ORACLE DATABASE SECURITY

Presented by Wilson Crider

Introduction/Objectives
The focus of the session is the security features of Oracle 9i with an emphasis on reviewing database security configuration. The session will include a discussion of the Oracle database terminology, risk areas, security features, and sample table contents. In addition, the session will provide additional references and sample audit steps/programs. After the session, the IT auditor should be able to perform a security review of an Oracle database. This session will not allow the auditor to perform an Oracle application review.

Overview
Oracle Architecture Oracle Database Objects/Terminology Oracle Database Security Features Operating System Security Network Security SQL Basics Examples Reference Materials Summary Questions

Oracle Architecture
Oracle Database Structures Physical Database Structures Oracle Processes Oracle Memory Structures Trusted Relationships

Oracle Database Structures

Instance - collection of processes and utilities used to update, retrieve, and manage the data includes processes and system global area (SGA) memory a memory resident file Database - collection of files that store and organize data Tablespace - logical collection of data files; comprised of segments Segments - hold various types of data (e.g., tables, indexes, rollback); comprised of extents Extents - logical data entity; comprised of data blocks Blocks - smallest unit of data used by Oracle. Block size is determined when the database is first created

Key Point
Block size affects the efficiency of the database operation. The database administrator should determine the optimum block size considering operating system file system buffer size and database usage.

Tablespaces
System tablespace - includes system data needed by the database to manage data includes data dictionary Temp tablespace - temporary clipboard used to manage transactions such as sorting data from an ORDER BY clause in a query Tools tablespace - stores objects used by tools that interact with the database Users tablespace - stores a personal users objects Rollback tablespace - stores rollback segments; rollback segments are used by the database to roll back data (i.e., a transaction failure or user command to undo any uncommitted changes) Data and index tablespaces - store application data

Physical Database Structures

Oracle data files - all files that store the database data includes rollback segments, redo logs, audit files and files that form basis for tablespaces and indexes. Typically have dbf extension Oracle software files - typically hold the database servers binary code and all other program code together constitute the database functionality includes library, Java and listener files Parameter files - store configuration information about the database server and the database instance includes location of control files, log files and init.ora file Control files - small binary file that contains information about the database instance and is needed to start the database. All major changes to the structure of the database are recorded in the control file Log/trace files- log files contain sequential list of all changes to database; files trace files are generated by the database to facilitate troubleshooting. The file alert.out stores any server messages that are generated by the database server

Oracle Database Files

Init.ora - generic name of start-up parameter file for Oracle. File is read every time an Oracle database is opened to set a number of parameters including control backup and recovery, transaction journaling, security and audit logging, performance attributes and file locations. In addition, the server parameter file (SPFILE) may be used to set initialization parameters.

Key Point
The ALTER SYSTEM command can be used to dynamically change system settings without restarting the database. The current system settings can be viewed in either the V$PARAMETER (init.ora) or V$SPPARAMETER (SPFILE) view at any time or by executing the SHOW PARAMETERS command.

Oracle Database Files

The control files (named CONTROL_nn.CTL) are the key files that the Oracle DBMS maintains about the state of the database and includes: Checkpoint progress records Redo thread records Log file records Data file records Tablespace records Log file history records Archived log records Backup set and data file copy records

Key Point
If the control file is corrupt or missing, it is very difficult to start the database instance. It is good practice to have at least two copies of the control file.

Oracle Directory Structure

\Oracle \Oracle\Admin - contains pfile (parameter files), bdump, cdump, udump \Oracle\Ora92 - contains Oracle Home \Oracle\Ora92\Bin - contains executables \Oracle\Ora92\Network - contains update for Oracle Net \Oracle\Oradata - contains data files \Oracle\RDBMS - contains auditing files

Oracle Processes
Each instance has a set of processes that interacts only with the data files associated with that particular instance. On UNIX systems, Oracle processes are referred to as background processes. On Microsoft NT/2000 systems, Oracle processes run as threads within a single system process.

Processes
DBWn - writes data to the data files; up to ten of these can exist LGWR - reads and writes to the redo logs PMON - monitors for user sessions that are prematurely disconnected and handles cleanup SMON - manages database recovery that may be required at startup ARCO - copies redo log files to the archive file destination CKPT - keeps track of the latest redo log files used, which are used during a database recovery RECO - handles distributed transactions that have failed LCK0 - manages instances in a parallel server configuration SNPn - runs jobs from the database job queue, where n=1-10 QMNn - manages message queues, where n=1-10

Key Point
It is important to ensure that the key database processes are running on the database server. The termination of these processes can lead to availability, recoverability and connectivity issues. In many client environments, the monitoring of operating system processes is handled by system administrators and does not fall under the responsibility of database administrators. In these environments, it is imperative that database administrators ensure that there is an automated system in place to monitor key database system processes and notify appropriate personnel in the event that they are not running.

