Oracle Information InDepth

DATABASE INSIDER EDITION

Oracle Database 12c
Oracle Database 12c Plug into the Cloud

Stay Connected

Oracle Blog Oracle on Twitter Oracle on Facebook Oracle on Youtube Oracle on LinkedIn

February 2014

Subscribe Subscribe Forward Forward
 

Back to the main page

New E-Book: Technical Primer for Securing Oracle Database 12c

Oracle Database 12c represents a profound shift in database technology and includes a multitude of new and improved security features. With the cost of data loss growing as customers store increasing amounts of sensitive information, how can administrators understand and effectively utilize the capabilities provided by Oracle Database to secure their data and improve controls?

Oracle security experts have written a new book for database administrators and security professionals who want to learn how to secure Oracle Databases. Written by Oracle's Paul Needham and Scott Rotondo, along with Independent Oracle Users Group President Michelle Malcher, Securing Oracle Database 12c: A Technical Primer, is available as a free download.

"In order to make a database secure, you first have to understand how it can be attacked. Keeping in mind all of the threats and all of the methods to counter them can get pretty complex," says Scott Rotondo, consulting member of technical staff at Oracle. "What we set out to do in this book is to provide a brief but comprehensive overview that explains the appropriate techniques to address the major threats. We also give some practical advice about relatively easy ways to secure a database system."

Each chapter provides practical insight into Oracle Database capabilities.

  • Controlling Data Access and Restricting Privileged Users describes the fundamental notions of authenticating users and controlling the data that they can access. It covers best practices for determining the access that each user requires and limiting the powers of highly privileged users.

  • Preventing Direct Access to Data explains the use of encryption to prevent attacks that attempt to gain access to data directly, bypassing access controls.

  • Advanced Access Control covers more sophisticated access control mechanisms that allow for more precise control. These mechanisms include Oracle Virtual Private Database, Oracle Label Security, and real application security.

  • Auditing Database Activity describes the techniques for maintaining an effective audit trail, which is a vital defense-in-depth technique to detect misuse by privileged users and unexpected violations of security policies.

  • Controlling SQL Input explains the use of a specialized database firewall to monitor the SQL statements going to the database. This helps protect the database against SQL injection attacks launched by web users.

  • Masking Sensitive Data covers the use of data masking to remove sensitive information from data that is used for test or development purposes. It also describes the use of data redaction to dynamically mask the results of queries on production databases.

  • Validating Configuration Compliance describes the need to evaluate the database configuration against accepted standards, and the tools available for performing the evaluation to ensure continued compliance.
"As data growth soars in multitenant environments, valuable data is targeted by hackers and attackers—and is scrutinized by auditors more than ever," says Vipin Samar, vice president, database security product development, Oracle. "It's imperative that customers take advantage of the new security capabilities in Oracle Database 12c to protect their data and database infrastructure."

Download your free copy of Securing Oracle Database 12c: A Technical Primer.
Back to Top
 
 

Please send questions or comments to newsletter_feedback_us@oracle.com.

This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor is it subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.

Copyright © 2014, Oracle and/or its affiliates. All rights reserved.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.

  Hardware and Software, Engineered to Work Together

Contact Us | Legal Notices and Terms of Use | Privacy

 
Oracle Corporation

NSL100270988

Oracle Corporation - Worldwide Headquarters, 500 Oracle Parkway, OPL - E-mail Services, Redwood Shores, CA 94065, United States

Your privacy is important to us. You can login to your account to update your e-mail subscriptions or you can opt-out of all Oracle Marketing e-mails at any time.

Please note that opting-out of Marketing communications does not affect your receipt of important business communications related to your current relationship with Oracle such as Security Updates, Event Registration notices, Account Management and Support/Service communications.