Public Appearances

Here you will find a list of planned and past presentations, seminars and classes.

  • Thu
    24
    Mar
    2011
    Baden

    I present a lecture on Database Audit and DBMS_AUDIT_MGMT. The presentation is about 30 minutes and will cover a rough overview of DBMS_AUDIT_MGMT, latest Issues and Bugs as well some Ideas on how audit could be simplified.

    Have a look at the SOUG Webpage for a detailed Agenda of the Event and the location. Looking forward to see you there.

    Slides for lecture  Slides Audit Management with DBMS_AUDIT_MGMT.pdf.

  • Wed
    08
    Feb
    2012
    Düsseldorf

    I participate the Oracle Databse Security Seminar organized by Oracle Germany. I will give a lecture about Oracle Database Security - How much would you like?, which I developed together with Sven Vetter. The presentation contains thoughts and ideas on how someone can improve the database security. Where to start and how to prioritise. It provides a rough overview about the possible database security areas

    Have a look at the Oracle GermanyWebpage for a detailed Agenda of the Event and the location. Looking forward to see you there.

    Slides for lecture  Oracle_Database_Security.pdf.

  • Thu
    09
    Feb
    2012
    Berlin

    I participate the Oracle Databse Security Seminar organized by Oracle Germany. I will give a lecture about Oracle Database Security - How much would you like?, which I developed together with Sven Vetter. The presentation contains thoughts and ideas on how someone can improve the database security. Where to start and how to prioritise. It provides a rough overview about the possible database security areas

    Have a look at the Oracle GermanyWebpage for a detailed Agenda of the Event and the location. Looking forward to see you there.

    Slides for lecture  Oracle_Database_Security.pdf.

  • Tue
    24
    Apr
    2012
    Basel

    I would like to inform about the upcoming security lounge in Basel at which I’ll give two lectures about Oracle Security. It’s a small even with just one speaker ;-) Ok it was planned to have a second one but it did not work. The event is organized by the DOAG regional group Freiburg and SOUG. It will start at 17:30 on the 24th of April.

    Have a look at the DOAG Webpage for a detailed Agenda of the Event and the location. Looking forward to see you there.

    Slides for lecture  Security_Wieviel_darf_es_sein and  Oracle_Audit_in_a_Nutshell.pdf.

  • Wed
    13
    Jun
    2012
    Hamburg

    I participate the Oracle Databse Security Seminar organized by Oracle Germany. I will give a lecture about Oracle Database Security - How much would you like?, which I developed together with Sven Vetter. The presentation contains thoughts and ideas on how someone can improve the database security. Where to start and how to prioritise. It provides a rough overview about the possible database security areas

    Have a look at the Oracle GermanyWebpage for a detailed Agenda of the Event and the location. Looking forward to see you there.

    Slides for lecture  Oracle_Database_Security.pdf.

  • Wed
    20
    Jun
    2012
    Stuttgart

    I participate the Oracle Databse Security Seminar organized by Oracle Germany. I will give a lecture about Oracle Database Security - How much would you like?, which I developed together with Sven Vetter. The presentation contains thoughts and ideas on how someone can improve the database security. Where to start and how to prioritise. It provides a rough overview about the possible database security areas

    Have a look at the Oracle GermanyWebpage for a detailed Agenda of the Event and the location. Looking forward to see you there.

    Slides for lecture  Oracle_Database_Security.pdf.

  • Thu
    21
    Mar
    2013
    Baden

    In about two weeks I will participate at the SOUG special interest group at Baden. I will present a paper entitled “New Security Features in latest generation of Oracle Database“. Where latest generation of Oracle Database does not stand for an other Oracle 11g release. But that’s an other story…

    The aim of the presentation is to provide a range of information on new security features as they could be released in with latest generation of Oracle Database. It covers the following possible new features.

    • Data Redaction
    • Unified Datenbank Auditing
    • Role and Privilege Analysis
    • Improved Database Vault
    • Database Application Security Architecture
    • Improved Key Management
    • New OS Roles

    Have a look at the SOUG Webpage for a detailed Agenda of the Event and the location. Looking forward to see you there.

