Roles, and DBV Realm Authorizations from Use Case Actors......Page 255
Establish DBV Command Rules from Conditions......Page 294
Establish DBV Secure Application Roles from Conditions......Page 308
Summary......Page 311
7 Applied Database Vault for Existing Applications......Page 314
Audit Capture Preparation......Page 315
Capturing Audits......Page 316
Analyzing the Audit Trail......Page 317
Integrating DBV with Oracle Database Features......Page 356
Advanced Monitoring and Alerting with a DBV Database......Page 371
Summary......Page 379
Part III: Identity Management......Page 382
8 Architecting Identity Management......Page 384
Understanding the Problem with Identity Management......Page 385
Architecting Identity Management......Page 387
Oracle Identity Management Solutions......Page 399
Summary......Page 410
9 Oracle Identity Manager......Page 412
Oracle Identity Manager Overview......Page 413
User Provisioning Processes......Page 417
User Provisioning Integrations......Page 424
Reconciliation Integrations......Page 425
Compliance Solutions......Page 426
OIM Deployment......Page 429
Summary......Page 430
10 Oracle Directory Services......Page 432
Oracle Internet Directory......Page 433
Directory Virtualization and Oracle Virtual Directory......Page 436
OVD Applied......Page 440
Summary......Page 457
Part IV: Applied Security for Oracle APEX and Oracle Business Intelligence......Page 458
11 Web-centric Security in APEX......Page 460
Introduction to the APEX Environment......Page 461
Securing an APEX Instance......Page 466
Protecting the APEX Database Schemas......Page 483
Summary......Page 486
12 Secure Coding Practices in APEX......Page 488
Authentication and Authorization......Page 489
SQL Injection......Page 499
Cross-site Scripting......Page 503
Leveraging Database Security Features......Page 510
Summary......Page 523
13 Securing Access to Oracle BI......Page 524
The Challenge in Securing BI......Page 526
What Needs To Be Secured......Page 528
Mechanics of Accessing Data with Oracle BI......Page 529
Authentication and Authorization......Page 537
Single Sign-On......Page 551
Deploying in a Secure Environment......Page 557
Securing the BI Cache......Page 558
Public-facing Applications......Page 559
Summary......Page 560
14 Securing Oracle BI Content and Data......Page 562
Securing Web Catalog Content......Page 563
Conveying Identity to the Database......Page 567
Securing Data Presented by Oracle BI......Page 568
Oracle BI and Database Vault......Page 588
Auditing......Page 590
BI Features with Security Implications......Page 594
Summary......Page 603
A: Using the Oracle BI Examples......Page 606
Users and Groups......Page 607
Database Preparations......Page 608
Database Scripts......Page 609
Credential Store......Page 610
Other BI Publisher Configuration Steps......Page 611
Usage Tracking......Page 612
Oracle BI Tests......Page 613
SH Dashboard......Page 614
Common to All RPDs......Page 615
Internal Authentication......Page 616
Database Authentication......Page 617
LDAP Authentication......Page 618
Summary......Page 619
A......Page 620
C......Page 623
D......Page 624
E......Page 626
G......Page 627
J......Page 628
N......Page 629
O......Page 630
P......Page 632
R......Page 633
S......Page 634
U......Page 636
X......Page 637