Oracle Memory Structures

System Global Area (SGA) stores pertinent information about instance Program Global Area (PGA) contains data and control information for a single process; used by a single Oracle process and is not shared among processes

System Global Area

Database buffer cache memory buffers that the database can use to hold data that the server process reads from the data files on disk in response to users requests Shared pool holds executable PL/SQL code and SQL statements, as well as information regarding the data dictionary tables Library cache component of shared pool holding already parsed and ready-to-execute form of SQL statements; shared by all database users Data Dictionary cache component of shared pool primarily contains object definitions, usernames, roles, and privileges Redo log buffer holds redo data prior to its writing to the redo logs

Oracle Database Objects/Terminology

Schema - A collection of logical structures of data, or schema objects. A schema is owned by a database user and has the same name as that user. Database links - An object that resides in the local database and uniquely defines the path to the remote database. A DBLink is required for a local database to connect to a remote database. Indexes - A database object that provides fast access to individual rows in a table. Once created are automatically maintained and used for data access by the database engine whenever possible. Sequences - A schema object that generates sequential numbers. After creating a sequence, you can use it to generate unique sequence numbers for transaction processing. Synonyms - An alias for a table, view, sequence or program unit. A synonym is not actually an object itself; rather, it is a direct reference to its base object.

Oracle Database Objects/Terminology (cont.)

Stored Procedures - A set of SQL and PL/SQL statements grouped together as an executable unit to perform a specific task. Unlike functions, procedures do not return a value to the caller. Triggers - similar to stored procedures (collection of SQL statements) but are embedded in the database and activated when certain conditions are met Functions - A PL/SQL subprogram that executes an operation and returns a single value at the completion of the operation. A function can be either built-in or user-named. Packages - A method of encapsulating and storing related procedures, functions and other package constructs together as a unit in the database. While packages provide the database administrator or application developer organizational benefits, they also offer increased functionality and database performance.

Oracle Database Objects/Terminology (cont.)

Tables - The basic unit of storage in a relational database management system. A table represents entities and relationships and consists of one or more units of information (rows) each of which contains the same kinds of values (columns). Clusters - Two or more tables that are physically stored together to take advantage of similar columns between the tables Snapshots - Copies of tables or views. Views - Tailored presentation of the data contained in one or more tables. A view is defined using a query and can be thought of as a stored query or virtual table. Columns - Fields of the table. Rows - Records of the table.

Trusted Relationships
Trusted relationships are defined between databases using database links (DBLINK). The following types of links exist: Public - Anyone within the database can use these. Private - Only the users or subprograms linked to the owner of the private link can use these to access a remote database. Global - All of the users and subprograms in any database can access and use these.

DBLINKS
When database links are created, they may be defined with or without an account and password. If the link is defined without an account and password,the local database will attempt to connect to the remote database using the users account and password.

Key Point
When a DBLINK with an account and password is created, the account and password information is stored in cleartext in the SYS.LINK$ table. If the O7_DICTIONARY_ACCESSIBILITY parameter is set to TRUE, any user who has been granted the SELECT ANY TABLE privilege could obtain the account/password combinations from the SYS.LINK$ table. A malicious user could then use these credentials to compromise the remote database.

Key Point
Oracle provides the functionality to encrypt the login that is passed from the local to the remote database over the database link. This is set in the init.ora file when the DBLINK_ENCRYPT_LOGIN parameter is set to True.

Oracle Database Security Features

Identification/Authentication Accounts/Passwords Privileges Roles Profiles Fine Grained Data Security Encryption Auditing

Identification/Authentication
The databases primary identification and authentication mechanism is username and password. For users identified in the database, there are the following authentication choices: Passwords either by the database or the Oracle LDAP directory External/Strong Oracle supports operating system and strong authentication including PKI certificates, Kerberos, DCE, and RADIUS. The RADIUS standard extends the authentication capabilities to include token cards, biometrics, and smart cards. Proxy uses the OCI connection pool and the getProxyConnection connection method which does not require the users password.