    Slides for lecture  Oracle_Database_12c_New_Security_Feature.pdf.

  • Tue
    23
    Apr
    2013
    München

    I present a lecture on the latest Generation of Database Technology at the DOAG SIG Security in München.

    More Information on the Event including full agenda, registration etc is available at the DOAG website München.

    Slides for lecture  Oracle_Database_12c_New_Security_Feature.pdf.

  • Tue
    14
    May
    2013
    Düsseldorf

    I'll speak about some improvements in the latest generation of Oracle Database. The content of the presentation is a mixture of the presentations I've lectured at SOUG SIG Baden and DOAG SIG Security Munich. It covers the following possible new features. The features will explained by several practical examples.

    • Data Redaction
    • Unified Database Auditing
    • Role and Privilege Analysis

    More Information on the Event is available on the DOAG website.

    Slides for lecture  Oracle_Database_12c_New_Security_Feature.pdf.

  • Wed
    11
    Sep
    2013
    Berlin

    Oracle Database 12c is finaly available! Beside a bunch of new feature for database consolidation it brings as well some interessting new and improved security features. But which of the new features and option do make sense in what context? Are there changes which have impact on database operation? How can security be improved in general with Oracle database 12? Where does it make sense to invest in additional database options? The aime of this lecture is to answer these and other questions around Oracle Database 12c security.

    Based on first experiences and insights among others, the following topics are discussed:

    • Strong Authentication
    • Network Encryption
    • Data Redaction
    • New Roles and Privileges
    • Unified Database Audit
    • Hints on Licensing of Security Features
    • And an overview of further enhancements in the area of database security

    More Information on the Event including full agenda, registration etc is available at the DOAG website

    Slides for lecture  DOAG_SIG_Security_Oracle_Database_12c_New_Security_Features.pdf.

  • Wed
    26
    Mar
    2014
    München

    I present a lecture on Oracle Audit Vault und Database Firewall in der Praxis  at the DOAG SIG Security in München.

    More Information on the Event including full agenda, registration etc isavailable on the DOAG web side DOAG website.

    Slides for lecture  DOAG_Oracle_AVDF_in_der_Praxis.pdf.

  • Tue
    19
    May
    2015
    09:00Hotel Novotel München City, Hochstr. 11, 81669 München

    I present a lecture on Oracle Unified Auditing at the DOAG SIG Security in München.

    More Information on the Event including full agenda, registration etc is available on the DOAG web side DOAG website.

    Slides for lecture  DOAG_SIG_Security_Oracle_Unified_Audit.pdf.

  • Thu
    11
    Jun
    2015
    13:30ABB Segelhof, Baden

    I present a lecture on Oracle 12c Security Features  at the SOUG SIG in Baden.

    More Information on the Event including full agenda, registration etc isavailable on the SOUG web side SOUG website.

    Slides for lecture will be available here

  • Fri
    11
    Sep
    2015
    Sat
    12
    Sep
    2015
    09:00Regensdorf

    Same procedure as every year James...

    Like every year I participate the Trivadis TechEvent. More information on this Event at the Trivadis Webpage.
    TechEvent

  • Sat
    27
    Feb
    2016
    Sun
    28
    Feb
    2016
    09:00Regensdorf

    Same procedure as every year James...

    Like every year I participate the Trivadis TechEvent. More information on this Event at the Trivadis Webpage.
    TechEvent

    My lectures during this TechEvent:

    • OUD, OID and EUS Architecture and Best Practice
    • AVDF 12.2 finally available, but what's new?
    • Oracle Database Lightning Talks (3rd edition)
  • Thu
    17
    Mar
    2016
    13:00Mannheim

    I present a lecture on Security Probleme und deren Risikobewertung at the DOAG SIG Security in Mannheim.

    More Information on the Event including full agenda, registration etc is available on the DOAG web side DOAG website.

    Slides for lecture  DOAG_SIG_Security_Security_Wieviel_darf_es_sein.pdf.

  • Tue
    10
    May
    2016
    Sat
    11
    Jun
    2016
    Düsseldorf

    I'll speak about Oracle Unified Directory and Enterprise User Security. The Agenda of the Event is not yet available. More Information on the Event is available at the DOAG website.

