Wednesday Dec 18, 2013

Teaser for New eBook on Securing Oracle Database 12c

I am really excited about our new book from the Oracle Database Security team here at Oracle. Securing Oracle Database 12c: A Technical Primer, will be available as an early gift to database and security practitioners around the world this holiday season. Go pre-register for your free copy (code: db12c) of the ebook and as a teaser, here's the Introduction. Enjoy.

Introduction to Oracle Database 12c: A Technical Primer

The problem of securing important information has unfortunately become a familiar one to organizations everywhere. A constant stream of news reports tells of successful attacks that gain access to sensitive data and the legal, economic, and reputational damage that results. Even though the vast majority of sensitive data is stored in relational databases, very little of the information security effort in most organizations is devoted to making those databases secure.

While there are many technologies and products available to improve the security of a database in various ways, what is needed is a brief but comprehensive overview that describes the major threats and appropriate techniques to address them. Attackers can be expected to exploit any available weakness including incorrect configuration of security controls in the database, unpatched operating system vulnerabilities, or compromised user accounts. More indirect methods such as SQL injection or intercepting data on the network are also possible. Truly securing a database system requires consideration of any opening an attacker might use.

Each chapter in this book covers a single threat area, but they are all related. There is no single solution that prevents all methods of attack, and each security mechanism reinforces the others. Defense-in-depth is the only way to effectively combat both threats that are known today and those that will be discovered tomorrow.

We begin with security features available within the database itself.

  • Chapter 1: Controlling Data Access and Restricting Privileged Users describes the fundamental notions of authenticating users and controlling the data that they can access. It covers best practices for determining the access that each user requires and limiting the powers of highly privileged users.
  • Chapter 2: Preventing Direct Access to Data explains the use of encryption to prevent attacks that attempt to gain access to data directly, bypassing the access controls described in the previous chapter.
  • Chapter 3: Advanced Access Control covers more sophisticated access control mechanisms that allow for more precise control. These mechanisms include Virtual Private Database, Oracle Label Security, and Real Application Security.
  • Chapter 4: Auditing Database Activity describes the techniques for maintaining an effective audit trail, which is a vital defense-in-depth technique to detect misuse by privileged users and unexpected violations of the security policies implemented in the previous chapters.

We then broaden the discussion to include external components that improve the security of the database and the data it stores.

  • Chapter 5: Controlling SQL Input explains the use of a specialized database firewall to monitor the SQL statements going to the database. This helps to protect the database against SQL injection attacks launched by Web users
  • Chapter 6: Masking Sensitive Data covers the use of data masking to remove sensitive information from data that is used for test or development purposes. It also describes the use of Data Redaction to dynamically mask the results of queries on production databases.
  • Chapter 7: Validating Configuration Compliance describes the need to evaluate the database configuration against accepted standards and the tools available for performing the evaluation to ensure continued compliance.

Throughout the book, we highlight new features found in Oracle Database 12c. However, the majority of the solutions described in this book are applicable to earlier Oracle Database releases as well.

Pre-Register for the ebook now, it will be available before 2014! 

Use access code "db12c". 

Tuesday Oct 29, 2013

Get the Latest Security Inside Out Newsletter, October Edition

The latest October edition of the Security Inside Out newsletter is now available and covers the following important security news:

Oracle Security Inside Out Newsletter

Securing Oracle Database 12c: A Technical Primer

The new multitenant architecture of Oracle Database 12c calls for adopting an updated approach to database security. In response, Oracle security experts have written a new book that is expected to become a key resource for database administrators. Find out how to get a complimentary copy. 

Read More

HIPAA Omnibus Rule Is in Effect: Are You Ready?

On September 23, 2013, the HIPAA Omnibus Rule went into full effect. To help Oracle’s healthcare customers ready their organizations for the new requirements, law firm Ballard Spahr LLP and the Oracle Security team hosted a webcast titled “Addressing the Final HIPAA Omnibus Rule and Securing Protected Health Information.” Find out three key changes affecting Oracle customers. 

Read More

The Internet of Things: A New Identity Management Paradigm

By 2020, it’s predicted there will be 50 billion devices wirelessly connected to the internet, from consumer products to highly complex industrial and manufacturing equipment and processes. Find out the key challenges of protecting identity and data for the new paradigm called the Internet of Things. 

Read More

Monday Sep 16, 2013

Limited Time Complimentary eBook, Securing Oracle Database 12c


Securing Oracle Database 12c: A Technical Primer

Pre-register For Your Copy Now

With the launch of Oracle Database 12c, securing your databases is more important than ever. For a limited time you can pre-register for a new complimentary eBook and learn about Oracle Database Security from the experts who brought you the #1 database in the world.

Are you an Oracle DBA who wants to protect your databases? The new ebook, Securing Oracle Database 12c: A Technical Primer, will be the book that database administrators will want to turn to for their database security questions.

For a limited time, Oracle Press will be offering this book free of charge, so pre-register for your copy now.

About

Who are we?

Follow us on

  • TwitterFacebookLinkedIn

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
2
3
4
5
6
7
8
9
10
12
13
15
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today