Category Archives: Speaking

Blog posts about lectures, speaking and public appearances

Oracle 18c new Security Features

Today I had the opportunity to give a presentation on Oracle 18c new Security Features at the SOUG day in Baden. It was a great opportunity to discuss the security enhancements in the latest Oracle database release. This release introduces some new security features that simplify the secure operation of on-premises or cloud-based databases. Especially the new central managed user with MS Active Directory.

Based on first experiences and insights, the following topics have been discussed:

  • Create schema only accounts
  • Integration of Active Directory services with Oracle Database
  • Encrypt sensitive credential data in the data dictionary
  • Write Unified Audit Trail records to SYSLOG or the Windows event viewer
  • Use Oracle Data Pump to export and import the Unified Audit Trail
  • Authentication and certification parameters
  • Enterprise User Security Manager (EUSM)
  • User defined master encryption key
  • Keystore for each Pluggable Database
  • User defined master encryption key
  • Enhancements to Oracle Database Vault simulation mode
  • Grant Data Pump-Database Vault authorizations to roles
  • Oracle Database Vault support for Oracle Database Replay

The Killer feature in this release is definitely the centrally managed user with its simple MS Active Directory integration. It is an ideal solution to simplify the user management in small / midsize environments. For larger and more complex environments it makes more sense to engineer central user management using Oracle Enterprise User Security. Many other improvements are due to Oracle’s cloud strategy. Necessary and meaningful but not earth-shattering.

The presentation is available in English over the following links:

DOAG 2017 Oracle 12c Release 2 Datenbank-Sicherheit in a Nutshell

DOAG Konferenz 2017Below you will find a list of the different demo scripts used during the DOAG training day 2017 Oracle 12c Release 2 Datenbank-Sicherheit in a Nutshell. In general the script do need a SCOTT or a HR demo schema. Some of the scripts may have more requirements eg. Kerberos configuration, Oracle Enterprise User Security etc. The scripts are available free for anyone to use. I do not accept any responsibility for any damage, errors or anything whatsoever caused by running or using these scripts. The scripts have been tested thoroughly but as there are many platforms, Oracle versions and possible configurations, it does not mean that they will work for you when they work for me. Please check the file header for further information on the scripts, references etc before running them especially on production system.

 

Script Description
 01_authentication.sql Show authentication information of the connected user and its USERENV context
 02_privileges.sql Database privileges analysis demo
 03_vpd.sql Virtual Private Database demo with default and column masking.
 04_audit.sql Unified audit demo script
 05_redaction.sql Oracle Data Redaction demo script
 06_tsdp_redact.sql Transparent Sensitive Data Protection and Data Redaction demo
 07_tsdp_audit.sql Transparent Sensitive Data Protection and Unified Audit demo
 aui.sql Script to show authentication information of the connected user and from its USERENV context.
 hip.sql List init.ora parameter including hidden parameters.
 create_password_hash.sql Calculate Oracle DES based password hash from username and password.
 verify_user_password.sql Wrapper script to check if a user has a weak DES based password. Passwords will be displayed.
 verify_user_password_no.sql Wrapper script to check if a user has a weak DES based password. Passwords will not be displayed
 verify_alluser_passwords.sql Wrapper script to check if any user in sys.user$ has a weak DES based password. Passwords will be displayed.
 verify_alluser_passwords_no.sql Wrapper script to check if any user in sys.user$ has a weak DES based password. Passwords will not be displayed.
 verify_passwords.sql Check if user in sys.user$ has a weak DES based password
 verify_password_hash.sql Check if user has a weak password

Articles in DOAG Red Stack Magazin

A while ago I wrote two articles for the DOAG Red Stack Magazin. In the meantime both articles have been published. For this reason I use the opportunity to make the PDF versions of the articles available on oradba.ch. The articles are written in German and available as Trivadis version as well Red Stack version. Although the articles versions differ only in the number of typos and layout.

None of the articles are currently available in english. On request I will write also articles about Oracle Unified Directory in English in the future. However, currently I still have a lot of ideas for blog posts about database security, enterprise user security and unified directory on my to-do list. And blog posts I usually write in english… 🙂

GDPR and Database Security Speeches

The new EU GDPR and Database Security in general keeps me busy. I’ve updated the list of speeches and events for the next couple of month. It’s an interesting mix between GDPR, Oracle Database Security and MS SQL Server 2016 security. Depending on the feedback of the Call For Papers for the DOAG Conference and the Oracle OpenWorld there will probably be more. But for now I’ll definitely give a full day training on Oracle Database 12c Security at the Education day on DOAG Conference.

Upcoming events

  • Wed
    27
    Jun
    2018
    Stuttgart

    I present a lecture on Oracle Unified Directory on Docker at the DOAG SIG Security in Stuttgart. Slides and presentations will be in German. Short abstract on my presentations:

    Oracle Unified Directory ist eine All-in-One-Verzeichnislösung mit Speicher-, Proxy-, Synchronisations- und Virtualisierungsfunktionen. Je nachdem welche Deployment-Methode verwendet wird, lässt sich OUD einfach in einem Docker Container konfigurieren und betreiben. Im Rahmen dieses Vortrages werden Punkte rund um OUD on Docker besprochen.

    More Information on the Event including full agenda, registration etc is available on the DOAG web side DOAG SIG Events.