    Slides for lecture  DOAG__EUS_mit_OUD_Oehrli.pdf.

  • Thu
    14
    Jul
    2016
    09:00FILDERHALLE Bahnhofstraße 61 70771 Leinfelden-Echterdingen

    I'll speak about the Top 10 Risks for Databases - a Riskassessment. The Agenda of the Event and more Information on the Event is available at the Trivadis Schwaben-Gipfel.

    The Slides from the Event:

  • Fri
    09
    Sep
    2016
    Sat
    10
    Sep
    2016
    09:00Regensdorf

    Same procedure as every year James...

    Like every year I participate the Trivadis TechEvent. More information on this Event at the Trivadis Webpage.
    TechEvent

  • Tue
    20
    Sep
    2016
    12:45Baden

    I've handed in a presentation for the SOUG Day in September. It look's like my presentation got accepted. The final Agenda of the Event is available at the SOUG website.

  • Tue
    18
    Oct
    2016
    09:00Düsseldorf

    I present a lecture on Oracle Database 12c New Security Features and Outlook  at the DOAG SIG Security in Düsseldorf.

    More Information on the Event including full agenda, registration etc is available on the DOAG web side DOAG website.

  • Tue
    08
    Nov
    2016
    Zürich

    Security Round Table is organized by a customers of customers. This event provides a platform for customers to discuss different Security topics. I'll participate this event with a presentation on GDPR EU and possible scenarios to implement and enforce database security.

  • Wed
    09
    Nov
    2016
    08:30Brugg Windisch

    Oracle does organize there annual Oracle Cloud Day. Since Trivadis is sponsoring this event I'll participate with my presentation and Oracle Security in Hybrid Cloud Environments.

  • Thu
    10
    Nov
    2016
    14:00Glattbrugg

    Trivadis is organizing a customer event on GDPR EU and MS SQL Server 2016 New Security Features. The event is at the Trivadis HQ in Glattbrugg. Together with Florian van Keulen I'll speak about GDPR EU and its potential impact on the swiss IT landscape. More information on this event at Trivadis

  • Tue
    15
    Nov
    2016
    Fri
    18
    Nov
    2016
    Nürnberg

    I'll speak about Secure Oracle Databases in the Cloud. The Agenda of the Event is available on DOAG Conference Planer. My Session is in the morning of 17th November. More Information on the Event is available at the DOAG Conference website.

  • Tue
    09
    May
    2017
    14:15Trivadis Office Bern

    For once, no Oracle Event 🙂 I'll speak about the new EU GDPR and its impact on databases. My collegue Stephan Hurni will cover the technical part on MS SQL Server 2016. The agenda, registration and more information on the event is available at the Trivadis SQL Server 2016.

  • Thu
    11
    May
    2017
    14:15Trivadis Office Basel

    For once, no Oracle Event 🙂 I'll speak about the new EU GDPR and its impact on databases. My collegue Stephan Hurni will cover the technical part on MS SQL Server 2016. The agenda, registration and more information on the event is available at the Trivadis SQL Server 2016.

  • Fri
    09
    Jun
    2017
    11:00online

    In this DOAG webinar I'll present the new security features and enhancements of Oracle 12c Release 2. The webinar itself will be in german. The agenda, registration and more information on the event is available at the DOAG Datenbank Webinar 12.2 New Security Features.

  • Tue
    13
    Jun
    2017
    16:00Online

    Trivadis is organizing once a month a short webinar. With these webinars, Trivadis provides information on the latest topics from the IT world. The webinar on June 13th will be held by Christian Golz and me. We will speak about GDPR and its impact on MS SQL Server 2016. Interested? More information as well online registration for the Trivadis TriCast is available online TriCast About. Currently most of the TriCast's are in German. In case of high demand, we will also held them in English.

  • Thu
    15
    Jun
    2017
    13:30Trivadis Danmark (Copenhagen)

    It is almost a year ago since the new General Data Protection Regularion (GDPR) has been published. It will take another year until GDPR comes into effect. A year goes by faster than you think. It is definitely time to deal with the topic and the possible impact on database. What does the new GDPR mean for companies in general and IT departments in particular? How does the implementation of the EU GDPR impact IT departments, Systems and Processes? Changes can be expected, therefore data privacy and data protection is a hot topic discussed at a global level.

