Main Office:	800.631.0410
Sales Office:	800.533.3893

Oracle Database 11g: Encryption & Advanced Data Security

Course: OR11SEC

Duration: 3 Days

Level: I

On our website at: http://www.verhoef-training.com/courses/OR11SEC.html

Course Summary

Threats to data security abound and are increasing in sophistication and frequency. Organizations have both an ethical and oftentimes a legal responsibility to understand the countermeasures available, to compare these against those threats to which they are exposed, and to properly apply such countermeasures.

This training course module considers how encryption technology should, and should not, be employed within an Oracle database environment in response to known threats and risks. It will also discuss other best security practices which pertain to application security, host system configuration and the database installation.

Topics Covered In This Course

ABOUT DATABASE SECURITY

DATA SECURITY & POTENTIAL THREATS
DATABASE SECURITY CHECKLIST
SECURING THE DATABASE INSTALLATION
SECURE BY DEFAULT CONFIGURATION

ENCRYPTION CONCEPTS

ABOUT ENCRYPTION
About SSL
Challenges With Asymmetric Encryption
What Is PKI?
A Certificate Challenge Scenario
What Is A Wallet?
Public]Key Cryptography Standards
NETWORK ENCRYPTION
STORAGE ENCRYPTION
FILE ENCRYPTION
ENCRYPTION LIMITATIONS
About Advanced Technology
Access Control
Protection Against A Malicious Insider
Encryption Algorithms & Potential Weaknesses
Data Encryption Algorithm Developments
Choosing A Data Encryption Algorithm
Message Integrity Algorithms
Choosing An Integrity Algorithm
MANAGING ENCRYPTION KEYS
Key Storage Strategies

APPLYING TRANSPARENT DATA ENCRYPTION

TRANSPARENT DATA ENCRYPTION
TDE Encryption Algorithms
About Column Encryption
MAC & The Integrity Algorithm
Is TDE Unbreakable?
Network Security
MANAGING TDE
Encryption Security Module
Changing The Default Encryption Security Module
Using Hardware Security Modules
Wallet Open Options
Create Wallet
Open & Closed Wallet
Advanced Options
Re]key Master Encryption Key
Migrate To HSM
Change Encryption Security Module Settings
Change Encryption Wallet Password
IMPLEMENTING TABLESPACE ENCRYPTION
SQL Create Tablespace With Encryption
Querying The Data Dictionary
Changing The Encryption State
IMPLEMENTING COLUMN ENCRYPTION
Specifying Column Encryption
Encryption Algorithms
Using The EM Interface
Limitations To Column Encryption
Performance Considerations

APPLYING FILE & LOB ENCRYPTION

SECUREFILE LOBS
Applying Encryption To LOBs
Examining SecureFile Encryption Using PL/SQL
Examining SecureFile Encryption Using EM
EXTERNAL TABLE ENCRYPTION
DATA PUMP ENCRYPTION
ENCRYPTION Parameter
ENCRYPTION_ALGORITHM Parameter
ENCRYPTION_MODE Parameter
ENCRYPTION_PASSWORD Parameter
Encryption Scenario
RMAN BACKUP SET ENCRYPTION
Backup Encryption Using EM
Backup Encryption Using RMAN
Decrypt During Recovery
ORACLE SECURE BACKUP

ORACLE NET SERVICES & SECURE COMMUNICATION

Oracle Net Within The Application Architecture
Components Within Oracle Net
COUNTERING DATABASE ATTACKS
Limiting Database Attacks
Preventing Denial]of]service Attacks
What Is A Denial]of]service Attack?
Preventing Attacks Against The Database
Avoiding Disclosure Of Vulnerabilities
Hiding The Database Banner
Oracle Net Services User Notifications
ORACLE NET NATIVE ENCRYPTION
Secure Communications
Encryption & Integrity Negotiations
Negotiation Security
Implementation With Oracle Net Manager
Integrity Rules
Encryption Rules
Implementation With sqlnet.ora
Advanced Security Settings

APPLICATION-BASED ENCRYPTION

ALGORITHMIC ADAPTATIONS
Stream Vs. Block Ciphers
Cipher Block Modification
Electronic Code Book (ECB)
Cipher Block Chaining (CBC)
Cipher Feedback (CFB)
Output Feedback Mode (OFB)
Cipher Block Padding
PKCS #5
ABOUT DBMS_CRYPTO()
Working With Encryption Data
Basic DBMS_CRYPTO() Capabilities
Key Generation
Encryption & Decryption
Specifying The Encryption Rules
Algorithm Specification
Block Cipher Chaining Modifier Specification
Block Cipher Padding Modifier Specification
Message Integrity Capabilities
Hash()
MAC()
A SIMPLE KEY MANAGEMENT APPROACH
Database Storage
Application Logic Storage

PROTECTING AGAINST SQL INJECTION ATTACKS

UNDERSTANDING THE THREAT
How Is The Threat Used?

What You Can Expect

Within this training course we will discuss these topics:

Consider examples of common security threats and sensitive data which might exist within an organization.
Review the essentials of a sound and secure database installation.
Consider known database security weaknesses and how these may be addressed.
Consider examples of specific attacks which could be launched against individual components within a data center or within the public networks.
Review the theory and concepts which underlie symmetric and asymmetric encryption.
Consider the primary elements involved in asymmetric encryption, including private and public keys, the Public Key Infrastructure, certificates, Certificate Authorities and wallets.
Discuss how symmetric or asymmetric encryption is applied to network traffic, database storage and external files.
Consider the limits of encryption strategies and when encryption could be misapplied and counterproductive.
Discuss the challenges and options available for encryption key storage.
Apply Transparent Data Encryption (TDE) to tablespace, column, export file, RMAN backup set file and SecureFile LOB encryption.
Use the Oracle Data Pump access driver to encrypt external tables.
Configure Oracle Net Services to repel database attacks and implement advanced security using encrypted network communication.
Implement an application]based encryption solution using the DBMS_CRYPTO() package.
Review the types of attacks which can be launched using SQL injection, and which countermeasures should be applied to repel these.
Implement enhanced application security using the Virtual Private Database (VPD) facility.

Who Should Take This Course

The primary target audiences for this course are:

Database administrators
Web server administrators
System administrators
Implementation specialists
Data center support engineers
Security administrators and compliance auditors

Related Courses

Code	Course Title	Duration	Level
OR11A1	Oracle Database 11g Administration I	5 Days	I	Details
ORADG	Oracle 11g Data Guard	3 Days	II	Details

Every student attending a Verhoef Training class will receive a certificate good for $100 toward their next public class taken within a year.

You can also buy "Verhoef Vouchers" to get a discounted rate for a single student in any of our public or web-based classes. Contact your account manager or our sales office for details.

Verhoef Training USA

Training Courses and On-Line Classes Preferred By IT Pros

Visit us at: http://www.verhoef-training.com