Database Authentication
Database authentication is performed by comparing the username and password supplied by the user with the list of usernames and associated passwords maintained by Oracle in the SYSTEM.DBA_USERS table.

Operating System Authentication

Oracle may also authenticate users by matching user accounts at the operating system level with the usernames in the database. To use operating system authentication, the configuration parameter os_authent_prefix in the init.ora file must be set. The default value is OPS$.

Key Point
Shared server configurations that use Oracle Net cannot use operating system authentication unless the remote_os_authent parameter in the init.ora files is set to true. By default, the remote_os_authent is set to false because the risk of allowing remote authentication is high. Any administrator can create a user with a username and be connected to the database account corresponding to the username.

Proxy Authentication
The application first establishes the connection pool to the database via the proxy account. The proxy account is the account configured simply to allow the physical database connections (connection pool) to be established.

Accounts/Passwords
Oracle creates a number of default accounts during the database creation process.

Key Point
Oracle recommends that you lock and expire all default user accounts except SYS and SYSTEM. Exceptions - DBSNMP should not be locked if you are using Intelligent Agent, and OUTLN should not be locked if you are using stored outlines.

Key Point
A complete listing of database accounts may be obtained by querying the SYSTEM.DBA_USERS view.

Key Point
The following is a list of default accounts and their associated default passwords: SYS (CHANGE_ON_INSTALL) SYSTEM (MANAGER) CTXSYS (CTXSYS) MDSYS (MDSYS) DBSNMP (DBSNMP) DEMO (DEMO8) SCOTT (TIGER) ORDSYS (ORDSYS) OUTLN (OUTLN)

Passwords
Oracle stores passwords in the database in a hashed form using a DES-based, oneway encryption mechanism which creates a 16 character alphanumeric password (uppercase only).

Key Point
Due to Oracles authentication process, it is possible to create accounts that cannot be logged into the database. This is accomplished by using the IDENTIFIED BY VALUES clause to set an Impossible password. By setting the account with a plain text value password, Oracle is unable to generate a hashed password value that would match the plain text value.

Privileges
Privileges allow users to perform specific actions in the database. There are two types of privileges: Object Privileges - allow the user to have access to the data within an object or execute a stored program System Privileges - allow the user to logon to the system and create or manipulate objects

Object Privileges
ALTER - Change the definition of a table. DELETE - Delete records from a table or view. EXECUTE - Run stored procedures and functions. INDEX - Create an index on a table. INSERT - Add records to a table or view. READ - Allow the user to view from a directory. REFERENCE - Create a reference to a table. SELECT - Query the data in a table or view. UPDATE - Modify the data in a table or view.

Key Point
A listing of object privileges granted may be obtained from the SYS.DBA_TAB_PRIVS view.

Key Point
The WITH GRANT option allows the account granted the privilege to grant the privilege to other accounts. Instead of granting privileges to individual accounts, the privileges should be granted to roles and only those roles responsible for database security administration should be allowed to grant privileges.

System Privileges
Refer to Word document for a complete listing of system privileges.

Key Point
A listing of granted system privileges may be obtained from the SYS.DBA_SYS_PRIVS view.

Key Point
The WITH ADMIN option allows the account granted the privilege to grant the privilege to other accounts. Instead of granting privileges to individual accounts, the privileges should be granted to roles and only those roles responsible for database security administration should be allowed to grant privileges.

Roles
Named group of related privileges that are granted to users or other roles.

Default Roles
CONNECT - allows user to log into the database, create objects and perform exports RESOURCE - grants users the privilege necessary to create procedures, triggers DBA - allows users virtually unlimited privileges IMP_FULL_DATABASE - allows individuals to become users so their user objects can be imported into the appropriate schema area EXP_FULL_DATABASE - allows users to execute any exported packages listed in the recovery catalog SELECT_CATALOG_ROLE - allows users to select rows from all exported recovery catalog views and tables EXECUTE_CATALOG_ROLE - allows users to execute any exported packages listed in the recovery catalog DELETE_CATALOG_ROLE - allows users to delete rows from the SYS.AUD$ table

Key Point
A listing of defined roles may be obtained from the SYSTEM.DBA_ROLES view. In addition, a listing of assigned roles may be obtained from the SYS.DBA_ROLE_PRIVS view and the privileges granted from the SYS.ROLE_SYS_PRIVS and SYS.ROLE_TAB_PRIVS views.