    In addition to a brief introduction into GDPR, the various security features of the Oracle Database 12c as well as MS SQL Server 2016 are discussed.

    Agenda

    • 13:30 Check-in & Registrering
    • 13:40  Velkomst
    • 13:45  Introduction to EU GDPR and its impact on databases
    • 14:30  Kaffepause
    • 14:50  Database Security Features Oracle
    • 15:20  Pause
    • 15:30  Database Security Features MS SQL Server
    • 16:00  Q&A
    • 16:30  Afrunding

    Although the Agenda is in danish, presentation will be in english 🙂

  • Wed
    19
    Jul
    2017
    08:30Trivadis Wien

    It is almost a year ago since the new General Data Protection Regularion (GDPR) has been published. It will take another year until GDPR comes into effect. A year goes by faster than you think. It is definitely time to deal with the topic and the possible impact on database. What does the new GDPR mean for companies in general and IT departments in particular? How does the implementation of the EU GDPR impact IT departments, Systems and Processes? Changes can be expected, therefore data privacy and data protection is a hot topic discussed at a global level.

    In addition to a brief introduction into GDPR, the various security features of the Oracle Database 12c as well as MS SQL Server 2016 are discussed.

    Draft Agenda:

    • 08:30 Begrüssung / Welcome Coffee Trivadis / Einführung
    • 08:45 Einführung in die EU GDPR und Einfluss auf Datenschutzgesetze
    • 09:30 Database Security Features Oracle
    • 10:00 Database Security MS SQL Security Features
    • 10:30 Q&A mit Diskussion

    This Event will be in German. Latest News and Registration will be available soon on https://www.trivadis.com/de/events/trivadis-konferenzen-kundenevents

  • Thu
    20
    Jul
    2017
    08:30Trivadis München

    It is almost a year ago since the new General Data Protection Regularion (GDPR) has been published. It will take another year until GDPR comes into effect. A year goes by faster than you think. It is definitely time to deal with the topic and the possible impact on database. What does the new GDPR mean for companies in general and IT departments in particular? How does the implementation of the EU GDPR impact IT departments, Systems and Processes? Changes can be expected, therefore data privacy and data protection is a hot topic discussed at a global level.

    In addition to a brief introduction into GDPR, the various security features of the Oracle Database 12c as well as MS SQL Server 2016 are discussed.

    Draft Agenda:

    • 09:00 Begrüssung / Welcome Coffee Trivadis / Einführung
    • 09:15 Einführung in die EU GDPR und Einfluss auf Datenschutzgesetze
    • 10:00 Database Security Features Oracle
    • 10:30 Database Security MS SQL Security Features
    • 11:00 Q&A mit Diskussion

    This Event will be in German. Latest News and Registration will be available soon on https://www.trivadis.com/de/events/trivadis-konferenzen-kundenevents

  • Wed
    23
    Aug
    2017
    13:30Trivadis Danmark (Jylland)

    It is almost a year ago since the new General Data Protection Regularion (GDPR) has been published. It will take another year until GDPR comes into effect. A year goes by faster than you think. It is definitely time to deal with the topic and the possible impact on database. What does the new GDPR mean for companies in general and IT departments in particular? How does the implementation of the EU GDPR impact IT departments, Systems and Processes? Changes can be expected, therefore data privacy and data protection is a hot topic discussed at a global level.

    In addition to a brief introduction into GDPR, the various security features of the Oracle Database 12c as well as MS SQL Server 2016 are discussed.

    Draft Agenda:

    • 13:30 Check-in & Registrering
    • 13:40  Velkomst
    • 13:45  Introduction to EU GDPR and its impact on databases
    • 14:30  Kaffepause
    • 14:50  Database Security Features Oracle
    • 15:20  Pause
    • 15:30  Database Security Features MS SQL Server
    • 16:00  Q&A
    • 16:30  Afrunding

    Although the Agenda is in danish, presentation will be in English 🙂

  • Tue
    12
    Sep
    2017
    16:00Online

    Trivadis is organizing once a month a short webinar. With these webinars, Trivadis provides information on the latest topics from the IT world. The webinar on June 13th will be held by Christian Golz and me. We will speak about GDPR and its impact on Oracle Databases. Interested? More information as well online registration for the Trivadis TriCast is available online TriCast About. Currently most of the TriCast's are in German. In case of high demand, we will also held them in English.

