Course Description

This course will cover detailed Oracle Security such as common users, TDE, data redaction and Database Vault

Prerequisites

Required: Basic IT and computer skills.  Basic analytic or programming skills.

Number of Days & Format

Download Outline


Number of Days:  3 days

Format:  Instructor lead (in person), remote, training on-demand

Course curriculum

  • 1
    Basic Database Security
    • Start of Class Survey
    • Creating a password profile
    • LAB01. Creating a password profile
    • Creating password-authenticated users
    • LAB02. Creating password-authenticated users
    • Changing a user's password
    • LAB03. Changing a user's password
    • Creating a user with the same credentials on another database
    • LAB04. Creating a user with the same credentials on another database
    • Locking a user account
    • LAB05. Locking a user account
    • Expiring a user's password
    • LAB06. Expiring a user's password
    • Creating and using OS-authenticated users
    • LAB07. Creating and using OS-authenticated users
    • Creating and using proxy users
    • LAB08. Creating and using proxy users
    • Creating and using database roles
    • LAB09. Creating and using database roles
    • The sysbackup privilege – how, when, and why should you use it?
    • LAB10. The sysbackup privilege – how, when, and why should you use it?
    • The syskm privilege – how, when, and why should you use it?
    • LAB11. The syskm privilege – how, when, and why should you use it?
    • The sysdg privilege – how, when, and why should you use it?
    • LAB12. The sysdg privilege – how, when, and why should you use it?
    • Mid-Course Survey
  • 2
    Security Considerations in Multitenant Environment
    • Creating a common user
    • LAB01. Creating a common user
    • Creating a local user
    • LAB02. Creating a local user
    • Creating a common role
    • LAB03. Creating a common role
    • Creating a local role
    • LAB04. Creating a local role
    • Granting privileges and roles commonly
    • LAB05. Granting privileges and roles commonly
    • Granting privileges and roles locally
    • LAB06. Granting privileges and roles locally
    • Effects of plugging/unplugging operations on users, roles, and privileges
    • LAB07. Effects of plugging/unplugging operations on users, roles, and privileges
  • 3
    PL/SQL Security
    • Creating and using definer's rights procedures
    • LAB01. Creating and using definer's rights procedures
    • Creating and using invoker's right procedures
    • LAB02. Creating and using invoker's right procedures
    • Using code-based access control
    • LAB03. Using code-based access control
    • Restricting access to program units by using accessible by
    • LAB04. Restricting access to program units by using accessible by
  • 4
    Virtual Private Database
    • Creating different policy functions
    • LAB01. Creating different policy functions
    • Creating Oracle Virtual Private Database row-level policies
    • LAB02. Creating Oracle Virtual Private Database row-level policies
    • Creating column-level policies
    • LAB03. Creating column-level policies
    • Creating a driving context
    • LAB04. Creating a driving context
    • Creating policy groups
    • LAB05. Creating policy groups
    • Setting context as a driving context
    • LAB06. Setting context as a driving context
    • Adding policy to a group
    • LAB07. Adding policy to a group
    • Exempting users from VPD policies
    • LAB08. Exempting users from VPD policies
  • 5
    Data Redaction
    • Creating a redaction policy when using full redaction
    • LAB01. Creating a redaction policy when using full redaction
    • Creating a redaction policy when using partial redaction
    • LAB02. Creating a redaction policy when using partial redaction
    • Creating a redaction policy when using random redaction
    • LAB03. Creating a redaction policy when using random redaction
    • Creating a redaction policy when using regular expression redaction
    • LAB04. Creating a redaction policy when using regular expression redaction
    • Using Oracle Enterprise Manager Cloud Control 12c to manage redaction policies
    • LAB05. Using Oracle Enterprise Manager Cloud Control 12c to manage redaction policies
    • Changing the function parameters for a specified column
    • LAB06. Changing the function parameters for a specified column
    • Add a column to the redaction policy
    • LAB07. Add a column to the redaction policy
    • Enabling, disabling, and dropping redaction policy
    • LAB08. Enabling, disabling, and dropping redaction policy
    • Exempting users from data redaction policies
    • LAB09. Exempting users from data redaction policies
  • 6
    Transparent Sensitive Data Protection
    • Creating a sensitive type
    • LAB01. Creating a sensitive type
    • Determining sensitive columns
    • LAB02. Determining sensitive columns
    • Creating transparent sensitive data protection policy
    • LAB03. Creating transparent sensitive data protection policy
    • Associating transparent sensitive data protection policy with sensitive type
    • LAB04. Associating transparent sensitive data protection policy with sensitive type
    • Enabling, disabling, and dropping policy
    • LAB05. Enabling, disabling, and dropping policy
