Chapter 1, Operating System Security, covers Tripwire and how it can be used for file integrity checking and intrusion detection in the first section. In the second and third sections, security measures related to user account security, network services and ports, security kernel tunables, local and remote login, and SSH are covered.

Chapter 2, Securing the Network and Data in Transit, contains recipes that explain how to secure data in transit, and covers the most important aspects related to Oracle listener security. In the first section, a step-by-step, classical, man-in-the-middle-type attack scenario is presented, in which an attacker placed in the middle hijacks an Oracle session, followed by the main measures to confront different interception-type attacks by using Oracle Advanced Security encryption and integrity, and alternatives such as IPSEC, stunnel, and SSH tunneling. The last part of this chapter has listener security as its main subject, covering features such as on-the-fly administration restriction, securing external procedure execution (extproc), and client connection control.

Chapter 3, Securing Data at Rest, contains recipes that explain how to use data at rest encryption, using an OS native method with LUKS for block device encryption, eCryptfs for filesystem encryption, DBMS_CRYPTO for column encryption, and Oracle Transparent Data Encryption for columns, tablespaces, data pump dumps, and database backups created with RMAN.

Chapter 4, Authentication and User Security, covers how to perform a security assessment using Oracle Enterprise Manager built in the policy security evaluation feature; the usage of a password cracker to check the real strength of database passwords; how to implement password policies and enforce the usage of strong passwords by using customized user profiles, secure application roles, passwordless authentication using external password stores, and SSL authentication.

Chapter 5, Beyond Privileges: Oracle Virtual Private Database, covers Oracle Virtual Private Database technology; here you will learn about session-based application contexts, how to implement row-level access policies using PL/SQL interface and OEM, column-level access policies, grouped policies, and how to implement exemptions from VPD policies.

Chapter 6, Beyond Privileges: Oracle Label Security, covers how to apply OLS label components to enforce row-level security, the usage of OLS compartments and groups for advanced row segregation, special label policy privileges, and how to grant access to label-protected data by using trusted stored units.

Chapter 7, Beyond Privileges: Oracle Database Vault, covers the main components of Oracle Database Vault, such as realm, command rules, rulesets, and factors, and how to use them to secure database access and objects. The last recipe covers the Oracle Database Vault audit and reporting interface, and how to use this interface for creating audit reports and various database entitlement reports.

Chapter 8, Tracking and Analysis: Database Auditing, covers the main aspects of the Oracle standard audit framework, such as session, statement, object and privilege auditing, fine-grained security, sys audit, and the integration of a standard audit with SYSLOG on Unix-like systems.

Appendix, Installing and Configuring Guardium, ODF, and OAV, covers the installation and configuration of IBM InfoSphere Database Security Guardium and how to perform security assessments, installation, and configuration of Oracle Database Firewall. It also covers the key capabilities and features, such as defining enforcement points and monitoring, installation, and configuration of Oracle Database Vault, its key capabilities, covering central repository installation, agent and collector deployments, and its reporting and real-time alerting interface.

This chapter is not present in the book, but is available as a free download from the link http://www.packtpub.com/sites/default/files/downloads/5269EN_AppendixA_Installing_and_Configuring_Guardium_ODF_and_OAV.pdf.