Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Oracle Security training in Edinburgh with Pete Finnigan"] [Next entry: "Undocumented Oracle - Using ENUM's in PL/SQL"]

New Oracle Security book out

I received a copy of Ron Ben Natan's new book "How To Secure and audit Oracle 10g and 11g" (The link is because I am in the UK, you can find the book on from the author name or ISBN) last week. I wanted to find time to mention Ron's book last week but travelling for work meant I had little spare time at all.

This is a good book, I like the format of "howtos", i like the way it concentrates particularly on the audit trails sections (note the audit in the title refers to audit trail rather than security auditing) on the functionallity available from Oracle. This is important as still most sites I visit do not employ audit trails in the database itself. Often sites use auditing in the database but for application level activities. It is important that sites audit database activity with the same vigour as application level auditing and understanding whats available with the database is a good start to set up and run and use something.

The book is focused at a hardening level and covers various privilege and access issues. It also covers encryption and authentication and of course auditing solutions. It also covers the new technologies/products from Oracle; Audit vault and Database vault.

This is a good book.