Reader small image

You're reading from  Oracle 11g Anti-hacker's Cookbook

Product typeBook
Published inOct 2012
Reading LevelBeginner
PublisherPackt
ISBN-139781849685269
Edition1st Edition
Languages
Right arrow
Author (1)
Adrian Neagu
Adrian Neagu
author image
Adrian Neagu

Adrian Neagu has over ten years of experience as a database administrator, mainly with DB2 and Oracle databases. He is an Oracle Certified Master 10g, Oracle Certified Professional 9i, 10g, and 11g, IBM DB2 Certified Administrator version 8.1.2 and 9, IBM DB2 9 Advanced Certified Administrator 9, and Sun Certified System Administrator Solaris 10. He is an expert in many areas of database administration such as performance tuning, high availability, replication, backup, and recovery. In his spare time, he likes to cook, take photos, and to catch big pikes with huge jerkbaits and bulldawgs.
Read more about Adrian Neagu

Right arrow

Foreword

When I first became aware of Adrian Neagu's intent to author a book on Oracle security, I sent him a congratulatory note. This is an important subject area, and I felt a special need to pass on my best wishes. His first book IBM DB2 9.7 Advanced Administration Cookbook, Packt Publishing, had a chapter devoted to database security that shared some of the knowledge he had learned as an IBM Certified Advanced DB2 Administrator. I was excited to hear that he was now going to put on paper some of the knowledge he has gained from real-world security experiences as an Oracle Certified Master Database Administrator. He was going to help educate Oracle IT professionals on techniques they could use to protect the data and server assets placed under their stewardship.

The title he chose for his second book, Oracle 11g Anti-hacker's Cookbook, really grabbed my attention as well. The book's title seemed to conjure up images of evildoers on the internet placing their sights on attacking systems and attempting to steal or compromise the data they contained. We've all heard stories about hackers that have broken into systems and stolen our data. They've actually gotten some of my personal data by compromising the systems of a couple of companies whose products I have purchased. The same group or others like them may have taken some of your data as well. There are bad guys out there, and there are certainly many that try to get into systems for amusement, malice, or profit. But hackers are not the only ones that can harm or inappropriately access your data. I've been personally involved in situations in which identified risks were traced back to an authorized internal user who was doing some things he or she should not have done. Those situations could have been prevented with some of the controls described in this book. They may not have been available then, but they are available now in the enhanced Oracle 11g security-oriented features.

As someone who has worked with databases for over 20 years, across a number of industries including aerospace, manufacturing, financial, government, educational, and retail, I've seen firsthand how reducing security risks has become more and more a key part of an Oracle professional's responsibilities. What interested me about Adrian's latest book endeavor was that it offered an opportunity to help educate more people about the increasingly important topic of database security. The cookbook and recipe approach he had chosen to use sounded like an interesting way to convey the main concepts and techniques behind the threats he wanted to describe to the reader. More importantly, the recipes he was going to create were going to show some ways those security risks could be mitigated or reduced. He had me hooked and ready to read his book. The only problem for me at that time was that he hadn't completed it yet. Only a few of his recipes had been cooked up, and when I sat down to get an early taste, they were being brought to me one selection at a time.

But the full course is now ready to be served. It's at your table and on your plate, and I recommend that you take the time to check out his menu of security-flavored delectables. There is a logical flow to his cookbook style, and certain recipes do build on and complement each other, so I would suggest starting from the beginning. But don't be afraid to dive straight into any selection that piques your appetite. You will learn something important about Oracle security no matter where you start or end, and that's the main desire of this IT chef. Unless you have spent many years working in the area of database security, there is a good chance that you may have never tasted beforehand some of the recipes he presents. Have you ever really seen how a hacker can hijack a database session? If not, there is a recipe that shows you how it can be done. Have you tried to crack a password for a trusted Oracle account? There's a recipe for that too. Do you know how to keep the privileged root user from modifying important database files such as listener.ora? If not, you will learn how to lock this down tight, in another recipe. Has a hacker or malicious user gotten in and modified something in the database or in a file that shouldn't have been changed? You will find out how to know that it has occurred and how to prevent it from happening, with some of his audit and modification detection and prevention recipes.

You'll also sample some information related to limiting access to trusted users such as database administrators. In the past, this group usually had the keys to your data kingdom. They could see and do anything they needed or wanted, there. Sure, you could trust them. You knew their name and they sat right next to you at the office table. But is that the case anymore? Does your junior DBA staff need as much access as your senior DBA staff? Do your systems administrators need to see your database data? Does your remote contractor resource need access to everything, or do they only have to be able to do the tasks you want them to do and see only the data they really need to see to do their job? With powerful Oracle 11g features such as Database Vault, if your risk profile and data sensitivity needs warrant it, you can place tighter restrictions on what a DBA user can and cannot do with your data. There is a recipe that will help show you that as well. If you want to encrypt your data so it can't be deciphered by someone that may have access to it but doesn't need to know what it is, there are recipes here that are going to help explain how to do this too. You probably also have certain regulatory requirements that require you to prove to auditors that you know who can do what in your database as well what they have been doing. Guess what? The Audit Vault recipes are going to help you here.

There are a lot of recipes that Adrian has cooked up for you in his book. Some of them you will want to devour right away, while others you will want to consume a little slower and over time. Regardless of whether you are hungry and craving for this information or just want a little taste to whet your appetite for knowledge in this area, I think you will find that his cookbook approach is both satisfying and hits the intended mark. There is a lot of subject matter to digest, but it doesn't have to all be taken in at one sitting. Walk away when you are full, and come back for some more when you need charge up again. The nourishment provided by the security-oriented knowledge contained in the book's recipes will help you grow. As you gain strength by learning more, your ability to protect your systems and data will increase as well. It's time to start learning. I hope you will like the educational security meal Adrian has prepared as much as I did. He's a good cook. Enjoy!

Steven Macaulay

CISSP, OCP, MIS

lock icon
The rest of the chapter is locked
You have been reading a chapter from
Oracle 11g Anti-hacker's Cookbook
Published in: Oct 2012Publisher: PacktISBN-13: 9781849685269
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $15.99/month. Cancel anytime

Author (1)

author image
Adrian Neagu

Adrian Neagu has over ten years of experience as a database administrator, mainly with DB2 and Oracle databases. He is an Oracle Certified Master 10g, Oracle Certified Professional 9i, 10g, and 11g, IBM DB2 Certified Administrator version 8.1.2 and 9, IBM DB2 9 Advanced Certified Administrator 9, and Sun Certified System Administrator Solaris 10. He is an expert in many areas of database administration such as performance tuning, high availability, replication, backup, and recovery. In his spare time, he likes to cook, take photos, and to catch big pikes with huge jerkbaits and bulldawgs.
Read more about Adrian Neagu