Demystifying Oracle Database Security:On-Prem & Oracle Cloud
What you'll learn
- Top 10 Data Security Breaches of 21st Century
- Major Security Threats
- What is Oracle Maximum Security Architecture (MSA)
- Setup VM Database System
- Setup Autonomous Database
- Understand Database Vault : Features & Benefits
- Configure Database Vault for CDB & PDB
- Working with Realms
- Enable Database Vault for Autonomous Database
- Creating Realms for Autonomous Database
- Understanding TDE : Benefits of TDE
- TDE Key Architecture & Key Stores
- Configure TDE for CDB & PDB
- Understanding Native Network Encryption (NNE)
- Inspecting Network Packets before & after NNE
- Understanding DBSAT
- Configuring DBSAT Collector / Reporter
- What is Oracle Unified Auditing
- Comparison between Traditional vs Unified Auditing
- Demo: Enable Pure Mode of Unified Auditing
- Demo: Creating a Customised Auditing Policy
- Oracle Data Safe Features
- Data Safe: Security Assessment / User Assessment
- Data Safe: Data Discovery / Data Masking
- Oracle DBA's / Developers / DevOps
With the advent of Cloud Computing the biggest challenge that is being faced by the organizations is around Database Security. I understand companies ensure Oracle MAA (Maximum Availability Architecture) but trust me it’s time to embrace Oracle MSA (Maximum Security Architecture). Through this course I will demystify the Oracle database security for On-Prem and Oracle Cloud Infrastructure (OCI).
I will show the evidence of the Top 10 Data Security Breaches of 21st century. We will try and understand the Major Security Threats , Artefacts of Database Security and will give you a good understanding of Oracle Maximum Security Architecture.
For our learning we shall build 3 environments:
· Oracle On-Prem Environment on VM Machine
· Oracle Virtual Machine DB System
· Oracle Autonomous Database (ADB).
We will start our learning with Oracle Database Vault , understand the features, components, Separation of Duties. We will perform some demos to understand how to configure Database Vault for CDB & PDB. We will understand the concept behind Realms and also configure our own realm. We will work on a couple of use cases regarding the permissions that need to be given to the DBA to export the schema protected by realms. We will also configure the Database Vault for Autonomous Databases as well.
One of the most important requirements from the regulators is the Data Encryption which can be configured for Data at Rest using Transparent Data Encryption(TDE) and for Data in Transit using Native Network Encryption (NNE). We will go deep dive to understand TDE Key Architecture and the concept of Oracle Key vaults. I will perform strings command on the data files and show you that your Table’s data is visible in clear text format and then will implement TDE and encrypt the data at rest. Same way I will show you that if you inspect the network packets the data in transit is available in clear text, once NNE is implemented the data in transit gets encrypted as well.
Next we will move to assessment of Database security through Database Security Assessment Tool (DBSAT), We will learn the DBSAT Components, tools and perform demo for DBSAT collector / reporter and also understand and look at the different output files that are created by DBSAT.
Another key architectural change for post 12c release was Oracle Unified Auditing, we will understand the comparison between the traditional vs Unified auditing. The Unified Auditing brings a number of policies which come out of box and are enabled by default. For our demos we will enable the unified auditing to run in pure mode , we will make use of the out of the box policies and also create our own customized policy.
In the end we will move onto an amazing feature Oracle Data Safe which helps to bring entire database security under one umbrella. The Oracle Data Safe can be used for On-Prem database, VM / BM Database Systems and Autonomous Databases. Through Oracle Data Safe we will perform the demos to achieve Database Security Assessment, User Assessment , Data Sensitive Discovery and Data Masking.
Kshitij Joy (OCM & OCI Architect)
DB Alchemist Academy
Who this course is for:
- Beginner to the World of Cloud Computing & Any Experienced DBA's / Developers looking to get Understand Oracle Database Security On-Prem & Oracle Cloud (OCI)
Member of an elite group of Oracle professionals by successful completion of Oracle 11g & 12c Certified Master [OCM ] & Oracle Cloud Architect Professional, my profile has been published on Oracle website (Check under Links Section)
Having 15+Years of Experience in Oracle technologies. My key responsibility areas are Exadata Architecting , Installation, Administration, Performance - Tuning, Backup – Recovery , Data Guard and Database Upgrades. I have experience with technologies like Oracle GoldenGate, Veritas Netbackup, Oracle 10g / 11g RAC with Oracle ASM, Oracle 10g /11g / 12cGrid Control.