Subject: Information Technology Book Index: HOW To Secure and Audit Oracle Style: Chicago anual of Style!

Indented

A Acce"" control di"cretionary! #$ external %olicy definition for legacy a%%lication" &ith limited! '() "en"iti*e data! $+( u"er"! + Acce"" Control ,i"t" adding %ri*ilege" to! '-./'-0 a""igning to net&ork "er*ice! '-0/'-) dba1net&ork1acl" to *ie&! '-)/'-2 creating! '--/'-. Account" 3uerie" A,T45 S6ST4 and A,T45 S4SSIO7 %ri*ilege"! '../'.) B4CO 4 8S45 %ri*ilege"! '.. S6S9BA and S6SO:45 %ri*ilege"! '.-/'.. AC4;Ser*er authentication to! #$$ u"ing 5A9I8S! #$'/#$AC,"! see Acce"" Control ,i"t" Acti*ity o*er*ie& re%ort! $)) Acti*ity re%ort" audit information! $)0 &ith %redefined and cu"tom re%ort"! $)2 A991:O,IC6 %rocedure! '0#/'0$ Addre"" 5e"olution :rotocol "%oofing! #'./#'0 Admini"trator auditing audit trail" and! $#2 9< change"! -()/-(2 to enable! $#) Admini"trator authentication! #(-/#(. Admini"trator %ri*ilege"! enforcing limit" on! '2' A9 I7154ST5ICTIO7S o%tion! '( Ad*anced 4ncry%tion Standard! )2 one round of! )0 =O5 &ith "ubkey! ). A4S! see Ad*anced 4ncry%tion Standard A,T45 8S45 command! .0/.)! #$2! #'(

Anomaly detection! $+# A:I function"! '+./'+2 A%%lication acti*ity monitoring! $+( A%%lication encry%tion! #.-/#.. A5CHI<4,O> mode! $.# A5: "%oofing! see Addre"" 5e"olution :rotocol "%oofing ASO data integrity! #-# SS, authentication u"ing! #(+ authentication "e3uence in! ##(/### ba"ic "te%" in! ##'/##. hand"hake bet&een client and "er*er! ##$ Audit command" at column le*el! $$2/$$+ 7OA89IT to di"able! $(+ %er acce"" or %er "e""ion! #+./#+2 "ucce""ful and "ucce""ful! #+'/#+. u"er name" a" 3ualifier"! $#(/$## Audit1condition 3ualifier! $$2 Audit data log *ie&ing onto A< con"ole! $)0/$)2 Audit e*ent"! filtering for! $)) Auditing! see Standard auditing A89IT 7OT 4=IST! $(( Audit 3ualifier"! see Audit command" Audit record" %er acce""! #+. SCOTT?4 :! #+0 S4SSIO7 54C! #+) %er "e""ion! #+.! #+2 table" and *ie&" u"ed to *ie& 9BA1A89IT1T5AI,! $(./$(0 9B or 9B!4=T47949! $(<@= ,1A89IT1T5AI, and 9BA1A>A1A89IT1T5AI,! $() Audit rule"! on "ource databa"e" acti*e! $)$ defining! $)#/$)$ ex%orting and im%orting! $)#/$)$ managing from A< con"ole! $)( "etting u%! $)(/$)# A89IT S4SSIO7! #++/$(( A89IT1S6S,O>1,4<4,! $$( A89IT1S6S1O:45ATIO7S! $#) Audit trail" for 9BA acti*ity! #22 for 9B and 9B14=T47949! #2+/#+(

