I am deeply privileged to have contacted by Packt Publishing for reviewing their new book intended to teach recipes for securing Oracle 11g database against a typical hacker.
The book is authored by Adrian Neagu. The authors profile is available in the publishers website. A sample chapter is available for free reading in this link or for download as PDF file.
You may buy either ebook (all formats such as Kindle, PDF, epub are available) or print version which includes ebook if you buy online from this website.
The book is meant for mid level DBAs who has basic understanding of security concepts. Its not at all an entry level DBAs book.
Having said so much about the book, we will now discuss what the book talks about.
One of the most used database in the world, Oracle is also proud of having delivered a reliable and solid system for various types of industries across the world. Using real-world scenarios this book covers how the database can be made secure from a hacker.
Covering from the ground level, this book covers operating system security, network data security, user security, VPD etc. This book also discusses in detail password crackers and mechanism to check the strength of database passwords.
The contents of this book is presented as DIY examples. All you need to test the recipes are Oracle Virtual Box, and 11g database(s). In this way it is very easy to learn where the loopholes security lie. As from my experience, learning the practical way has been found more effective rather than a theoretical study.
From ground-up that is from securing physical database files, there are lot of recipes that will help secure the environment wherein database is residing. The first mechanism is to start with guidelines to maintain the environment which is fairly simple in understanding. In general a typical operating system will have more services running in it than which are required. Same is true for ports which are open. There are recipes in this book which are very easy DIY style which makes you understand and secure the operating system.
Understanding that even if a database is secured against varied attacks but the environment in which the database is installed is very easy to penetrate leaves a big advantage for a hacker to take control of the database and the environment in which it is installed.
Also thereby disabling a service we are reduce the resource consumption of the machine which gives more power on demand to the database.
The book is intended for Oracle DBAs, any IT professional interested to know more about security features (preferably having worked in oracle database). Also anybody who is spearheading the security department of an organization can benefit from the information presented in this book. The book does not teach basic security concepts, it is assumed that the reader is aware of such terms and topics in general.
As they say for diseases, prevention is better than cure. The same logic applies in safeguarding the database which is a central component of any organization now-a-days.
This book is a must for every DBA who is serious in safeguarding his/her database as it covers:
- How to identify and fix security holes
- Advices on how to safeguard the database by way of audits, operating system file intrusion identification mechanism
References on various research carried over by various gurus in