
Protect data and ensure high availability using Oracle security tools, including the stat database security assessment tool and database vault with encrypted tablespaces.
Explores the top ten data security breaches of the 21st century, showing how personal data—passwords, SSNs, passport numbers—were stolen from Adobe, Equifax, Yahoo, Marriott, and others.
Think like a hacker to identify major security threats such as malware, insider threats, human error, SQL injection, data overload, and DDoS attacks.
Explore how Oracle's maximum security architecture maps assessment, prevention, and detection controls across Audit Vault, Database Firewall, VPD, label security, and data masking for on-prem and cloud.
Explore data and user protection through assessment, detection, and prevention across on-prem and Oracle Cloud, using Oracle Unified Auditing, data masking, and database vault.
Set up the introductory lab to explore Oracle database security for on-prem and OCI environments.
Explore setting up a vm database system in Oracle Cloud and on-prem environments, including provisioning a vm db system, configuring storage, vcn, ssh keys, and connecting via opc.
Learn how to provision an always free autonomous database (ADW or ATP) in Oracle Cloud, configure access and licence options, and connect via SQL Developer Web to explore the pdb.
Set up an on-premises Oracle database using 18c XE in Oracle Cloud compute, install the RPM, configure the listener, and create a pluggable database XY for security practice.
Learn the fundamentals of Oracle database vault and how it enhances security for on-prem and OCI deployments.
Protects sensitive data by preventing unauthorized privileged users from accessing databases, with realms and access controls that support Sarbanes-Oxley, PCI, HIPAA, and GDPR compliance in on-prem and OCI environments.
Explore Oracle Database Vault features that protect sensitive data, support GDPR and PCI DSS, and enforce separation of duty with command controls and multiple trusted factors for on-prem and OCI.
Explore database vault security controls, including realms, command rules, factors, and rule sets, and learn how these artifacts protect sensitive data from privileged users.
Explore separation of duties in Oracle database vault, with two roles—database vault owner and database vault account manager—who manage realms, command rules, factors, and user provisioning, with backups recommended.
Demonstrates configuring oracle database vault in a container database, creating database vault owner and account manager users, enabling database vault and label security, then restarting the database.
Configure and verify Oracle database vault inside a pluggable database by enabling vault on the PDB, connecting as DV owner, restarting the PDB, and validating vault and label security statuses.
Create realms to establish protection zones with database vault in a pluggable database, letting only authorized users access schema data; configure realm, enable audit, and add objects.
Learn how a database administrator exports a schema protected by a realm in a database vault, and how vault owner authorization enables a successful data pump export.
Learn how to create a new database user by using the database vault account manager with privileged rights, as DBAs face insufficient privileges when using standard DBA accounts.
Hi Folks
Subscribe to Our YouTube Channel (Cloud Alchemy Academy) for free videos on following Topics
• Oracle / MySql Database
• Oracle Cloud
• Exadata
• AWS Cloud
• Docker
• DevOps
• Free / Discounted Udemy Coupons
The Link is : bit.ly/2lO4Xke
Please Subscribe and remember to press the Notification Button to get notified as soon as new videos are released.
Happy Learning !!!!!
Enable and verify database vault in autonomous databases on Oracle Cloud, mirroring on-prem configurations. Create vault users and configure vault, then restart the database to activate label security.
Demonstrates creating realms in an autonomous database to enable Oracle database vault, using the ADB root user and rest, and applying realms to the HR schema.
Explore data encryption techniques for Oracle database security across on-prem and OCI environments, building foundational understanding of encryption concepts within enterprise databases.
Explore how Oracle transparent data encryption protects data at rest by encrypting sensitive data with external keys in wallets or hardware security modules, requiring no application changes.
Discover how Oracle transparent data encryption protects data at rest by encrypting storage, with zero downtime and no application changes, to meet regulatory requirements like PCI, HIPAA, and GDPR.
Demystify the TDE key architecture by explaining the DEK and table space key and how the MEK/KEK protects the DEK stored in an external key store such as Oracle Wallet.