Password-Protected Roles
Oracle provides the ability to control the enabling of a role using passwords. The primary use case for password-protected roles is prohibiting users from gaining privileges unless they are accessing the database from a specific application. The application knows the roles password, but the users do not.

Password-protected roles may be identified in the SYS.DBA_ROLES table where the PASSWORD_REQUIRED column is yes.

Profiles
Allows for imposing of resource limits and access controls over a group of users.

Profile Parameters
COMPOSITE_LIMIT - Total resource cost for a session. The resource cost is the weighted sum of the CPU time used in the session, the connect time, the number of reads made in the session and the amount of private SGA space allocated. SESSIONS_PER_USER - This is the maximum number of allowable concurrent sessions on an individual user basis. CPU_PER_SESSION - Total amount of CPU time allowed in a session. The limit is expressed in seconds. CPU_PER_CALL - Maximum amount of CPU time allowed for a call (a parse, execute or fetch). The limit is expressed in seconds. LOGICAL_READS_PER_SESSION - Total number of data block reads allowed in a session. Limit includes block reads from memory and disk. LOGICAL_READS_PER_CALL - Maximum number of data block reads allowed for a call (a parse, execute or fetch) to process an SQL statement. IDLE_TIME - Maximum idle time allowed in a session. Idle time is a continuous period of inactive time during a session. Long-running queries and other operations are not subject to this limit. The limit is expressed in minutes. PRIVATE_SGA - Maximum amount of private space a session can allocate in the shared pool of the system global area (SGA). The private SGA limit applies only if using the multithreaded server architecture. The limit is expressed in kilobytes (Kb). CONNECT_TIME - Maximum elapsed time allowed for a session. The limit is expressed in minutes.

Profile Parameters (cont)

FAILED_LOGIN_ATTEMPTS - The number of failed login attempts that must occur before an account is locked. PASSWORD_LIFE_TIME - The number of days the same password may be used before a connection is denied. PASSWORD_REUSE_TIME - The number of days that must pass before a password can be reused. If PASSWORD_REUSE_TIME is used then PASSWORD_REUSE_MAX must be set to unlimited. PASSWORD_REUSE_MAX - The number of times a password must be changed before the password can be reused. If PASSWORD_REUSE_MAX is used then PASSWORD_REUSE_TIME must be set to unlimited. PASSWORD_VERIFY_FUNCTION - Identifies the name of a function used to evaluate the complexity of a password. It is located in user profiles. By default, this is not enabled. PASSWORD_LOCK_TIME - The number of days a user account will be locked out if FAILED_LOGIN_ATTEMPTS limit is exceeded. By setting the default value to unlimited, the account will not unlock automatically. PASSWORD_GRACE_TIME - The number of days before a password expires.

Key Point
If a user is not assigned a profile, Oracle assigns the default profile which has all the parameters set to unlimited. The profile parameters should be set to comply with security policy.

Fine Grained Data Security

Traditionally, security policies were applied to entire applications. Users were given roles or privileges, based on which they could access the tables in the application. This always left open the possibility of users using tools such as SQL*Plus to go around the applications security protocols. Furthermore, application-level security enforcement meant you had to manage security policy for each user in the system for access to all the tables in the database. Starting with Oracle9i, Fine Grained Access Control (FGAC) enables you to restrict Oracle users only to the data that you want them to access and modify. For example, in an employee table, you can restrict a manager to data pertaining to just his or her department.

Key Point
The EXEMPT ACCESS POLICY system privilege allows privileged users to bypass row level security (RLS) policies. This may be necessary for database backup and recovery, but it can also be a security risk.

Fine Grained Data Security (cont.)

Fine Grained Data Security is implemented by defining: A package to set application context An application context A package to access application context A security policy

Package to set application context

A set of PL/SQL statements to set the value for the user of the attribute to be checked. For example, select the users department ID.

Application Context
An application context is a set of namevalue pairs, held in memory, which can be defined, set, and retrieved by users and applications. Related values can be grouped together. The group is collectively defined and accessed by its name and namespace.

USERENV namespace
Oracle uses a built-in application context namespace called USERENV which has a set of predefined session attributes attached to it.