  • Tue
    20
    Nov
    2018
    Fri
    23
    Nov
    2018
    NĂĽrnberg Convention Center Ost

    As every year, the DOAG conference in NĂĽrnberg takes place in November. This year I've applied for four presentations and a security training respectively workshop for the education day.

    • Oracle New Security Features
    • Docker Security
    • Zentrales Audit mit Elasticsearch, Logstash und Kibana
    • Oracle EUS, Kerberos, SSL und OUD ein Leitfaden
    • Workshop Oracle Enterprise User Security mit Oracle Unified Directory und Active Directory Integration (Schulungstag)

    So far the workshop Oracle Enterprise User Security mit Oracle Unified Directory und Active Directory Integration has been approved. In a couple of weeks I'll know if also one of my presentations gets approved. See you at the DOAG in NĂĽrnberg.

  • Fri
    23
    Nov
    2018
    NĂĽrnberg Convention Center Ost

    Also this year I have the opportunity to hold a training at the DOAG conference. At the education day I'll have a workshop on Oracle Enterprise User Security with Oracle Unified Directory and Active Directory Integration.

    With a focus on the current versions of Oracle Database and Oracle Unified Directory, the following topics are discussed among others:

    • Password verifier and strong authentication such as Kerberos and SSL
    • Alternatives for central user administration of Oracle databases
    • Integration of Oracle Database 18c with Active Directory Services
    • Oracle Enterprise User Security
    • Introduction to Oracle Unified Directory
    • Blueprint to setup Oracle Enterprise User Security with Oracle Unified Directory and Active Directory integration
    • Other topics such as high availability, backup & recovery and licensing

    Looking forward to see you at the DOAG in NĂĽrnberg. If I am lucky, even one or other presentation will be confirmed.

Have you missed an event? In this case check out the download page or blog post categorized with speaking. If possible, I’ll provide all information online?

DOAG Webinar Oracle 12.2 New Security Features

A couple of days ago I’ve successfully finished the DOAG Webinar on Oracle 12c Release 2 new Security Feature. It was a great opportunity to discuss the security enhancements in the latest Oracle database release. This release introduces some new security features that simplify the secure operation of on-premises or cloud-based databases. Especially the online encryption of tablespaces with TDE.

Based on initial experiences and insights, the following topics have been discussed:

  • Authentication
  • Authorization
  • Database Auditing with Unified Audit
  • Encryption with Transparent Data Encryption
  • As well as an overview of further innovations in database security

The slides and the recording of the webinar is available in German over the following links:

EU GDPR, MS SQL Server 2016 and Oracle Security

I’ve just updated the list of my public appearances and planned events. For once, no just Oracle Events 🙂 I’ll speak about the new EU GDPR and its impact on databases in a Trivadis regional customer event together with my colleague Stephan Hurni. Beside this two events I’ll hold a webinar on Oracle 12c Release 2 new security features. This webinar is organised by DOAG.

Unfortunately all these events are in german. No matter, I’m about to register the one or other topic at upcoming Call For Papers. If the speeches get approved I’ll update my list of public appearance.

Trivadis Schwaben Gipfel – Die neue EU Datenschutzverordnung

Just finished my first presentation at the Trivadis Schwaben-Gipfel in Stuttgart together with Florian van Keulen and Aleksander Widera. It is about the new European General Data Protection Regulation (EU GDPR) and some few considerations on its impact on Databases. The slides are available for download  Schwaben-Gipfel Die neue EU Datenschutz Verordnung.pdf.

Some impression for the event and my presentation.

CnUDdNeWgAATJ9i

DOAG SIG Security Mannheim 2016

Bit more than two weeks ago I finished my presentation about Security Probleme und deren Risikobewertung at the DOAG SIG Security in Mannheim. It is about Database and Data Classification, Risk Assessment and how Risks could be minimized. The slides are available for download  DOAG_SIG_Security_Security_Wieviel_darf_es_sein.pdf.

DOAG SIG Security

Just a couple of hours ago I’ve lecture a presentation about the latest Generation of Database Technology at the DOAG SIG Security in MĂĽnchen. It is a sneak preview on a few upcoming security improvements. Unfortunately I do not yet have the permission to provide the presentation for download. But I will make the download link available once the dust settles on the latest Generation of Database Technology…

so stay tuned.

SOUG Special Intrest Group Baden March 21st

In about two weeks I will participate at the SOUG special interest group at Baden. I will present a paper entitled “New Security Features in latest generation of Oracle Database“. Where latest generation of Oracle Database does not stand for an other Oracle 11g release. But that’s an other story…

The aim of the presentation is to provide a range of information on new security features as they could be released in with latest generation of Oracle Database. It covers the following possible new features.

  • Data Redaction
  • Unified Datenbank Auditing
  • Role and Privilege Analysis
  • Improved Database Vault
  • Database Application Security Architecture
  • Improved Key Management
  • New OS Roles

Have a look at the SOUG Webpage for a detailed Agenda of the Event and the location. Looking forward to see you there.

Due to the fact that this presentation contains preliminary information, the slides will not be available for download. It is a must to personally attend the SIG SOUG 🙂 If you do not have time to participate at the SOUG event, you have a second chance later this year. I’ve planned a similar presentation for the DOAG Event in DĂĽsseldorf. More on that later.