Pete Finnigan's Oracle Security Weblog

KK Mookhey who is based in India and is CTO of Network Intelligence India Pvt. Ltd has written an excellent paper about auditing an Oracle database, this was published sometime ago but is still generating interest and quite a lot of people have not seen or read it yet so I thought I would talk about it here. The paper is called "Auditing Oracle Security" and is available here.

This paper is very well written and covers a good degree of the ground to get anyone started on trying to secure a database. It covers the installation, parameters, users and profiles, default accounts, how to use auditing, even defunct accounts, password management, roles and privileges and of course the listener. KK also talks about controls within the database such as the product user profile functionality for controlling access through SQL*Plus. He covers Virtual Private Databases (VPD) and encryption. KK also gives good advice on how to focus any audit of an Oracle database.

This is a good overall discussion on Oracle security and anyone starting to think about auditing an Oracle database should read it before delving into more detailed discussions and tools.