definition of! #2) to enable;di"able! #22 to OS audit file"! #+(/#+$ audit record in! #+# re"tarting databa"e for! #+( 8nix! #+(/#+# to = ,! #+#/#+$ Authentication definition of! ++ u"er"! + AutoBlogin &allet! #() A<! see Oracle Audit <ault A< agent"! $.0 and A< "er*er! communication" bet&een A< con"ole! $0"ecure communication "cheme! $0$/$0' unencry%ted communication"! $0' de%loying! $.2 in"talling! $0#/$0$ "tarting! $0+ A< audit re%ort"! $)0 A< audit &arehou"e "tar "chema! $.2 A< collector" audit data from "ource databa"e! extracting! $../$.0 managing u"ing a*ctl on A< "er*er! $02/$0+ re*ie&ing and controlling! $0)/$02 "tarting! $0+ ty%e" of! $.) A< con"ole refre"hing &arehou"e from! $)-/$). *ie& audit data &ithin! $)0/$)2 *ie&ing agent "tatu" on! $0' A<CT,! managing agent" and collector" by! $02/$0+ A< "er*er collector" and! $)'/$)com%onent" of! $.. "ource databa"e! communication bet&een! $.0 to "tart and "to%! $)' &arehou"e configuring! $)-/$). managing! $). A< "ource"! "etting u%! $0-/$00 B Backu%"

encry%tion of 5 A7 configuration! #2#/#2$ T5A7S:A547T O94 or 98A, O94! #2Ba"eline"! see Configuration ba"eline" Before and after *alue! ca%turing %roblem" in! $.'/$.u"ing fla"hback 3uerie"! $-)/$.( %"eudoBcolumn"! $.# retention %eriod! long! $.# undo "egment"! "iCe of! $.$ u"ing trigger" AAT45 trigger! $')/$'2 audit record"! $'2 audit table! $'0 change" in data! $'2 Beha*ioral di*ergence! intru"ion detection! $+)/$+2 Black li"t"! $+2 Block ci%her"! )2 C Ca"eB"en"iti*e %a""&ord"! 0./00 CBC! see Ci%her block chaining Certificate Authority DCAE! 20 in bro&"er! 2)! +( Certificate re3ue"t creating! +. "igning %roce""! +0 Certificate" for authentication! initiating connection u"ing! ##$ and digital "ignature" me""age authentication! 2. %ublic key! 2-! 20 general information in! 2) in I4! 2)! 2+ "igning %roce""! +0 in &allet! +-/+.! +0 CAB! see Ci%her Aeedback CHAI71CAB! #.0 Chaining mode! )2 Change management! o*erhead a""ociated &ith! $2. CHA7>41:ASSWO59! '-! ') Change re3ue"t %roce""! enforcement of! '(2 Change tracking! 9< due to 9BA and SA! -'# general tool" for! -(2 for monitoring change" to Oracle executable! -(2/-(+

Change tracking tool" creating configuration ba"eline! #) for monitoring li"tener?ora! -Ci%her block chaining! )+! #.0 Ci%her Aeedback! )+ Ci%hertext! 2' CIS Oracle benchmark "ection" in! #Cla""ification %olicy! defining! -$+ Code *ulnerabilitie"! #2 Column encry%tion key for 4 :! #0) Column %ri*ilege" granted WITH >5A7T o%tion! '.# to *ie&! '#2 Command rule"! "ecuring u"er acti*ity &ith to %re*ent u%date" on SCOTT?4 :! '22/'2+ 8:9AT4S! B4F "e""ion! '+( u"er connection to databa"e! '+#/'+' Common <ulnerability Scoring Sy"tem for "ecurity *ulnerabilitie"! $( Com%liance re3uirement" databa"e "ecurity! see 7ational regulation"! databa"e "ecurity and monitoring data "ecurity! )/2 Com%uter "ecurity "tandard"! +( Com%uter&orld! data breach re%ort"! -! . Configuration ba"eline" and beha*ioral di*ergence! $+)/$+2 change tracking tool" role in creating! #)/#2 "e3uence monitoring! $+2 Co"t Ba"ed O%timiCer and A>A! $'$ C:8! see Critical :atch 8%date C54AT4 A76 TAB,4 %ri*ilege! '$C54AT4 ,IB5A56! -'! -C54AT4 8S45 command! .'! .0! 0) Credit card number! encry%ting and decry%ting! #.)! #)# Critical :atch 8%date! #. ri"k matrix! $$ "ecurity fixe"! $# Cry%togra%hic accelerator"! HS " a"! #)0 Cry%togra%hy definition of! )' main element" of! )'/)%ublicBkey! see :ublicBkey cry%togra%hy "ymmetricBkey! )-/). Cu"tomiCed re%ort! generating! $)2 C<SS "core

