Skip Headers
Oracle® Database 2 Day + Security Guide
11g Release 1 (11.1)

Part Number B28337-01
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
View PDF

Index

A  B  C  D  E  F  G  H  I  K  L  M  N  O  P  R  S  T  U  V  W  X 

A

access control
data encryption, 6.2.2
enforcing, 5.2.1
Oracle Label Security, 6.4.1
administrative
accounts
about, 3.2.1
predefined, listed, 3.2.1
administrator access, 5.2.2
passwords, 3.6
administrative user passwords, 3.6
administrator privileges
write, on listener.ora file, 5.2.2
ANONYMOUS user, 3.2.1
ANY system privilege
protecting data dictionary, 2.3.2
APEX_PUBLIC_USER user, 3.2.2
application contexts, used in Oracle Virtual Private Database, 6.3.1
attacks
Denial of Service, 5.2.2
audit files, 7.4.2, 7.6.3
audit records, 7.3
viewing, 7.3
audit trail
DB setting, 7.4.2
XML file output, 7.4.2
auditing
about, 7.1
DDL statements, 7.4.4
default security setting, modified by, 7.4.3
DML statements, 7.4.4
fine-grained auditing, 7.1
guidelines, security, 7.6
historical information, 7.6.3
keeping information manageable, 7.6.2
monitoring user actions, 7.1
privilege audit options, 7.4.5
reasons to audit, 7.2
Sarbanes-Oxley Act
default auditing, 7.6.1
requirements, 7.4.3.1
suspicious activity, 7.6.4
viewing audit records, 7.3
where recorded, 7.3
authentication
certificate, 5.2.1
client, 5.2.1, 5.2.1
remote, 5.2.1, 5.2.1
strong, 3.7
user, 5.2.1
AUTHID CURRENT USER invoker's rights clause, 4.5.2.5
Axent firewall, 5.2.2

B

BFILEs, 2.4
BI user, 3.2.3

C

certificate authentication, 5.2.1
certificate key algorithm
Secure Sockets Layer, 5.2.3
certificates for user and server authentication, 5.2.1
CheckPoint firewall, 5.2.2
cipher suites
Secure Sockets Layer, 5.2.3
Cisco firewall, 5.2.2
client connection
stolen, 5.2.1
client guidelines, 5.2.1
compromised operating systems or applications, 5.2.1
configuration files, 5.2.3, 5.2.3
listener.ora
administering listener remotely, 5.2.2
sample, 5.2.2
tnsnames.ora, 5.2.3
typical directory, 5.2.3, 5.2.3
CONNECT role
privilege available to, 4.4
CONNECT statement
AS SYSDBA privilege, connecting with, 2.3.2
connections
AS SYSDBA privilege, 2.3.2
SYS privilege, 4.2
CREATE ANY TABLE statement, 4.2
CREATE DBLINK statement, 4.4
CREATE EXTERNAL JOB privilege
default security setting, modified by, 2.2
CREATE SESSION statement, 4.4
CREATE TABLE statement
auditing, 7.4.4
CTXSYS user, 3.2.1

D

data definition language
auditing, 7.4.4
data dictionary
about, 2.3.1
securing, 2.3.2
See also views
data files, 2.4
data manipulation language
auditing, 7.4.4
database accounts
See user accounts
Database Configuration Assistant
auditing by default, 7.4.3.1
default passwords, changing, 3.6
Oracle Label Security, installing, 6.4.3.1
Database Control
See Oracle Enterprise Manager Database Control
databases
restarting, 7.5.2
DBA_USERS view
about, 3.7
DBA_USERS_WITH_DEFPWD view, 3.5
DBCA
See Database Configuration Assistant
DBSNMP user
about, 3.2.1
passwords, default, 3.6
default passwords, 3.6
importance of changing, 3.5
default permissions, 2.4
default security settings
about, 2.2
enabling, 2.2
Denial of Service (DoS) attacks
audit trail, writing to operating system file, 7.4.2
networks, addressing, 5.2.2
DIP user, 3.2.2
disabling unnecessary services
FTP, TFTP, TELNET, 5.2.2
DROP ANY TABLE statement, 2.3.2
DROP TABLE statement
auditing, 7.4.4

E

eavesdropping, 5.2.1
encryption, 5.2.2
about, 6.2.1
algorithms, described, 5.3.2
components, 6.2.1
network traffic, 5.2.2
reasons not to encrypt, 6.2.2
reasons to encrypt, 6.2.2
Enterprise Edition, 3.7
examples
Oracle Label Security, 6.4.3
Oracle Virtual Private Database, 6.3.2
secure application roles, 4.5.2
standard auditing, 7.5
user session information, retrieving with SYS_CONTEXT, 6.3.2.4
EXECUTE privilege, 4.3
EXFSYS user, 3.2.1
external tables, 2.4

