Oracle Security Best Practices
Paul M. Wright
Retail Price $69.95 / £57.95
ISBN 13 978-0977671526
|Library of Congress Number 2007930081|
|320 pages - Perfect bind - 9x7||PD 508|
|Shelving: Database/Oracle||Oracle in-Focus: Series # 26|
|Today’s Oracle professionals are challenged to protect their mission-critical data from many types of threats. Electronic data is being stolen is record amounts, and criminals are constantly devising sophisticated tools to breech your Oracle firewall.
With advanced Oracle Forensics we can now proactively ensure the safety and security of our Oracle data, and all Oracle Forensics techniques are part of the due diligence that is required for all production databases. A failure to apply Forensics techniques to identify unseen threats can lead to a disaster, and this book is required reading for every Oracle DBA.
This indispensable book is authored by Paul Wright, the world’s top Oracle forensics expert, and the father of the field of Oracle Forensics. Packed with insights and expert tips, this is the definitive reference for all Oracle professional who are charged with protecting their valuable corporate information.
* Ensure that your mission-critical Oracle data is safe and secure.
* Learn advanced Oracle forensics techniques. Isolate and remove Oracle vulnerabilities.
* See how to prevent SQL injection attacks.
This book is a first of its kind and represents a comprehensive solution to the problems raised by Black-hat Oracle researchers. This definitive reference is the defining union of two proven commercial areas of computer practice and delivers a proven method to ensure that their Oracle servers and processes are secure from outside attack.
Oracle Forensics offers a way to ascertain vulnerability at a technical level which can be automated and built into your current processes. Furthermore this vulnerability can be measured retrospectively in order to gain a metric for risk over a time period that can be compared year after year.
Given the difficulty of patching in many circumstances, the skill of measuring risk can be very useful during planning phases and budget allocation. Running Oracle servers without completely up-to-date patch levels may allow production to carry on unhindered in some cases, but preparation in terms of knowing how best to react in case of an incident is crucial both for compliance but also to keep the companies name out of the media and courtroom in future.
This book will show the reader how to ascertain past vulnerability to zero-days, techniques for patching activity and how to react to an security breach using forensic techniques translated to Oracle databases. Our journey will be illustrated with realistic examples using coded PL/SQL utilities to automate the process as well as new forensic tools for database analysis.
* Develop an automated framework for accessing database security.
* Learn how to handle an incident on an Oracle database forensically.
* Correlate vulnerability information with log data onto an Oracle timeline to allow after the fact analysis.
* Quantify risk by calculating the time for which packages have been vulnerable.
* Learn how test for new vulnerabilities.
* Learn how to forensically identify PL/SQL packages that are vulnerable to SQL Injection.
* Forensically identify past patching activity by the DBA and current Patch level using PL/SQL Scripts.