Explore column versus tablespace encryption in Oracle TDE, comparing data-at-rest protection, key management (single tablespace key vs per-column keys), and buffer cache behavior affecting data decryption and execution plans.
Explore software based and hardware based key stores, including auto login, local auto login, and password protected types, and how hardware security modules and Oracle Key Vault secure TDE keys.
Demonstrate transparent data encryption protecting data at rest by showing how strings reveal data in unencrypted database files.
This video demonstrates configuring transparent data encryption in on-premises Oracle container database, showing how to create and open an encryption wallet, set a master encryption key, and verify wallet status.
Configure transparent data encryption in an on-premises pluggable database by creating a wallet, opening a master key, and creating an encrypted tablespace to shield data, verified by a strings test.
Explore native network encryption (NNE) for data in transit, protecting against data modification and replay attacks, now free and included with Oracle, via a simple SQL configuration using AES-256.
Demonstrate the importance of data in transit encryption by showing how unencrypted database traffic can be sniffed, and compare enabled network encryption or tls-based encryption for Oracle databases.
Learn to prove native network encryption is enabled by using a session connect info network service banner and packet sniffing to confirm encrypted data and data integrity.
This demo shows how to enable native encryption (nne) in Oracle by configuring sqlnet.ora for aes 256 and sha1, then verifying the banner to confirm in-transit encryption and data integrity.
Watch a quick demo proving data in transit encryption is enabled by configuring sqlnet.ora with aes-256 and sha-1. Verify the network banner reflects these settings.
Demonstrates that native network encryption encrypts data in transit, so a tcpdump on port 1521 shows no clear-text data, proving that sniffed network packets remain unread.
Introduce dbsat as a tool for Oracle database security, outlining its role in securing on-premises and Oracle cloud infrastructure environments.
Explore Oracle database security assessment with the lightweight db start tool for posture views, and use db set to identify sensitive data and enforce encryption at rest and in transit.
Understand the DBSAT components—collector, reporter, and discoverer. Collector queries Oracle DB to build password-protected JSON file; the reporter outputs HTML or CSV; the discoverer audits dictionary views for sensitive data.
Explore DBSAT tool components: collector collects data from database, reporter analyzes and exports reports, discoverer reveals sensitive data via dictionary views, and discovery enables CSV loading into Oracle Audit Vault.
Explore the DBSAT reporting view to assess your database security posture, highlighting authentication and authorization, encryption (tablespace, column-level, data in transit and at rest), auditing, and fine-grained access controls.
Download the DBSAT utility from Metalink, unzip it, and run DBSAT collect to generate a password-protected JSON output for your on-prem or Oracle Cloud database, for use by the reporter.
Demonstrates using the DB start report command to generate reports from a zip output, encrypted with a password, producing text, HTML, Excel, and adjacent files.
Explore the db sat database security assessment tool and its output files (html, json, text, xls), covering authentication, authorization, auditing, encryption (tablespace and column), and regulatory references.
Discover the fundamentals of Oracle unified auditing for on-prem and OCI deployments, setting the foundation for Oracle database security.
Consolidate auditing into a single repository with Oracle Unified Auditing, the 12c onwards foundation. Switch between mixed mode and pure mode to manage audit data storage in unified_audit_trail.
Compare traditional auditing with unified auditing to show how the unified audit trail consolidates all auditing data into one single table for easier governance.
Explore Oracle's unified auditing with policies out of the box, including log failures and secure config, and learn to view enabled policies and audit options like drop any procedure.
Demonstrates testing drop user auditing in a PDB using Oracle unified auditing; reveals out-of-the-box policies automatically enabled, including drop user, and verifies results in the unified_audit_trail.
Demonstrate enabling pure mode unified auditing, switching from mixed mode by shutting down the database, rebuilding binaries with unified auditing on, restarting, and verifying unified auditing is true.
Learn to create and enable a customized auditing policy in Oracle unified auditing, and verify deletions on a backup table are captured in the unified audit trail.
Explore the concept of Oracle Data Safe and its role in Oracle database security for on-prem and OCI environments.
Oracle Data Safe provides a unified control center to assess data sensitivity and risks, mask sensitive data, monitor user activity, and enforce auditing and compliance across databases.
