Oracle 11g Anti-hacker's Cookbook -- Table of Contents -- Oracle 11g Anti-hacker's Cookbook -- Credits -- Foreword -- About the Author -- About the Reviewers -- www.PacktPub.com -- Support files, eBooks, discount offers and more -- Why Subscribe? -- Free Access for Packt account holders -- Instant Updates on New Packt Books -- Preface -- What this book covers -- What you need for this book -- Who this book is for -- Conventions -- Reader feedback -- Customer support -- Downloading the example code -- Errata -- Piracy -- Questions -- 1. Operating System Security -- Introduction -- Using Tripwire for file integrity checking -- Getting ready -- How to do it... -- How it works... -- There's more... -- Other administrative options -- Using immutable files to prevent modifications -- Getting ready -- How to do it... -- How it works... -- There's more... -- Closing vulnerable network ports and services -- Getting ready -- How to do it... -- How it works... -- There's more... -- Using network security kernel tunables to protect your system -- How to do it... -- How it works... -- There's more... -- Using TCP wrappers to allow and deny remote connections -- Getting ready -- How to do it... -- How it works... -- There is more... -- Enforcing the use of strong passwords and restricting the use of previous passwords -- Getting ready -- How to do it... -- How it works... -- There is more... -- Performing a security assessment on current passwords with the John the Ripper password cracker tool -- Restricting direct login and su access -- Getting ready -- How to do it... -- How it works... -- There's more... -- Securing SSH login -- Getting ready -- How to do it... -- How it works... -- There's more... -- Setting up public key authentication -- 2. Securing the Network and Data in Transit -- Introduction -- Hijacking an Oracle connection -- Getting ready.

How to do it... -- How it works... -- There's more... -- See also... -- Using OAS network encryption for securing data in motion -- Getting ready -- How to do it... -- How it works... -- There's more... -- Using OAS data integrity for securing data in motion -- Getting ready -- How to do it... -- How it works... -- There's more... -- Using OAS SSL network encryption for securing data in motion -- Getting ready -- How to do it... -- How it works... -- There's more... -- Encrypting network communication using IPSEC -- Getting ready -- How it works... -- How it works... -- There's more... -- Encrypting network communication with stunnel -- Getting ready -- How to do it... -- How it works... -- There's more... -- Encrypting network communication using SSH tunneling -- Getting ready -- How to do it... -- How it works... -- There's more... -- Restricting the fly listener administration using the ADMIN_RESTRICTION_LISTENER parameter -- Getting ready -- How to do it... -- How it works... -- There's more... -- Securing external program execution (EXTPROC) -- Getting ready -- How to do it... -- How it works... -- There's more... -- See Also -- Controlling client connections using the TCP.VALIDNODE_CHECKING listener parameter -- Getting ready -- How to do it... -- How it works... -- There's more... -- 3. Securing Data at Rest -- Introduction -- Using block device encryption -- Getting ready -- How to do it... -- How it works... -- There's more... -- Using filesystem encryption with eCryptfs -- Getting ready -- How to do it... -- How it works... -- There's more... -- Using DBMS_CRYPTO for column encryption -- Getting Ready -- How to do it... -- How it works... -- There's more... -- Using Transparent Data Encryption for column encryption -- Getting ready -- How to do it... -- How it works... -- There's more... -- Performance implications -- Limitations:.

Recommendations -- See also -- Using TDE for tablespace encryption -- Getting ready -- How to do it... -- How it works... -- There's more... -- Encryption key management -- Using encryption with data pump -- Getting ready -- How to do it... -- How it works... -- Using encryption with RMAN -- Getting ready -- How to do it... -- How it works... -- There's more... -- 4. Authentication and User Security -- Introduction -- Performing a security evaluation using Oracle Enterprise Manager -- Getting ready -- How to do it... -- How it works... -- There's more... -- Using an offline Oracle password cracker -- Getting ready -- How to do it... -- How it works... -- There's more... -- Using user profiles to enforce password policies -- Getting ready -- How to do it... -- How it works... -- There's more... -- Using secure application roles -- Getting ready -- How to do it... -- How it works... -- There's more... -- See also -- How to perform authentication using external password stores -- Getting ready -- How to do it... -- How it works... -- There's more... -- Using SSL authentication -- Getting ready -- How to do it... -- How it works... -- There's more... -- 5. Beyond Privileges: Oracle Virtual Private Database -- Introduction -- Using session-based application contexts -- Getting ready -- How to do it... -- How it works... -- There's more... -- Implementing row-level access policies -- Getting ready -- How to do it... -- How it works... -- There's more... -- Performance implications -- Using Oracle Enterprise Manager for managing VPD -- Getting ready -- How to do it... -- How it works... -- Implementing column-level access policies -- Getting ready -- How to do it... -- How it works... -- Implementing VPD grouped policies -- Getting ready -- How to do it... -- How it works... -- There's more... -- Granting exemptions from VPD policies -- How to do it...

How it works... -- There's more... -- 6. Beyond Privileges: Oracle Label Security -- Introduction -- Creating and using label components -- Getting ready -- How to do it... -- How it works... -- There's more... -- Defining and using compartments and groups -- Getting ready -- How to do it... -- How it works... -- There's more... -- Using label policy privileges -- Getting ready -- How to do it... -- How it works... -- There's more... -- Using trusted stored units -- Getting ready -- How to do it... -- How it works... -- There's more... -- 7. Beyond Privileges: Oracle Database Vault -- Introduction -- Creating and using Oracle Database Vault realms -- Getting ready -- How to do it... -- How it works... -- There's more... -- Creating and using Oracle Vault command rules -- Getting ready -- How to do it... -- How it works... -- There's more... -- Creating and using Oracle Database Vault rulesets -- Getting ready -- How to do it... -- How it works... -- There's more... -- Creating and using Oracle Database Vault factors -- Getting ready -- How to do it... -- How it works... -- There's more... -- Creating and using Oracle Database Vault reports -- Getting ready -- How to do it... -- How it works... -- There's more... -- 8. Tracking and Analysis: Database Auditing -- Introduction -- Determining how and where to generate audit information -- Getting ready -- How to do it... -- How it works... -- There's more... -- See also -- Auditing sessions -- Getting ready -- How to do it... -- How it works... -- There's more... -- Auditing statements -- Getting ready -- How to do it... -- How it works... -- There's more... -- Auditing objects -- Getting ready -- How it works... -- How it works... -- There's more... -- Auditing privileges -- Getting ready -- How it works... -- How it works... -- There's more... -- Implementing fine-grained auditing -- Getting ready.

How to do it... -- How it works... -- There's more... -- Alert mechanism -- Other options -- Integrating Oracle audit with SYSLOG -- Getting ready -- How to do it... -- How it works... -- There is more... -- Auditing sys administrative users -- Getting ready -- How to do it... -- How it works... -- Index.