1 Introduction to Oracle Database Security

In a default Oracle Database installation, you can manage security in a variety of ways. In addition to controlling user authentication, you can use built-in tools such as encryption, Oracle Database Vault, Oracle Virtual Private Database, Oracle Data Redaction, Oracle Label Security, and auditing to manage security.

Topics:

About This Guide

Oracle Database 2 Day + Security Guide teaches you how to perform day-to-day database security tasks.

Topics:

Before Using This Guide

Before using this guide, you should understand the basics of administering an Oracle database.

The goal of this guide is to help you understand the concepts behind Oracle Database security. You will learn how to perform common security tasks needed to secure your database. The knowledge you gain from completing the tasks in Oracle Database 2 Day + Security Guide helps you to better secure your data and to meet common regulatory compliance requirements, such as the Sarbanes-Oxley Act.

The primary administrative interface used in this guide is Oracle Enterprise Manager, featuring all the self-management capabilities introduced in Oracle Database.

Complete Oracle Database 2 Day DBA, which provides a good foundation for Oracle Database administration.

You should also obtain the necessary products and tools described in Tools for Securing Your Database.

What This Guide Is and Is Not

Oracle Database 2 Day + Security Guide is task oriented. The objective of this guide is to describe why and when you must perform security tasks.

Where appropriate, this guide describes the concepts and steps necessary to understand and complete a task. This guide is not an exhaustive discussion of all Oracle Database concepts. For this type of information, see Oracle Database Concepts.

Where appropriate, this guide describes the necessary Oracle Database administrative steps to complete security tasks. This guide does not describe basic Oracle Database administrative tasks. For this type of information, see Oracle Database 2 Day DBA. Additionally, for a complete discussion of administrative tasks, see Oracle Database Administrator's Guide.

In addition, this guide is not an exhaustive discussion of all Oracle Database security features and does not describe available APIs that provide equivalent command line functionality to the tools used in this guide. For this type of information, see Oracle Database Security Guide.

Common Database Security Tasks

Database administrators for Oracle Database are responsible for common security-related tasks.

These tasks are as follows:

  • Ensuring that the database installation and configuration is secure

  • Managing the security aspects of user accounts: developing secure password policies, creating and assigning roles, restricting data access to only the appropriate users, and so on

  • Ensuring that network connections are secure

  • Encrypting sensitive data

  • Ensuring the database has no security vulnerabilities and is protected against intruders

  • Deciding what database components to audit and how granular you want this auditing to be

  • Downloading and installing security patches

In a small to midsize database environment, you might perform these tasks as well and all database administrator-related tasks, such as installing Oracle software, creating databases, monitoring performance, and so on. In large, enterprise environments, the job is often divided among several database administrators—each with their own specialty—such as database security or database tuning.

Tools for Securing Your Database

To achieve the goals of securing your Oracle database, you must use a specific set of products, tools, and utilities.

These tools are as follows:

  • Oracle Database 12c Enterprise Edition

    Oracle Database 12c Enterprise Edition provides enterprise-class performance, scalability, and reliability on clustered and single-server configurations. It includes many security features that are used in this guide.

  • Oracle Enterprise Manager

    Oracle Enterprise Manager is a Web application that you can use to perform database administrative tasks for a single database instance or a clustered database. It enables you to manage multiple Oracle databases from one location. This guide explains how to use Enterprise Manager to perform database administrative tasks.

  • SQL*Plus

    SQL*Plus is a development environment that you can use to create and run SQL and PL/SQL code. It is part of the Oracle Database 12c release 1 (12.1) installation.

  • Database Configuration Assistant (DBCA)

    Database Configuration Assistant enables you to perform general database tasks, such as creating, configuring, or deleting databases. In this guide, you use DBCA to enable default auditing.

  • Oracle Net Manager

    Oracle Net Manager enables you to perform network-related tasks for Oracle Database. In this guide, you use Oracle Net Manager to configure network encryption.

Securing Your Database: A Roadmap

To learn the fundamentals of securing an Oracle database, you should follow a roadmap of specific tasks.

To use this guide:

  1. Secure your Oracle Database installation and configuration.

    Complete the tasks in Securing the Database Installation and Configuration to secure access to an Oracle Database installation.

  2. Understand how privileges work.

    Complete the tasks in Managing User Privileges. You learn about the following:

    • How privileges work

    • Why you must be careful about granting privileges

    • How database roles work

    • How to create secure application roles

  3. Encrypt data as it travels across the network.

    Complete the tasks in Encrypting Data with Oracle Transparent Data Encryption to learn how to secure client connections and to configure network encryption.

  4. Control system administrative access to sensitive data with Oracle Database Vault.

    Complete the tasks in Controlling Access with Oracle Database Vault.

  5. Restrict the display of data with Oracle Virtual Private Database.

    Complete the tasks in Restricting Access with Oracle Virtual Private Database.

  6. Control the display of data in real time by using data redaction.

    Complete the tasks in Limiting Access to Sensitive Data Using Oracle Data Redaction.

  7. Enforce row-level security with Oracle Label Security.

    Enforcing Row-Level Security with Oracle Label Security.

  8. Configure auditing so that you can monitor the database activities.

    Complete the tasks in Auditing Database Activity to learn about standard auditing.