Discover how the data safe security assessment evaluates security parameters, controls, and user privileges, offering remediation guidance and color-coded risk levels for GDPR, CIS, and Stig compliance.
Explore data safe user assessment to identify privileged users, apply pam, and remediate risks using dynamic profile data, with reports showing critical, high, and medium risks for sample schemas.
Audit data safe activity by monitoring privileged user events, setting alerts for deletions or truncations, and retaining audit data up to a year for forensics, with out-of-box reports for compliance.
Discover and mask sensitive data with Data Safe across Oracle databases. Identify where personal information resides, consider encryption, apply masking formulas or algorithms, and protect data during cloning and testing.
Enable data safe in Oracle Cloud, register a target, and configure connectivity; create a data safe admin, run the privileges script, and test the connection through security lists.
Assess your Oracle database security posture with data safe by running security and user assessments, data discovery, masking, and auditing, then review reports for low, medium, and high risk.
Identify and assess privileged users with data safe user assessment. Generate reports highlighting critical risks and open accounts, and learn to lock or drop unnecessary admin accounts.
Identify sensitive data across Oracle on-prem and Oracle Cloud with data safe data discovery, revealing personal information like names, addresses, employee IDs, and salaries for regulatory reporting via a dashboard.
Demonstrates data masking with data safe by cloning a pdb, performing data discovery on the hr schema, and applying a masking policy to randomize names and numbers.
https://www.udemy.com/course/oracle-cloud-oci-ai-foundations-associate-1z0-1122/?referralCode=73D5440FF46907F49BE3
With the advent of Cloud Computing the biggest challenge that is being faced by the organizations is around Database Security. I understand companies ensure Oracle MAA (Maximum Availability Architecture) but trust me it’s time to embrace Oracle MSA (Maximum Security Architecture). Through this course I will demystify the Oracle database security for On-Prem and Oracle Cloud Infrastructure (OCI).
I will show the evidence of the Top 10 Data Security Breaches of 21st century. We will try and understand the Major Security Threats , Artefacts of Database Security and will give you a good understanding of Oracle Maximum Security Architecture.
For our learning we shall build 3 environments:
· Oracle On-Prem Environment on VM Machine
· Oracle Virtual Machine DB System
· Oracle Autonomous Database (ADB).
We will start our learning with Oracle Database Vault , understand the features, components, Separation of Duties. We will perform some demos to understand how to configure Database Vault for CDB & PDB. We will understand the concept behind Realms and also configure our own realm. We will work on a couple of use cases regarding the permissions that need to be given to the DBA to export the schema protected by realms. We will also configure the Database Vault for Autonomous Databases as well.
One of the most important requirements from the regulators is the Data Encryption which can be configured for Data at Rest using Transparent Data Encryption(TDE) and for Data in Transit using Native Network Encryption (NNE). We will go deep dive to understand TDE Key Architecture and the concept of Oracle Key vaults. I will perform strings command on the data files and show you that your Table’s data is visible in clear text format and then will implement TDE and encrypt the data at rest. Same way I will show you that if you inspect the network packets the data in transit is available in clear text, once NNE is implemented the data in transit gets encrypted as well.
Next we will move to assessment of Database security through Database Security Assessment Tool (DBSAT), We will learn the DBSAT Components, tools and perform demo for DBSAT collector / reporter and also understand and look at the different output files that are created by DBSAT.
Another key architectural change for post 12c release was Oracle Unified Auditing, we will understand the comparison between the traditional vs Unified auditing. The Unified Auditing brings a number of policies which come out of box and are enabled by default. For our demos we will enable the unified auditing to run in pure mode , we will make use of the out of the box policies and also create our own customized policy.
In the end we will move onto an amazing feature Oracle Data Safe which helps to bring entire database security under one umbrella. The Oracle Data Safe can be used for On-Prem database, VM / BM Database Systems and Autonomous Databases. Through Oracle Data Safe we will perform the demos to achieve Database Security Assessment, User Assessment , Data Sensitive Discovery and Data Masking.
Regards
Kshitij Joy (OCM & OCI Architect)
DB Alchemist Academy