Learn To:

• Enable and configure Oracle Database Vault.
• Configure realms, rule sets, rules, SQL command rules and secure application roles.
• Define factors to extend rule sets.
• Run Database Vault reports to view attempted policy violations.

Using Oracle Database Vault helps organizations increase security through powerful preventive and administrative controls that include protection zones around applications that prevent insiders and outsiders from using their privileged user access to view sensitive application information. Oracle Database Vault command controls enable policies to be associated with virtually any SQL command. Policies can evaluate factors such as connection IP address, program name, date/time, and authentication method to determine whether a user should be permitted to execute a given command inside the database. Oracle Database Vault administrative controls include real time privilege analysis, helping organizations reduce the attack surface of over privileged applications through actual analysis of privileges used.

Audience:

• Database Administrators
• Security Administrators
• Support Engineer
• System Administrator

Related Training

Required Prerequisites:

• Working knowledge of SQL and PL/SQL

Suggested Prerequisites:

• Oracle Database 12c: Security
• Oracle Database Administration experience

Course Objectives:

• Learn best practices
• Enable and configure Oracle Database Vault
• Block access to sensitive application data from inside and outside the organization
• Reduce the attack surface for potential security breaches through limiting privileges
• Create protection zones using realms and secure application roles
• Define command controls using rules sets, command rules, factors, and identities
• Perform security analysis and report security vulnerabilities

Course Topics:

Introduction

• Course Objectives
• Course Schedule
• Curriculum Context
• Your Learning Aids
• Technical Course Setup

Database Vault Overview

• What is a Realm? A Rule Set? A Command Rule? A Secure Application Role?
• What are Factors and Identities? Component Relationships and Evaluation?
• Database Vault Effects and Example
• Software Overview: API, Views, and Integration with Other Oracle Products

Configuring Database Vault

• Configuring Database Vault
• Database Vault Roles and Schema
• What to Expect After You Enable Database Vault
• Securing Data in Multitenant Environments
• Configuring Database Vault Users in Cloud Control 12c

Analyzing Privileges

• Privilege Analysis Overview and Features
• How Does it Work?
• What are Your Types of Analysis, Tools, and Prerequisites?
• Managing Privilege Analysis Policies
• Use Cases

Configuring Realms

• Self-Assessment about Realms
• How Realms Work
• Benefits and Effects of Realms
• Use Cases
• Maintaining Realms
• Using Oracle Defined Objects (Realms, Reports, Views)

Defining Rule Sets

• Self-Assessment about Rule Sets
• Evaluation and Use of Rule Sets
• Oracle Defined Rule Sets
• Maintaining and Customizing Rule Sets
• Using Oracle Defined Objects (Reports, Views, API)

Configuring Command Rules

• Self-Assessment about Command Rules
• Command Rules Attributes and Scope
• Use Case: Preventing Table Alterations in a Schema
• Using Oracle Defined Objects (Command Rules, Reports, Views, API)

Extending Rule Sets

• Self-Assessment about Factors and Identities
• Using your own and Predefined Factors
• Factor Types, Identification, Evaluation, and Retrieval Method
• Assigning Rule Sets, Validation Method, Audit and Error Options for Factors
• Identities, their Purpose, Examples, and Trust Levels
• Using Oracle Defined Objects for Factors and Identities (Reports, Views, API)
• Maintaining Factors and Identities

Configuring Secure Application Roles

• Self-Assessment about Secure Application Roles
• Benefits and Examples of Using Secure Application Roles
• Tasks with Secure Application Roles
• Using Oracle Defined Objects (Reports, Views, API)

Auditing with Database Vault Reports

• Required Privileges
• Security Analysis in Cloud Control
• Checking for Configuration Issues and Changes
• Reviewing Database Vault Audit Reports
• Using General Security Reports
• Other Security Vulnerabilities Reports

Implementing Best Practices

• Identifying, Building, and Documenting Your Security Requirements
• Separation of Duty
• Dual Key Security
• Connection Pooling
• Auditing and Performance
• Various Security Guidelines and Recommendations