    • Altering transparent sensitive data protection policy
    • LAB06. Altering transparent sensitive data protection policy
  • 7
    Privilege Analysis
    • Creating database analysis policy
    • LAB01. Creating database analysis policy
    • Creating role analysis policy
    • LAB02. Creating role analysis policy
    • Creating context analysis policy
    • LAB03. Creating context analysis policy
    • Creating combined analysis policy
    • LAB04. Creating combined analysis policy
    • Starting and stopping privilege analysis
    • LAB05. Starting and stopping privilege analysis
    • Reporting on used system privileges
    • LAB06. Reporting on used system privileges
    • Reporting on used object privileges
    • LAB07. Reporting on used object privileges
    • Reporting on unused system privileges
    • LAB08. Reporting on unused system privileges
    • Reporting on unused object privileges
    • LAB09. Reporting on unused object privilege
    • How to revoke unused privileges
    • LAB10. How to revoke unused privileges
    • Dropping the analysis
    • LAB11. Dropping the analysis
  • 8
    Transparent Data Encryption
    • Configuring keystore location in sqlnet.ora
    • LAB01. Configuring keystore location in sqlnet.ora
    • Creating and opening the keystore
    • LAB02. Creating and opening the keystore
    • Setting master encryption key in software keystore
    • LAB03. Setting master encryption key in software keystore
    • Column encryption - adding new encrypted column to table
    • LAB04. Column encryption - adding new encrypted column to table
    • Column encryption - creating new table that has encrypted column(s)
    • LAB05. Column encryption - creating new table that has encrypted column(s)
    • Using salt and MAC
    • LAB06. Using salt and MAC
    • Column encryption - encrypting existing column
    • LAB07. Column encryption - encrypting existing column
    • Auto-login keystore
    • LAB08. Auto-login keystore
    • Encrypting tablespace
    • LAB09. Encrypting tablespace
    • Rekeying
    • LAB10. Rekeying
    • Backup and Recovery
    • LAB11. Backup and Recovery
  • 9
    Database Vault
    • Registering Database Vault
    • LAB01. Registering Database Vault
    • Preventing users from exercising system privileges on schema objects
    • LAB02. Preventing users from exercising system privileges on schema objects
    • Securing roles
    • LAB03. Securing roles
    • Preventing users from executing specific command on specific object
    • LAB04. Preventing users from executing specific command on specific object
    • Creating a rule set
    • LAB05. Creating a rule set
    • Creating a secure application role
    • LAB06. Creating a secure application role
    • Using Database Vault to implement that administrators cannot view data
    • LAB07. Using Database Vault to implement that administrators cannot view data
    • Running Oracle Database Vault reports
    • LAB08. Running Oracle Database Vault reports
    • Disabling Database Vault
    • LAB09. Disabling Database Vault
    • Re-enabling Database Vault
    • LAB10. Re-enabling Database Vault
  • 10
    Unified Auditing
    • Enabling Unified Auditing mode
    • LAB01. Enabling Unified Auditing mode
    • Configuring whether loss of audit data is acceptable
    • LAB02. Configuring whether loss of audit data is acceptable
    • Which roles do you need to have to be able to create audit policies and to view audit data?
    • LAB03. Which roles do you need to have to be able to create audit policies and to view audit data?
    • Auditing RMAN operations
    • LAB04. Auditing RMAN operations
    • Auditing Data Pump operations
    • LAB05. Auditing Data Pump operations
    • Auditing Database Vault operations
    • LAB06. Auditing Database Vault operations
    • Creating audit policies to audit privileges, actions and roles under specified conditions
    • Creating audit policies to audit privileges, actions and roles under specified conditions
    • LAB07. Creating audit policies to audit privileges, actions and roles under specified conditions
    • Enabling audit policy
    • LAB08. Enabling audit policy
    • Finding information about audit policies and audited data
    • LAB09. Finding information about audit policies and audited data
    • Auditing application contexts
    • LAB10. Auditing application contexts
    • Purging audit trail
    • LAB11. Purging audit trail
    • Disabling and dropping audit policies
    • LAB12. Disabling and dropping audit policies
  • 11
    Additional Topics
    • Exporting data using Oracle Data Pump in Oracle Database Vault environment
    • LAB01. Exporting data using Oracle Data Pump in Oracle Database Vault environment
    • Creating factors in Oracle Database Vault
    • LAB02. Creating factors in Oracle Database Vault
    • Using TDE in a multitenant environment
    • LAB03. Using TDE in a multitenant environment
  • 12
    Appendix – Application Contexts
    • Exploring and using built-in contexts
    • LAB01. Exploring and using built-in contexts
    • Creating an application context
    • LAB02. Creating an application context
    • Setting application context attributes
    • LAB03. Setting application context attributes
    • Using an application context
    • LAB04. Using an application context
    • End of Course Survey
  • 13
    Resources
    • Resources

Instructor(s)