F

falsified IP addresses, 5.2.1
falsified or stolen client system identities, 5.2.1
files
audit, 7.4.2, 7.6.3
BFILEs, 2.4
configuration, 5.2.2
data, 2.4
external tables, 2.4
listener.ora, 5.2.2, 5.2.3
log, 2.4
restrict listener access, 5.2.2
server.key, 5.2.3
symbolic links, restricting, 2.4
trace, 2.4
tsnames.ora, 5.2.3
fine-grained auditing, 7.1
Firewall-1 firewall, 5.2.2
firewalls, 5.2.2, 5.2.2
guidelines, 5.2.2
ports, 5.2.3
supported
packet-filtered, 5.2.2
proxy-enabled, 5.2.2
FLOWS_020200 user, 3.2.2
FLOWS_FILES user, 3.2.2
FTP service
disabling, 5.2.2

G

Gauntlet firewall, 5.2.2
GRANT ALL PRIVILEGES
SELECT ANY DICTIONARY, 2.3.2
guidelines
auditing, security, 7.6
operating system accounts, limiting privileges, 2.4
operating system users, limiting number of, 2.4
Oracle home default permissions, disallowing modifying of, 2.4
passwords, 3.4
Secure Sockets Layer
mode, 5.2.3
TCPS protocol, 5.2.3
symbolic links, restricting, 2.4

H

HR user, 3.2.3
HTTPS port, 5.2.3

I

initialization parameters
AUDIT_FILE_DESTINATION, 7.7
AUDIT_SYS_OPERATIONS, 7.7
AUDIT_SYSLOG_LEVEL, 7.7
AUDIT_TRAIL, 7.7
configuration related, 2.6
default security, modified by, 2.2
FAILED_LOGIN_ATTEMPTS, 3.8
installation related, 2.6
MAX_ENABLED_ROLES, 4.6
modifying, 2.6.1
O7_DICTIONARY_ACCESSIBILITY
about, 2.6
data dictionary, protecting, 2.3.2
default setting, 2.3.2
setting in Database Control, 2.3.2
OS_AUTHENT_PREFIX, 5.4
OS_ROLES, 4.6
PASSWORD_GRACE_TIME, 3.8
PASSWORD_LIFE_TIME, 3.8
PASSWORD_LOCK_TIME, 3.8
PASSWORD_REUSE_MAX, 3.8
PASSWORD_REUSE_TIME, 3.8
REMOTE_LISTENER, 5.4
REMOTE_OS_AUTHENT, 5.2.1, 5.4
REMOTE_OS_ROLES, 4.6, 5.4
SEC_CASE_SENSITIVE_LOGIN, 3.8
SEC_MAX_FAILED_LOGIN_ATTEMPTS, 3.8
SEC_RETURN_SERVER_RELEASE_BANNER, 2.6
SQL92_SECURITY, 4.6
intruders
client connections, attacking, 5.2.1
invoker's rights, 4.5.2.5
IP addresses
falsifying, 5.2.2
guidelines, 5.2.1
IX user, 3.2.3

K

Kerberos authentication
password management, 3.7

L

LBACSYS user, 3.2.1
least privilege principle, 4.2, 4.2
listener
establishing a password, 5.2.2
not an Oracle owner, 5.2.2
preventing online administration, 5.2.2
restrict privileges, 5.2.2, 5.2.2
secure administration, 5.2.2
listener.ora file
administering remotely, 5.2.2
default location, 5.2.3
online administration, preventing, 5.2.2
TCPS, securing, 5.2.3
log files, 2.4

M

MDDATA user, 3.2.2
MDSYS user, 3.2.1
MGMT_VIEW user, 3.2.1
modes
Secure Sockets Layer, 5.2.3
monitoring
See auditing
multiplex multiple-client network sessions, 5.2.2
multitier environments, auditing, 7.4.6

N

Net8 network utility
See Oracle Net
network activity
auditing, 7.4.8
Network Associates firewall, 5.2.2
network authentication services, 3.7
smart cards, 3.7
token cards, 3.7
X.509 certificates, 3.7
network encryption
about, 5.3.1
components, 5.3.1
configuring, 5.3.2
network IP addresses, 5.2.2
networking security
Denial of Service attacks, addressing, 5.2.2
guidelines for clients, 5.2.1
Secure Sockets Layer guidelines, 5.2.3