and OracleG" inter%retation of %roblem! $# for "ecurity *ulnerabilitie"! $( Cyclic Block Chaining DCHAI71CBCE! #../#.0 9 9A ! see 9ataba"e acti*ity monitoring 9A :! see 9ataba"e acti*ity monitoring and %re*ention 9A "y"tem" architecture" u"ed by interce%tionBba"ed architecture"! $2)/$22 3ueryBba"ed and logBba"ed architecture"! $22/$2+ endBu"er credential"! "ol*ing %roblem" of in a%%lication "er*er"! '#$/'#' Oracle in"tance account! '#$ u"ing dbm"1"e""ion to "et! '#' function" %ro*ided by! $+(/$+# im%act on databa"e communication" data %acket"! '(+ S:A7 %ort! '(2 traffic encry%tion! '(+/'#( normal beha*ior and intru"ion"! monitoring! $+) o*erhead re"ol*ed by! $2. realBtime alerting! $20 "torage re3uirement"! '#(/'## vs. SI4 "y"tem"! $20 9ata acce"" %rotection! -'2/-'+ 9ata backu%"! see Backu%" 9ataba"e acti*ity monitoring change management! $2. intru"ion detection! 2 through audit %olicy! -'0 u"e ca"e for! $2. 9ataba"e acti*ity monitoring and %re*ention! $2. architecture of! $+( im%ortant u"e ca"e" for de%loying out"ourced 9BA" and cro""Bboundary la&"! '() %ri*ileged u"er acce"" to "en"iti*e data! '(0/'() rogue a%%lication %re*ention! '(2 9ataba"e auditing! #' 9ataba"e breache" data targeted in! ) di"co*ery of! 0 incident" in*ol*ing! '/. in*ol*ing unkno&n factor"! . time until di"co*ery of! 0 9ataba"e encry%tion! #.-/#..

9ataba"e intru"ion"! $+)/$+2 9ataba"e "ecurity change tracking tool"! #) com%rehen"i*e im%lementation of! '(0 and monitoring! national regulation" to! $++/'(. regulation" affecting! ) 9ataba"e "ecurity %roject auditing of audit %olicy! -''/-'audit rule"! -'$/-'' audit trail"! -'$ re%ort generation! -'-/-'.! -'0/-') data di"co*ery! -$+ regulatory re3uirement"! -$)/-$2 re%ort generation! -'-/-'. "co%e of! -$0/-$) "er*er" and client connection"! -$2 9ataba"e Security Technical Im%lementation >uide! see 9ataba"e STI>" 9ataba"e STI>" ex%orting data! #$/#' generic "ection! #$/#' OracleB"%ecific "ection! #' a" uncla""ified document! #9ata breache"! '! . 9ata di"co*ery! -$+ 9ata encry%tion! #.$ a%%lication! databa"e! and "torage! #.-/#.. block ci%her"! ))/)2 and im%ort;ex%ort u"ing Oracle data %um% utilitie"! #)+/#2( u"ing 9B S1C56:TO! see 9B S1C56:TO u"ing fixed key! #0# u"ing T94! see T94 9ata extru"ion! $+2 9ata integrity algorithm"! #-( 9ataBinBtran"it! #$) encry%tion! %erformance im%act! #-+ SS, and 794 for! #') 9ata leak %re*ention! '() 9ata a"king o%tion! 4nter%ri"e anager te"t data! "anitiCing! $$ ma"king format! $' "en"iti*e data! $"tatu" of ma"king job"! $./$0 9ata modification attack"! #-( 9ata "ecurity! data breache" and noncom%liance! $/' 9BA1A89IT1:O,ICI4S! $'#

