Hardening and Securing an Oracle Database with Pete Finnigan

This course teaches the delegates how to confidently harden an Oracle database against security vulnerabilities. The course gets the delegates up to speed on the reasons Oracle databases are invariably insecure. Everyone is brought up to the same level in terms of where to look, what to look for and why. The course shows how a hardening exercise is planned, how to prepare yourself for it, your staff and your environments. The course is aimed at the fundamentals of how to manually harden a database and why and does not focus on simply running tools. It is important to understand why something is an issue, to understand how to correct that issue and importantly understand the implications in respect to your own databases and applications before applying hardening measures.

The course has been designed by Pete Finnigan and is up to date using all supported versions of Oracle from 9iR2 through Oracle 11gR1. The course is run on your own site and is over two days and includes the following topics:

  • - Background to key database files, structures, configurations and files relative to security
  • - Oracle security tools, checklists and more
  • - Why harden an Oracle database
  • - Exploiting Oracle, SQL Injection, configuration, escalation of privilege and more
  • - Planning, scoping and sizing the exercise
  • - Hardening the operating system, SUID, file and directory permissions, umask, key binaries and more
  • - Removing defaults
  • - Designing and implementing password management solutions
  • - Features, functions and locking out
  • - Patch and versions
  • - Deal with the PUBLIC issue
  • - Hardening the listener
  • - Limit network access
  • - Trimming and designing administrative access
  • - Review and remove dangerous privileges
  • - Securely connecting scripts and jobs without passwords
  • - Review authentication
  • - Limit SYSDBA access
  • - Object ownership, placement and privileges
  • - Limit resources
  • - Implementing Audit and logging
  • - Preventing service and file system access
  • - Fine Grained Audit, Virtual Private Database and Secure Application Roles
  • - Encryption
  • - A look at some of the automated tools to test the hardened server

 

 

 

 

Hardening and Securing an Oracle Database with Pete Finnigan
  • Item #: pf-002
Price $2,000.00
Availability Out-of-Stock