Oracle Database 10g: Implementing Database Vault

What you will learn

Database Vault is a new option that helps a DBA meet the security goals of an organization. There are more and more requirements being put on systems regarding separation of duties and privacy and protection of data, including insider threats. A DBA needs to understand these requirements, and also the tools available for meeting them. This course introduces the student to Database Vault, including installation, configuration, and how it affects activities in the database. New security concepts are introduced, illustrated, and clearly demonstrated by relevant practices

Learn To:
  • Install Database Vault into an existing database
  • Understand the Database Vault API capabilities
  • Configure components that restrict DBA privileges as needed
  • Audit access to database objects as needed
Audience
 Data Warehouse Administrator
Data Warehouse Analyst
Database Administrators
Sales Consultants
Technical Consultant

Prerequisites
 Working knowledge of SQL
Working knowledge of PL/SQL
Oracle Database 10g: Security

Course Objectives
 Install Database Vault
Configure Realms to protect schemas or application data
Define multiple factors that represent characteristics of a user or session
Integrate factor values with Oracle Label Security
Audit Database Vault component accesses
Define custom rules for allowing access to data
Use the Database Vault browser interface
Monitor and report on security configuration issues and access violations

Course Topics
Understanding the Database Vault Option
 Describing Scenarios
Identifying the Components of Database Vault
Using the Database Vault Administrator Software
Understanding How Database Vault Components Relate to One Another

Installing Database Vault
 Listing the Requirements
Running the Installer Software
Listing the Accounts and Schemas that are Created

Configuring Realms
 Using Realms to Provide Separation of Duties
Creating Realms that Protect Schemas and Applications
Using Realms to Protect Role Granting
Understanding the Views that Describe Realm Data
Understanding the API that Configures Realms

Defining Factors
 Listing the Predefined Factors in Database Vault
Auditing the Use of Factors
Listing the Differences Between Factors and Context Variables
Creating Factors Using Constants
Creating Factors that Refer to PL/SQL Procedures
Creating Factors that Rely on Other Factors
Identifying the Difference Between "For Session" and "By Access" Factors
Validating a Factor's Value

Defining Identities
 Understanding the Purpose of Identities
Understanding the Difference Between Identities and Factors
Mapping Factors to Identities
Assigning Oracle Label Security to Identities
Assigning Trust Levels to Identities
Describing the Identity Views

Defining Rule Sets
 Creating "Any True" and "All True" Rule Sets
Auditing the Use of Rule Sets
Defining a Rule Set Handler to Customize Rule Set Behavior
Using Rule Sets to Customize Realm Access
Using Rule Sets to Control Setting of Factors
Understanding the Rule Set API
Using the Rule Set Views
Reporting on Rule Set Configuration Issues

Configuring Command Rules
 Creating Command Rules
Using Command Rules to Customize Control of Specific Command Execution
Listing the Delivered Command Rules
Using the Command Rule Views
Reporting on Misconfigured Command Rules
Using the Command Rule API

Configuring Secure Application Roles
 Creating Secure Application Roles
Using Rule Sets with Secure Application Roles
Using Secure Application Roles to Customize Data Access
Auditing Secure Application Roles
Reporting on Secure Application Role Configuration Issues

Viewing Reports
 Listing the Database Vault Reporting Capabilities
Reporting on Configuration Changes
Reporting on Component Configuration Problems
Viewing Audit Reports
Viewing Database Security Issues Reports

Implementing Best Practices
 Defining Separation of Duties Using Realms
Setting Up an Application DBA Account
Enabling and Disabling Database Vault
Diagnosing Database Vault
Locking Down SYSDBA Usage
Preventing Accidental Loss of Data
Locking into an Application Server
Improving Performance of Database Vault Components