9BA1A89IT1T5AI,! $(./$(0 9BA1CO O71A89IT1T5AI,! $() 9BA1A>A1A89IT1T5AI,! $() 9BA1:5I<1A89IT1O:TS and 9BA1OBH1A89IT1O:TS! $(2 9BA %ri*ilege"! '$' 9BA1:5OAI,4S! 0+ 9BA1ST T1A89IT1O:TS! $()/$(2 9BA1TS1F8OTAS! )( 9BA89 collector"! $.) adding! $00 architecture of! $.+ re*ie&ing and controlling! $0)/$02 9BA18S45S! )( 9B S1C56:TO cry%togra%hic function"! #.2 decry%tion function"! #.0 encry%tion function"! #../#.0 for generating AC! #.2/#.+ ha"h function"! #.+ key management &ithin in cleartext on &ire! #0#/#0$ databa"e table! #0(/#0# file "y"tem! #0# ma%%ing data to key"! #0$ in Oracle #(g and ##g! #.) %adding function"! #.) vs. 9B S1OBA8SCATIO71TOO,IIT! #.)/#.2 9B S1A>A?A991:O,IC6 %rocedure! $$. 9B S1OBA8SCATIO71TOO,IIT! #.) 9ee% defen"e! see 9efen"e in de%th 9efault account" and %a""&ord"! 0-/0. 9efen"e in de%th for information "y"tem"! $0 military "trategy! $0 9enialBofB"er*ice D9oSE attack"! '( 94S! )) '94S! see Tri%le 9ata 4ncry%tion Standard 9iffie/Hellman key exchange client and "er*er! 2(/2# in context of %ublic;%ri*ate key"! 2math behind! 2#/2$ 9igital "ignature" originator and reci%ient! 20 %ri*ate key and %ublic key! 2. 9 , handler"! $-' 9 , trigger"! $'.

95O: 8S45 command! .) 98A,1 O94! #2( 9<! see Oracle 9ataba"e <ault 9<A?A@C,I47T1I:! '+./'+0 9<A?A@ ACHI74! '+) 9<A?A@74TWO5I1:5OTOCO,! '+0 9< realm"! '2) 9< "ecure a%%lication role"! '++ 9ynamic %olicy! ')$/')' 4 4la"tic defen"e! see 9efen"e in de%th 4lectronic Codebook D4CBE CHAI714CB! #../#.0 chaining! )2 &eak! )+ 4mbedding %a""&ord"! #(+ 4 :1A89IT record"! $-. 4 :19 ,1HA79,45 %rocedure! $-$ 4ncry%tion! )C:8Binten"i*e o%eration! #-+ of dataBatBre"t! #.$ of dataBinBtran"it! see 7et&ork encry%tionJ S&itched net&ork" im%lementation in 9A :! '() "en"iti*e data! + 4ncry%tion accelerator"! #-) 4ncry%tion algorithm"! see Cry%togra%hy 4ncry%tion key" acce"" to! $+( column for 4 :! #0) encry%ting table"%ace" &ith! #)#/#)$ for table column"! #047C56:TIO7 %arameter! #)+ 47C56:TIO71:ASSWO59 and 47C56:TIO71 O94! #2( 47C56:TIO71WA,,4T1,OCATIO7! #)) 4ntitlement audit re%ort"! 3uerie" for %roducing account" 3uerie"! '.-/'.) hierarchical model of %ri*ilege"! '-2/'-+ object %ri*ilege" by databa"e account! '.$/'.' granted to :8B,IC! '.'/'.granted WITH >5A7T! '.#/'.$ "y"tem %ri*ilege" and admin o%tion *alue"! '-+/'.# 4ntitlement audit"! ''. 4ntitlement management! +

