Call: +44 (0)1904 557620 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

Oracle Database Vault 12c Paper by Pete Finnigan

I wrote a paper about Oracle Database Vault in 12c for SANS last year and this was published in January 2015 by SANS on their website. I also prepared and did a webinar about this paper with SANS. The Paper on Database Vault in 12c was sponsored by Oracle.

The paper was an expert walkthrough of implementing and using Database Vault in 12c. It also covered the main components of Database Vault and showed how easy it is to enabled in 12c. The paper covered the new features added in 12c; the fact it is installed by default and just needs enabling, my favourite feature which is mandatory realms and also the new privilege analysis feature.

I installed an application locally on some VMs, added Database Vault and also built an Oracle Cloud control server and OEM repository. The application is meant to look realistic with its design and implementation issues and I showed how to enable Database Vault in this database and also showed some examples of how it can be used to protect the database out of the box and also how it can be configured to add additional protections.

I also added a walk through of using privilege analysis. The paper is over 24 pages long and is a nice practical walk through of this technology.

If you would like to read the paper it is here - Protecting Access to Data and Privilege With Oracle Database Vault

If you would like to learn much more about securing Oracle databases and protecting them then consider booking a place and attending PeteFinnigan.com Limiteds Oracle Security training Event in York in September 2015.

Unique Oracle Security Trainings In York, England, September 2015

I have just updated all of our Oracle Security training offerings on our company website. I have revamped all class pages and added two page pdf flyers for each of our four training classes. In have also updated the list of public up-coming classes.

Most importantly I have added a new unique event to be held in York, England from September 21st to 25th 2015. I am going to teach all four of our current Oracle security classes back to back during that week as a public training. Our classes are regularly updated and some are new so this is a great oppertunity. The classes are:

o - How to perform a security audit of an Oracle database - 2 Days
o - Secure coding in PL/SQL - 1 Day
o - How to design practical audit trails for an Oracle database - 1 Day
o - Harden and secure Oracle - 1 Day.

Each class is described in detail on the website; This is a unique event as I have never offered all four classes ( 5 days ) in one event before and also I do not teach at public events in the UK very often. This is a good oppertunity to get the best Oracle security training in the UK and at a good price per student.

You can book all five days or just some of them, it is entirely up to you!

If you are interested to join this training and book your place then please have a look at the web page I have created - Oracle Security Training in York 2015. I look forward to meeting you there.