Course Overview
In order to meet ever-tightening regulatory standards, and to protect their most valuable client and business data assets, Global businesses are zeroing in on database security more than ever before. Oracle Database is a leading database that offers a rich portfolio of features to protect data from contemporary vulnerabilities.
Oracle 19c Database Security is a hands-on course that helps experienced DBAs, developers, and architects to better understand database security challenges. Throughout the course, students will explore the process of implementing appropriate security mechanisms, learning the proactive steps required to keep data safe. This course featuring solutions for common security problems in the new Oracle Database 19c.
Course Objectives
This course is approximately 50% hands-on, combining expert lecture, real-world demonstrations and group discussions with machine-based practical labs and exercises. Working in a hands-on learning environment led by our Oracle Certified expert facilitator, students will learn how to:
- Analyze application privileges and reduce the attack surface
- Reduce the risk of data exposure by using Oracle Data Redaction and Virtual Private Database
- Control data access and integrity in your organization using the appropriate database feature or option
- Learn how to protect your databases against application bypasses
- Audit user activity using the new auditing architecture
- Restrict highly privileged users from accessing data
- Encrypt data in Oracle Database
- Work in a real-world environment where a multi-layer security strategy is applied
Need different skills or topics? If your team requires different topics or tools, additional skills or custom approach, this course may be further adjusted to accommodate. We offer additional Oracle, database, scripting, administration and other related topics that may be blended with this course for a track that best suits your needs.
Course Prerequisites
This hands-on course is geared for experienced DBAs, developers, and architects who need to better understand database security challenges .
Incoming students should possess:
- Basic understanding of Oracle Database principles
- Linux skills, including familiarity with command-line options such as ls, cd, cp, and su
- Beginning to intermediate proficiency with SQL
Please see the Related Courses tab for specific Pre-Requisite courses, Related Courses or Follow On training options. Our team will be happy to help you with recommendations for next steps in your Learning Journey.
Course Agenda
Please note that this list of topics is based on our standard course offering, evolved from typical industry uses and trends. We’ll work with you to tune this course and level of coverage to target the skills you need most.
- Basic Database Security
- Creating a password profile
- Creating password-authenticated users
- Changing a user's password
- Creating a user with the same credentials on another database
- Locking a user account
- Expiring a user's password
- Creating and using OS-authenticated users
- Creating and using proxy users
- Creating and using database roles
- The sysbackup privilege – how, when, and why should you use it?
- The syskm privilege – how, when, and why should you use it?
- The sysdg privilege – how, when, and why should you use it?
- Security Considerations in Multitenant Environment
- Creating a common user
- Creating a local user
- Creating a common role
- Creating a local role
- Granting privileges and roles commonly
- Granting privileges and roles locally
- Effects of plugging/unplugging operations on users, roles, and privileges
- PL/SQL Security
- Creating and using definer's rights procedures
- Creating and using invoker's right procedures
- Using code-based access control
- Restricting access to program units by using accessible by
- Virtual Private Database
- Creating different policy functions
- Creating Oracle Virtual Private Database row-level policies
- Creating column-level policies
- Creating a driving context
- Creating policy groups
- Setting context as a driving context
- Adding policy to a group
- Exempting users from VPD policies
- Data Redaction
- Creating a redaction policy when using full redaction
- Creating a redaction policy when using partial redaction
- Creating a redaction policy when using random redaction
- Creating a redaction policy when using regular expression redaction
- Using Oracle Enterprise Manager Cloud Control 12c to manage redaction policies
- Changing the function parameters for a specified column
- Add a column to the redaction policy
- Enabling, disabling, and dropping redaction policy
- Exempting users from data redaction policies
- Transparent Sensitive Data Protection
- Creating a sensitive type
- Determining sensitive columns
- Creating transparent sensitive data protection policy
- Associating transparent sensitive data protection policy with sensitive type
- Enabling, disabling, and dropping policy
- Altering transparent sensitive data protection policy
- Privilege Analysis
- Creating database analysis policy
- Creating role analysis policy
- Creating context analysis policy
- Creating combined analysis policy
- Starting and stopping privilege analysis
- Reporting on used system privileges
- Reporting on used object privileges
- Reporting on unused system privileges
- Reporting on unused object privileges
- How to revoke unused privileges
- Dropping the analysis
- Transparent Data Encryption
- Configuring keystore location in sqlnet.ora
- Creating and opening the keystore
- Setting master encryption key in software keystore
- Column encryption - adding new encrypted column to table
- Column encryption - creating new table that has encrypted column(s)
- Using salt and MAC
- Column encryption - encrypting existing column
- Auto-login keystore
- Encrypting tablespace
- Rekeying
- Backup and Recovery
- Database Vault
- Registering Database Vault
- Preventing users from exercising system privileges on schema objects
- Securing roles
- Preventing users from executing specific commands on specific object
- Creating a rule set
- Creating a secure application role
- Using Database Vault to implement that administrators cannot view data
- Running Oracle Database Vault reports
- Disabling Database Vault
- Re-enabling Database Vault
- Unified Auditing
- Enabling Unified Auditing mode
- Configuring whether loss of audit data is acceptable
- Which roles do you need to have to be able to create audit policies and to view audit data?
- Auditing RMAN operations
- Auditing Data Pump operations
- Auditing Database Vault operations
- Creating audit policies to audit privileges, actions and roles under specified conditions
- Creating audit policies to audit privileges, actions and roles under specified conditions
- Enabling audit policy
- Finding information about audit policies and audited data
- Auditing application contexts
- Purging audit trail
- Disabling and dropping audit policies
- Additional Topics
- Exporting data using Oracle Data Pump in Oracle Database Vault environment
- Creating factors in Oracle Database Vault
- Using TDE in a multitenant environment
Course Materials
All course labs and solutions, data sets, Oracle software (limited version, for course use only), detailed courseware, lab guides and resources (as applicable) are provided for attendees in our easy access, no installation required, remote lab environment for the duration of the course. Our tech team will help set up, test and verify lab access for each attendee prior to the course start date, ensuring a smooth start to class and successful hands-on course experience for all participants.