USERENV attributes
Instance - Instance ID EntryID - Auditing entry identifier Current_user - Name of the user who started the session Session_user - Database username by which the current user is authenticated Proxy_user - Name of the midle tier that opened a session for the session_user Db_name - Name of the database Host - Name of the machine on which the database is running Os_user - Operating system account name Terminal - Client terminal through which the database is being accessed Ip_address - IP address of the client machine External_name - External name of the database user

Package to access application context

A set of PL/SQL statements defining the statements that perform the attribute check. The defined statements are appended to the SQL statements. For example, d_predicate := department_id=SYS_CONTEXT(employee_info,dept_ num) Where employee_info is the application context and dept_num is the package to set the application context

Security Policy
A security policy associates the package to the data objects to be protected. This process is done by registering the previously defined package against the tables, view, or synonyms you want to protect by using the DBMS_RLS PL/SQL package.

Key Point
You can obtain a listing of all policies by querying the DBA_POLICIES view. In addition, the ALL_POLICIES and USER_POLICIES views provide information on defined policies.

Oracle Policy Manager

The Oracle Policy Manager is used to implement and create fine grained security policies.

Label-Based Access Control

Oracle allows you to label parts of your data. Users are then granted privileges to access only the data with certain labels. Label security includes the following key components: Level Relates to the information classification of the data. Compartment Used to categorize data. For example, data can be categorized by business unit or geographical area. Group Used to designate the owner of the data. This designation can be hierarchical.

Encryption
Database encryption Network encryption Encrypted Passwords

Database Encryption
Oracle provides an out-of-the-box solution for encryption, referred to as the DBMS_OBFUSCATION_TOOLKIT. This solution provides two PL/SQL procedures, DESEncrypt and DESDecrypt, to encrypt and decrypt data. The toolkit uses DES algorithm to encrypt data. DES is a symmetrical encryption algorithm and requires a shared/secret key to encrypt and decrypt data. Therefore, it is paramount to protect the key.

Network Encryption
Oracle provides a seamless and transparent encryption process for all database data as it moves through the network between the application and the Oracle database. The benefits of implementing Oracles network encryption capabilities: The algorithm negotiation feature supports the concurrent use of different encryption algorithms with different key sizes for various clients. This flexibility means that security and performance can be accomplished simultaneously. The encryption remains transparent to the applications that utilize it. The encryption process incurs little overhead costs.

Encrypted Passwords
By default, Oracle user passwords arent encrypted, by setting the following parameters, you can ensure that Oracle will always encrypt a password when its sending across a network: ora_encrypt_login=true (client) dblink_encrypt_login=true (server)

Key Point
Oracle (Oracle 10g) does not pass plaintext passwords over the network even when you are not using the network encryption

Auditing
Oracle provides extensive audit trail capabilities. When properly configured, any action or object may be recorded and reported such as failed login attempts, table and column changes, and privilege grants.

Auditing Configuration
To enable the auditing features, the appropriate AUDIT_TRAIL parameter must be set in the start up file (INIT.ORA). Possible values include: None Disables auditing. DB Enables auditing, writing to the SYS.AUD$ table OS Enables auditing, writing to the operating systems audit trail (operating system dependent).

Auditing Tables
The following tables contain auditing configuration information: SYS.DBA_OBJ_AUDIT_OPTS lists auditing options enabled for every object SYS.DBA_STMT_AUDIT_OPTS lists auditing options enabled for every system privilege SYS.DBA_AUDIT_TRAIL contains captured events

Fine Grained Auditing

Beginning with Oracle9i, Oracle provides the capability to audit specific rows within a table. This is accomplished using the DBMS_FGA package.

Operating System Security

Set appropriate permissions to Oracle database system directories and files Grant appropriate access to Oracle accounts and roles at the operating system level Limit services running to only those necessary

Key Point
The REMOTE_LOGIN_PASSWORDFILE parameter controls access to the database using the OSDBA and OSOPER operating system roles. Users belonging to these groups can connect to the database without authenticating to it. The parameter has the following values: None This is the default and permits only operating-system authenticated users to perform database administration tasks. Shared Creates a shared password file with a single user SYS. Any user who wants to perform privileged tasks has to log in as SYS. Exclusive Uses a password file. Any user can be granted the SYSDBA and SYSOPER roles, and when the user SYS does so, the user is automatically added to the password file. You can use the V$PWFILE_USERS view to determine who has been granted the SYSDBA and SYSOPER roles.

Key Point
There are four essential processes that are required for an instance to operate properly: DBWn, LGWR, PMON, SMON.

Network Security
Network security is an important component of an overall Oracle security strategy. There are several areas where Oracle may be utilized to enhance network security: TNS Listener Valid Node Checking Firewalls

TNS Listener
The TNS Listener is the service responsible for authenticating remote clients to the server. The service could provide a hacker with useful information.