O

object privileges, 4.2
OE user, 3.2.3
operating system access, restricting, 2.4
operating system account privileges, limiting, 2.4
operating system users
limiting number of, 2.4
operating systems
default permissions, 2.4
Oracle Advanced Security
authentication protection, 3.7
network traffic encryption, 5.2.2
Oracle Connection Manager
firewall configuration, 5.2.2
Oracle Enterprise Manager Database Control
about, 1.3
Oracle home
default permissions, disallowing modifying of, 2.4
Oracle Java Virtual Machine (OJVM), 2.5
Oracle Label Security
about, 6.4.1
components, 6.4.1
example, 6.4.3
guidelines in planning, 6.4.2
how it works, 6.4.1
installing, 6.4.3.1
Oracle Net
encrypting network traffic, 5.3.2
firewall support, 5.2.2
Oracle Virtual Private Database
about, 6.3.1
advantages, 6.3.1
application contexts, 6.3.1
components, 6.3.1
example, 6.3.2
Oracle Wallet Manager
with transparent data encryption, 6.2.4.2
ORACLE_OCM user, 3.2.2
ORDPLUGINS user, 3.2.1
ORDSYS user, 3.2.1
OUTLN user, 3.2.1
OWBSYS user, 3.2.1

P

pass phrase
read and parse server.key file, 5.2.3
passwords
administrative, 3.6
administrative user, 3.6
changing, 3.5
complexity, 3.7
default security setting, modified by, 2.2
default user account, 3.5
history, 3.7
length, 3.7
listener, establishing for, 5.2.2
management, 3.7
management rules, 3.7
profiles
enabling default settings, 7.4.3.2
requirements, 3.4
SYS user, 3.6
SYSTEM user, 3.6
permissions
default, 2.4
run-time facilities, 2.5
PIX Firewall firewall, 5.2.2
PM user, 3.2.3
principle of least privilege, 4.2, 4.2
privileges
about, 4.1
auditing, 7.4.5, 7.4.5
CREATE DBLINK statement, 4.4
system
ANY, 2.3.2
DROP ANY TABLE, 2.3.2
SELECT ANY DICTIONARY, 2.3.2
SYSTEM and OBJECT, 4.2
using proxies to audit, 7.4.6
PUBLIC user, 3.2.2
PUBLIC user group
revoking unnecessary privileges and roles, 4.3

R

Raptor firewall, 5.2.2
remote authentication, 5.2.1, 5.2.1
REMOTE_OS_AUTHENT initialization parameter, 5.2.1
restarting a database, 7.5.2
roles
CONNECT, 4.4
create your own, 4.4
job responsibility privileges only, 4.4
root file paths
for files and packages outside the database, 2.5
RSA private key, 5.2.3
run-time facilities
restricting permissions, 2.5

S

Sarbanes-Oxley Act
auditing requirements, 7.4.3.1
default auditing, 7.6.1
schema objects
auditing, 7.4.7
SCOTT user
about, 3.2.3
restricting privileges of, 4.4
sec_admin example security administrator
creating, 4.5.2.1
removing, 7.5.5
secure application roles
about, 4.5.1
advantages, 4.5.1
components, 4.5.1
example, 4.5.2
invoker's rights, 4.5.2.5
user environment information from SYS_CONTEXT SQL function, 4.5.2.5
Secure Sockets Layer
administering listener remotely, 5.2.2
certificate key algorithm, 5.2.3
certificates, enabling for user and server, 5.2.1
cipher suites, 5.2.3
configuration files, securing, 5.2.3
guidelines, 5.2.3
mode, 5.2.3
pass phrase, 5.2.3
RSA private key, 5.2.3
server.key file, 5.2.3
TCPS, 5.2.3
security administrator
example of creating, 4.5.2.1
removing sec_admin, 7.5.5
security tasks, common, 1.2
SELECT ANY DICTIONARY, 2.3.2
SELECT ANY DICTIONARY privilege
data dictionary, accessing, 2.3.2
sensitive data
Oracle Label Security, 6.4.1
Oracle Virtual Private Database, 6.3.1
secure application roles, 4.5.1
separation of duty concepts, 4.5.2.1
server.key file
pass phrase to read and parse, 5.2.3
session information, retrieving, 6.3.1
SH user, 3.2.3
shutting down a database, 7.5.2
SI_INFORMTN_SCHEMA user, 3.2.1
smart cards, 3.7
SPATIAL_CSW_ADMIN_USR user, 3.2.2
SPATIAL_WFS_ADMIN_USR user, 3.2.2
SQL statements
auditing, 7.4.4
using proxies to audit, 7.4.6
SQL*Net network utility, 5.2.2
SSL
See Secure Sockets Layer
standard auditing
about, 7.4.1
auditing by default, 7.4.3.1
enabling or disabling audit trail, 7.4.2
example, 7.5
in multitier environment, 7.4.6
network activity, 7.4.8
privileges, 7.4.5
proxies, 7.4.6, 7.4.6
schema objects, 7.4.7
SQL statements, 7.4.4
starting a database, 7.5.2
strong authentication
guideline, 3.7
symbolic links
restricting, 2.4
SYS user
about, 3.2.1
password use, 3.6
SYS_CONTEXT function
example, 6.3.2.4
SYS_CONTEXT SQL function
validating users, 4.5.2.5
SYS.AUD$ database audit trail table
about, 7.4.2
DB (database) option, 7.5.1
DB, EXTENDED option, 7.4.2
XML, EXTENDED option, 7.4.2
SYSDBA system privilege, 7.5.2
SYSMAN user
about, 3.2.1
password use, 3.6
passwords, default, 3.6
SYS-privileged connections, 4.2
system identities, stolen, 5.2.1
system privileges, 4.2
ANY, 2.3.2
DROP ANY TABLE statement, 2.3.2
SELECT ANY DICTIONARY, 2.3.2
SYSTEM user
about, 3.2.1
password use, 3.6

