Call: +44 (0)7759 277220 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "New Video of Oracle Security Vulnerability Scanning"] [Next entry: "Pete Finnigan is now an Oracle ACE"]

Oracle Security at UKOUG December 2017



I have just had an email from the UKOUG to say that three of my presentations have been accepted for the upcoming conference on December 4th to 6th at the ICC in Birmingham. I will have one talk on the 4th December at 12:35 for a 50 minute session on "GDPR for the Oracle DBA". Here is the submission description:

GDPR is a new law amalgamating each of the 27(8) EU states data protection acts but it goes further than the current laws. There are now huge fines possible for loss of data and new rules that mean most companies will need to be compliant. What does GDPR mean for the DBA or Oracle person; what tasks do you need to help with as a DBA? - Finding data, classify data, protect data and more. Come along and see what GDPR will mean for the Oracle DBA and how it can affect your database

My second slot is on the 5th December at 09:00 for a 50 minute session. This session is "Auditing the Oracle Database". Here is the submission description:

Pete has extensive experience of visiting customer sites to review their Oracle database for security issues or because they have been breached or attacked. One common theme is seen time after time. No audit trails, or very little audit trails in evidence and of those who have an audit trail even fewer use the audit interactively. Pete has developed a toolkit of PL/SQL and SQL*plus scripts to allow a simple deployment of an audit trail to any single database and also to a central monitoring database. The only pre-configuration needed is to decide what policies you want, which alerts you need and to add some basic background information. the toolkit is extensive and allows automated centralisation of audit trails. The idea is to audit the core database engine and to be able to react to alerts in real time - maybe an attack? Pete will demo the deployment of the toolkit and show how attacks and misuse of the database can be detected easily.

This talk will include quite a bit of demo'ing on some Oracle XE databases and some simple hacking of the database and applications to see what audit trails are captured - should be fun!!

My final session on the 5th December at 12:25 is a 50 minute session - titled "Oracle security round table". This is an open free discussion format which will be all about Oracle Security so please come along and bring a question or discussion point. I have done this Oracle security round table for many years and its always been well attended and also contains some great questions and discussions.

I hope to see you all at the UKOUG in December in Birmingham!!