4thereal! #'' 4=4C8T4 %ri*ilege! '$( to a%%ro%riate u"er"! '-# on %rocedure" a""igned to :8B,IC! '.5O7B! '$#! '$$ 4xternal executable"! -4xternal %a""&ord "tore" Oracle &allet a"! #()/#(+ SS, authentication and! ##$ 4xternal %rocedure" configuring li"tener for li"tener?ora entry and connection data! -$/-' SI9194SC "ection! -(/-$ "ecuring! -' u"ing %rinci%le of minimal %ri*ilege"! --/-. 4xternal "ecurity o*erlay! '2' 4=T5:5OC %rogram "ecuring! -'/-. SI9194SC "ection" load! -#/-$ *ulnerabilitie"! -$/-' A Aactor" A:I function"! '+./'+2 default! '+SO85C41:5O>5A ! creating! '+2/''+ AAI,491,O>I71ATT4 :TS! 0# Aederal Information :roce""ing StandardB#-( DAI:SB#-(E algorithm"! +# le*el" of "ecurity and re3uirement" im%o"ed in! +( A>A audit %olicie"! see A>A audit %olicie" audit trail! reading! $'#/$'$ of 9 , and S4,4CT! $$of 4 :! $$. %erformance of! $'$/$'' :,;SF, ex%re""ion! $$+ vs. "tandard auditing! $$' A>A audit %olicie" defining! $$' audit1condition 3ualifier! $$2/$$+ 9B S1A>A?A991:O,IC6 %rocedure and! $$. location to &rite audit record"! $$)/$$2 only in"ert" and u%date"! $$0/$$) "en"iti*e column"! $$./$$0 u"ing handler 3ualifier"! $$+/$'(

managing! $'(/$'# table" and *ie&" to *ie&! $'#/$'$ AineBgrained auditing! see A>A Ala"hback 9ata Archi*e enabling! $.$/$.' to track hi"torical change" to data! $.$ Ala"hback 3uerie" a%%lication" of! $-0 for extracting before and after *alue"! $-)/$.( %"eudoBcolumn"! $.# retention %eriod! long! $.# undo "egment"! "iCe of! $.$ > >uardium "y"tem change tracking ca%abilitie" of! -'#/-'$ com%liance %roce""! -'+ connection termination! --( full incident management a%%lication! --#/--$ databa"e "ecurity %roject auditing in audit %olicy! -''/-'audit rule"! -'$/-'' audit trail"! -'$ re%ort generation! -'-/-'.! -'0/-') functional foot%rint of! -$./-$0 H Handler 3ualifier"! $$+/$'( Hard&are acceleration! #-) Hard&are Security odule"! +# "ecure "torage of key"! #)0 T94 "u%%ort" to! #)) Ha"h algorithm! 0( hex character"! in %a""&ord ha"h! 00 HS "! see Hard&are Security odule" Hub"! #'I Identity theft! lo"" due to! $-0/$-) I7BO8791CO774CTIO71TI 4O8T1 your li"tener name! -+ InitialiCation %arameter! 0'/0A89IT1S6S,O>1,4<4,! #+( 54 OT41,O>I71:ASSWO59AI,4! #(. S4C1CAS41S47SITI<41,O>O7! 0. S4C1 A=1AAI,491,O>I71ATT4 :TS! 0$ In"%ectionBba"ed architecture"! see Interce%tionBba"ed architecture"

In"truction :re*ention Sy"tem" DI:SE! #'0 Integrity! #$ Interce%tionBba"ed architecture"! $2) Internet :rotocol Security ca%abilitie"! #-' "etu% on Solari"! #-./#-) "etu% on &indo&"! #--/#-. Intru"ion detection! $+# I:S4C! see Internet :rotocol Security IT "ecurity im%lementation! goal of! $0/$) H Ha*a 9ataba"e Connecti*ity DH9BCE dri*er"! configuring net&ork encry%tion for! #'+/#-( I Ierbero" authentication "cheme! ##. configuring connection to databa"e! ##+ creating Ser*ice :rinci%al DS:E for! ##)/##2 databa"e u"er"! ##2 Ser*ice Table! ##2 o%erating %rinci%le of! ##0/##) "ecurity feature"! ##+ Iey exchange SS,! +# Iey management &ith T94 encry%tion key for table column"! #0ma"ter key! #0. II,, command! .2