Oracle Security Auditing Training Course
© 2016 by Burleson Corporation
* Understand the legal
requirements for privacy auditing.
* See internals of Oracle auditing solutions.
* Employ system-level triggers to audit important Oracle
events.
* Understand Virtual Private Databases.
* Use role-based security to ensure access rules.
* Learn about security exposures inside Oracle.
* Understand Oracle "Grant Execute" security.
* Learn how to plug backdoor access holes.
|
|
Our Oracle Security
Auditing training class is an intensive three-day course designed to provide
auditing professionals with an in-depth understanding of how to
audit all areas of Oracle databases.
Designed by a
world-leading Oracle auditing professional and author of
HIPAA Auditing
for Oracle Database Security, this Oracle security training course teaches all areas of
Oracle auditing including auditing Oracle security, auditing Oracle
access controls, auditing Oracle recoverability, auditing data
integrity, and auditing security exposures.
 |
|
Oracle Privacy Security
Auditing
Arup
Nanda
Rampant TechPress,
2016
ISBN:
0-9727513-9-4
|
This Oracle security auditing
training course is designed for practicing auditors with some IT
technical skills. Oracle experience is helpful but students
should have basic knowledge of SQL and the use of a relational
database. Prior experience with Oracle is not required, but
experience using SQL with a relational database is highly
desirable.
|
This Oracle security auditing
training course is designed by Donald K. Burleson, an acknowledged
leader in Oracle auditing techniques. Burleson was chosen by
Oracle Press to write four of the authorized Oracle Press editions
on Oracle database management. Burleson has 23 years of
full-time DBA experience, is the author of 18 books, and serves as
Editor-in-chief of Oracle Internals. Burleson Corporation instructors offer decades of real world DBA experience
in Oracle features, and they will share their Oracle secrets in
this intense Oracle Auditing
class.
Learning
Objectives
By the end of this
Oracle security auditing
training
course the student will be able to
describe the methods for controlling security within an Oracle
database, and understanding the concepts behind Oracle auditing for
security, Oracle auditing for recoverability, Oracle HIPAA
auditing, and Oracle auditing for data integrity.
Oracle Security Training Course
Three Day Class
Syllabus
© 2016 by Donald K.
Burleson
DAY 1
– Introduction to Oracle auditing
1 –
Introduction to database auditing
-
Review of course
topics
-
Goals of database
auditing
-
Auditing
techniques for Oracle - Data dictionary
2 -
Introduction to Oracle SQL*Plus
-
Writing data dictionary
queries
-
Spooling output
-
Editing SQL statements
-
Exercise - Write a basic SQL query
report
3 - Writing Oracle
audit scripts with SQL*Plus
-
Writing column formats
-
Computing sums and averages
-
Writing complex queries
-
Exercise - Write an audit
report
4 – Basics
areas of Oracle auditing
-
Oracle grant security
auditing
-
Oracle grant execute security
auditing
-
Oracle virtual private databases (fine-grained
access control) auditing
-
Oracle data integrity
auditing
-
Auditing Oracle
recoverability
-
Auditing Oracle disaster
recovery
5 – Oracle
grant auditing
-
Overview of relational grant
security
-
Review of the Oracle data dictionary
(dba_role_privs, etc)
-
Exercise - Audit grant
privileges
6 - Oracle grant execute
security
-
Overview of grant execute
security
-
Definer and invoker rights
-
Exercise create a package and stored procedure
and grant rights
DAY 2
– Advanced Oracle security auditing
1 - Auditing
grant execute security
-
Overview of dba_objects and dba_source
views
-
Dictionary views for grant execute
security
-
Exercise - Audit grant execute access to
packages, procedures & functions
2 - Oracle role-based
security
-
Introduction to roles
-
stacking roles
-
assigning roles to users
-
Exercise - create roles & assign to
users
-
Exercise audit role-based
security
|
|
3 – Problems with grant
security
-
System privileges and
object privileges
-
Overlapping data access
-
Using views with grant
security
-
Exercise - Implement row-level and column
level security with a view
4 &
5– Oracle virtual private databases
-
VPD
basics
-
Exercise - Write a simple
VPD and test it
6 – Auditing
VPD security
-
VPD dictionary
views
-
Exercise -
Write a VPD audit
DAY 3
– Oracle system auditing
1 - Auditing distributed
databases
-
Oracle database links
-
Oracle distributed security
-
The two-phase commit
-
Exercise - Create a database link & audit
access
2 – Oracle
auditing for data integrity
-
Oracle DDL auditing
-
Oracle error auditing
-
Oracle referential integrity
auditing
-
Exercise - Write a DDL audit
trigger
3 - Oracle auditing for
redundancy
-
Oracle materialized views
-
Oracle replication
-
Oracle snapshots
-
Oracle multi-master
replication
-
Exercise - Audit scripts for distributed
databases
4 - Auditing
recoverability
-
Oracle redo log management
-
Oracle failsafe
-
Oracle9i Data guard
-
Oracle RAC and TAF
5 - Auditing data privacy
(HIPAA)
-
Oracle audit SQL command
-
Viewing audit information
-
Exercise - Audit access to an Oracle
table
6 - Oracle tools for data
privacy
-
Oracle fine-grained auditing
-
Managing audit trails
-
Exercise - Write an FGA audit
|
This is a BC Oracle
security training course (c) 2016
|
| |
|