TNS Listener (cont.)

To protect this service, the following should be performed: By default this service listens to port 1521. Changing the listening port to something other than 1521. By default the service does not require authentication. Applying a password to the service by updating the PASSWORD_LISTENER parameter in the listener.ora file. The TNS Listener password is stored in the listener.ora file in cleartext. Access to the file should be limited.

Valid Node Checking

Oracle provides a security feature known as valid node checking to allow or deny access to the Oracle server based on the clients IP address. To use this feature, the following protocol.ora (Oracle Net configuration file) parameters must be set: tcp.validnode_checking = YES tcp.excluded_nodes = {list of IP addresses} tcp.invited_nodes = {list of IP addresses}

Firewalls
While firewalls can do a good job at helping prevent unwanted access to Oracle databases, they also potentially make it difficult for wanted traffic. Each new connection to the database spawns a new process or thread that listens on a new port. Firewall administrators cannot simply allow traffic on any port through to Oracle servers.

Firewalls (cont.)
There are several solutions to this problem: Certain firewalls have integrated technology that supports Net8 proxying. Connection Manager (CMAN) that comes bundled with the Oracle Enterprise Edition. Although IT Auditors should be aware of these issues, the firewall implementations are beyond the scope of this discussion.

SQL Basics
SQL (Structured Query Language) Select - display row(s) Insert - create a new row(s) Update - modify an existing row(s) Delete - delete a row(s) Where - define selection criteria

SQL Basics (cont.)

Before the auditor can access the Oracle database, the auditor must have: a valid operating system account, an Oracle database account, access to an Oracle Tool (e.g., SQL*Plus or SQL*DBA), and the appropriate privileges.

Key Point
SQL*Plus is an ad-hoc query interface to the Oracle database which should be restricted. You can restrict the capabilities of a user by using the PRODUCT_USER_PROFILE table.

Examples
Refer to CD for sample table contents.

Reference Materials
Tables Literature Oracle Security Alerts Audit Programs/Checklists Web Sites

Oracle Tables
DBA_AUDIT_TRAIL Lists all audit trail entries. DBA_COL_COMMENTS Describes comments on columns of all tables and views in the database. DBA_COL_PRIVS Describes all column object grants in the database. DBA_DB_LINKS Lists all database links in the database. DBA_OBJ_AUDIT_OPTS Describes auditing options on all objects. DBA_OBJECTS Describes all objects in the database. DBA_PRIV_AUDIT_OPTS Describes current system privileges being audited across the system and by the user. DBA_ROLES Lists all roles that exist in the database. DBA_STMT_AUDIT_OPTS Describes the current system auditing options across the system and by the user. DBA_SYS_PRIVS Describes system privileges granted to users and roles. This view does not dispaly the username column. DBA_TAB_COMMENTS Describes comments on all tables and view in the database. DBA_TAB_PRIVS Describes all object grants in the database. DBA_TABLESPACES Describes all tablespaces in the database. DBA_USERS Describes all users of the database. ROLE_ROLE_PRIVS Describes the roles granted to other roles. Information is provided only about roles to which the user has access. ROLE_SYS_PRIVS Describes system privileges granted to roles. Information is provided only about roles to which the user has access. ROLE_TAB_PRIVS Describes table privileges granted to roles. Information is provided only about roles to which the user has access.

Oracle Literature
Oracle Product Security Documentation Oracle Database Security, Audit and Control Features, IT Governance Institute Application Developers Guide - Fundamentals Oracle 9i Administrators Reference Oracle Advanced Security Administrators Guide Oracle Label Security Administrators Guide Oracle Internet Directory Administrators Guide Oracle9i: The Complete Reference by Kevin Loney Introduction to Simple Oracle Auditing by Pete Finnigan Expert Oracle9i Database Administration by Sam R. Alapati Effective Oracle Database 10g Security by Design by David C. Knox

Oracle Security Alerts

http://otn.oracle.com/deploy/security/index 2.htm?Info&alerts.htm

Audit Programs/Checklists
Sample Audit Programs UCR Audit Program Checklist Checklist www.auditnet.org

Web Sites
http://otn.oracle.com/docs/deploy/security/ content.html www.auditnet.org www.oracle.com/database/index.html

Summary
Oracle provides a variety of security features including: Identification/Authentication Authorization via privileges, roles, and fine grained security Encryption Audit trails

Questions?