Call: +44 (0)7759 277220 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

Two New Oracle Security Public Class Dates

I will be teaching two of my Oracle Security classes with Oracle University soon.

The first is my class "Securing and Locking Down Oracle Databases". This class will be taught on the 24th January on-line via the Oracle LVC platform. The class will be 8 am to 4pm UK hours and 9am to 5pm EU hours. The class focuses on how to lock down and secure the database platform and also data in a sample database and applications. The day starts with a look at all of the issues in my sample Oracle database and applications by hacking the database as different "actors" - a DBA, a developer and a web user. We then assess where and how we can secure the Oracle database platform and also apply data security to the critical data itself. We then proceed to actually lock down an Oracle database in quite a detailed way. We cover patching, hardening of the database, defaults, default users, users rights and privilege, data access, network controls, locking down Linux and much more; we also apply a comprehensive audit trail. The day ends with a look at where we have been and also we hack the database again and show how now its secure but also that audit captures the attacks. If you would like to attend this class please see Oracles registration link and I hope to see you there.

The second public class on the 7th February with Oracle again held as on-line live training and again from 8am to 4pm UK time and 9am to 5pm EU time. This class is an appreciation of Oracle security. We start the day with the basics; looking at the current data security landscape, exploring threats, risks and countermeasures as well as looking at what is Oracle Security. We go on to discuss the aim of Oracle security, the actors, the process and the possible solutions. Next we focus on how the database works in terms of security and how your design choices in terms of data access ad user rights affect the security of data. We cover common attacks and how hackers may access your database and steal your data. We then discuss the approach, how to secure and plan to secure all data and all databases, possible solutions and also creation and use of a data security policy. We have a whole chapter on designing audit trails and also a whole chapter on what if the worsts happens - i.e. you are hacked. We finish the day with a discussion of compliance and automated testing of your databases. If you would like to book your place then please register via Oracles registration page.

Both classes are taught by Pete Finnigan and will include a complete download of the slides and notes and hundreds of free SQL and PL/SQL scripts and tools for you to take away and use.