Call: +44 (0)1904 557620 Call
Hardening

Hardening and Securing an Oracle Database Training Course [ 1 Day ]

Course Description

This course is a one day seminar that teaches the delegates how to perform simple yet effective and also limited by cost measures where appropriate in their databases. This is with a single goal to reduce the risk to attack, misuse and abuse of data held in their Oracle databases.

The class starts with a review of why a database can be insecure and moves quickly into a simple yet effective security audit (including a free tool that you can use yourself) and then goes on to investigate the results and formulate actions and demonstrations to secure a database effectively.

Course Goals

Most databases that are built are unfortunately designed with a bigger focus on performance, functionality and availability with security being the poorer cousin. If you are charged with designing, building or managing an Oracle database then you must consider; what are the risks to the security and validity of "your data". This class focuses on structured hardening and locking down of key data and key activities in your databases with some free tools and examples to help you improve your skills in securing data in an Oracle database.

Course Duration

The class is One Day 9am to 5pm and is instructor lead and class room based with demonstrations.

Course Location

The course can be held at your site or students can attend a public class. See the main Oracle Security training page for any public classes that are scheduled at present. Details of on-site requirements and other facilities are provided during the booking process.

Course Pre-Requisites

The delegates must have a good working knowledge of PL/SQL ideally as a Developer or DBA to appreciate the content. The class is intended for DBAs and developers who can write PL/SQL and is of an intermediate level when vulnerabilities are explained but a developer who can write PL/SQL can understand the secure coding practices.

Course Materials

The student will receive a URL to download a zip file that includes:

  • The course notes as PDF files
  • Free PL/SQL tools and scripts
  • All of the examples used as SQL and PL/SQL scripts

Course Outline

The course outline is as follows

  • Why is data insecure
    • Introduction to the example systems
    • Some realistic demonstrations to show how data can be exposed and leaked and stolen due to design decisions and weak hardening
  • Data leakage
    • Data leakage due to the way Oracle works
    • Data leakage due to incomplete solutions
    • Placing data security into categories (10/30/60)
    • Looking at how data access and controls affect security
    • The task of securing all data held in Oracle
  • A sample database audit
    • A walk through running a simple free audit scanner script with approximately 50 tests
    • Showing the results of the audit
  • Investigation
    • A walk through of the results plus placing the possible solutions in context both in terms possibility and also cost
    • Look at the hardening issues located
    • Look at design issues located with a detailed overview of the reports tool output and showing where and what we could do to reduce the risk posed to the data to the most effect
  • Solutions for the data lock down
    • The design solutions presented will be implemented as examples in our sample system
    • User privilege analysis and least privilege steps to reduce risks
    • User authentication and password lock down, protection and profiles design
    • DBA role design
    • DBA access lockdown and process
    • Third party and developer access to the database techniques, process and tools
    • Break glass access, lockdown and monitoring techniques
    • Context based security around time, location and privilege
    • Provisioning of user accounts
  • Conclusions
    • What is next
    • Automated scanning
    • Lock down of all databases
    • Policy design and lock down
    • Show how our lock down efforts affect our simple database and application

Course Instructor

The course is delivered by Pete Finnigan, a principal consultant with years of real world experience in auditing and securing and hardening customers Oracle databases. Pete is also well known for writing and presenting extensively in the area of Oracle security including the SANS Step-by-Step guidebook. The course includes the slides and delegate notes and is delivered on customers sites.

Course Price Structure

This course is offered at a fixed base price with an additional small fee per student. Ask us for more details by emailing info@petefinnigan.com.

Download a PDF Flyer

Download a 2 page pdf flyer that describes the course details. 2 Page flyer - Hardening and Securing Oracle Training Course Flyer