1 Introduction to Oracle Database Security

Oracle Database provides a rich set of default security features to manage user accounts, authentication, privileges, application security, encryption, network traffic, and auditing.

1.1 About Oracle Database Security

You can use the default Oracle Database features to configure security in several areas for your Oracle Database installation.

The areas in which you can configure security are as follows:

In addition, Keeping Your Oracle Database Secure, provides guidelines that you should follow when you secure your Oracle Database installation.

1.2 Additional Oracle Database Security Products

In addition to the security resources that are available in a default database installation, Oracle Database provides several other database security products.

These products are as follows:

  • Oracle Advanced Security enables you to protect sensitive data by using Transparent Data Encryption and Oracle Data Redaction.

  • Oracle Label Security applies classification labels to data, allowing you to filter user access to data at the row level.

  • Oracle Database Vault provides fine-grained access control to your sensitive data, including protecting data from privileged users. For example, you can restrict database administrators from having access to employee information such as salaries.

  • Oracle Data Safe enables you to analyze the sensitivity and risks of data in your Oracle databases, and based on these findings, create policies that mask sensitive data, create and monitor security controls, assess user security, and monitor user activity.

  • Oracle Enterprise User Security enables you to manage user security at the enterprise level.

  • Oracle Enterprise Manager Data Masking and Subsetting Pack can irreversibly replace the original sensitive data with fictitious data so that production data can be shared safely with IT developers or offshore business partners.

  • Oracle Audit Vault and Database Firewall collects database audit data from sources such as Oracle Database audit trail tables, database operating system audit files, and database redo logs. Using Oracle Audit Vault and Database Firewall, you can create alerts on suspicious activities, and create reports on the history of privileged user changes, schema modifications, and even data-level access.

  • Oracle Key Vault enables you to accelerate security and encryption deployments by centrally managing encryption keys, Oracle wallets, Java keystores, and credential files. It is optimized for Oracle wallets, Java keystores, and Oracle Advanced Security Transparent Data Encryption (TDE) master keys. Oracle Key Vault supports the OASIS KMIP standard. The full-stack, security-hardened software appliance uses Oracle Linux and Oracle Database technology for security, availability, and scalability, and can be deployed on your choice of compatible hardware.

In addition to these products, you can find the latest information about Oracle Database security, such as new products and important information about security patches and alerts, by visiting the Security Technology Center on Oracle Technology Network at

http://www.oracle.com/technetwork/topics/security/whatsnew/index.html