T

tablespaces
encrypting, 6.2.4.4.2
TCPS protocol
Secure Sockets Layer, used with, 5.2.2
tnsnames.ora file, used in, 5.2.3
TDE
See transparent data encryption
TELNET service
disabling, 5.2.2
TFTP service
disabling, 5.2.2
token cards, 3.7
trace files, 2.4
transparent data encryption
about, 6.2.3
advantages, 6.2.3
components, 6.2.3
configuring, 6.2.4
how it works, 6.2.3
performance effects, 6.2.3
storage space, 6.2.3
table columns
checking in database instances, 6.2.5.3
checking individual tables, 6.2.5.2
encrypting, 6.2.4.4.1
tablespaces
checking, 6.2.5.4
encrypting, 6.2.4.4.2
wallets, 6.2.4.2
tsnames.ora, 5.2.3
typical directory, 5.2.3

U

UDP and TCP ports
closing for ALL disabled services, 5.2.2
user accounts
about, 3.1
administrative user passwords, 3.6
default
changing password, importance of, 3.5
expiring, 3.3
finding information on, 3.7
locking, 3.3
password requirements, 3.4
predefined
administrative, 3.2.1
non-administrative, 3.2.2
sample schema, 3.2.3
securing, 3
unlocking, 3.3
user session information
retrieving, 6.3.1
users
ANONYMOUS, 3.2.1
APEX_PUBLIC_USER, 3.2.2
BI, 3.2.3
CTXSYS, 3.2.1
DBSNMP, 3.2.1
DIP, 3.2.2
EXFSYS, 3.2.1
FLOWS_020200, 3.2.2
FLOWS_FILES, 3.2.2
HR, 3.2.3
IX, 3.2.3
LBACSYS, 3.2.1
MDDATA, 3.2.2
MDSYS, 3.2.1
MGMT_VIEW, 3.2.1
OE, 3.2.3
ORACLE_OCM, 3.2.2
ORDPLUGINS, 3.2.1
ORDSYS, 3.2.1
OUTLN, 3.2.1
OWBSYS, 3.2.1
PM, 3.2.3
PUBLIC, 3.2.2
SCOTT, 3.2.3, 4.4
SH, 3.2.3
SI_INFORMTN_SCHEMA, 3.2.1
SPATIAL_CSW_ADMIN_USR, 3.2.2
SPATIAL_WFS_ADMIN_USR, 3.2.2
SYS, 3.2.1
SYSMAN, 3.2.1
SYSTEM, 3.2.1
WMSYS, 3.2.1
XDB, 3.2.1
XS$NULL, 3.2.2

V

valid node checking, 5.2.2
views
DBA_USERS, 3.7
DBA_USERS_WITH_DEFPWD, 3.5
Virtual Private Database
See Oracle Virtual Private Database
VPD
See Oracle Virtual Private Database
vulnerable run-time call, 2.5
made more secure, 2.5

W

WMSYS user, 3.2.1

X

X.509 certificates, 3.7
XDB user, 3.2.1
XS$NULL user, 3.2.2