  • Fri
    15
    Sep
    2017
    Sat
    16
    Sep
    2017
    09:00Regensdorf

    Like every year, Trivadis meets for their annual TechEvent. This event is organized twice a year. In Spring as a smaller internal event and in late summer as one of the biggest IT event in switzerland also for Trivadis customers. You do not yet know the TechEvent? Have a look at the video Trivadis TechEvent If you're interested, have a look at Trivadis TechEvent 2017 - Passion meets Innovation or get in touch with your Trivadis customer contact of your trust.

     

  • Tue
    21
    Nov
    2017
    Fri
    24
    Nov
    2017
    Nürnberg

    As every year, the DOAG conference in Nürnberg takes place in November. This year I've applied for two presentations and a Security Training.

    • Oracle Kerberos in 5 Minuten...
    • Enterprise User Security mit OUD und MS AD in a Nutshell
    • Oracle 12c Release 2 Datenbank Sicherheit in a Nutshell (Schulungstag)

    So far the Oracle 12c Security Training has been approved. In a couple of weeks I'll know if also one of my presentations gets approved. See you at the DOAG in Nürnberg.

     

     

  • Wed
    18
    Apr
    2018
    13:00Baden

    In about a week I will participate at the SOUG Day at Baden. I will present a paper entitled “TSDP Transparent Sensitiv Data Protection“.

    The aim of the presentation is to introduce Transparent Sensitiv Data Protection, a rather new Oracle feature which is available since Oracle 12c Release 1. But what exactly can you protect with TSDP? How to use this security feature for standard and custom applications. In this presentation the following points will be discussed (not conclusively)

    • Overview of Transparent Sensitiv Data Protection (TSDP)
    • Configuration and example of TSDP for Data Redaction, VPD and unified audit
    • Challenges related to TSDP
    • licensing

    Have a look at the SOUG Webpage for a detailed Agenda of the Event and the location. Looking forward to see you there.

    Slides for lecture  SOUG_20180418_Oehrli_Oracle_TSDP_small.

  • Thu
    14
    Jun
    2018
    08:15Baden

    Mid June I give a lecture on Oracle 18c New Security Features at the SOUG day in Baden.

    The aim of the presentation is to discuss the various security enhancements which has been introduced with Oracle Release 18c. But which features are worth a closer look at? In what context do the new features and option do make sense? How can security be improved in general with Oracle database 18c? Where does it make sense to invest in more database options? The aim of this lecture is to answer these and other questions around Oracle Database 18c security.

    Among others this presentation will cover the following security enhancements (not conclusively)

    • Create a User-Defined Master Encryption Key
    • Use Encrypted Passwords for Database Links with Oracle Data Pump
    • Use Oracle Data Pump to Export and Import the Unified Audit Trail
    • Create a Keystore for Each Pluggable Database
    • Create Schema Only Accounts
    • Encrypt Sensitive Credential Data in the Data Dictionary
    • Enhancements to Oracle Database Vault
    • Integration of Active Directory Services with Oracle Database
    • Ability to Write Unified Audit Trail Records to SYSLOG or the Windows Event Viewer

    Have a look at the SOUG Webpage for a detailed Agenda of the Event and the place. Looking forward to see you there.

    Slides for lecture  SOUGDay_Oracle18cNewSecurity_SOE.pdf and summary of the event.

  • Wed
    27
    Jun
    2018
    Stuttgart

    I present a lecture on Oracle Unified Directory on Docker at the DOAG SIG Security in Stuttgart. Slides and presentations will be in German. Short abstract on my presentations:

    Oracle Unified Directory ist eine All-in-One-Verzeichnislösung mit Speicher-, Proxy-, Synchronisations- und Virtualisierungsfunktionen. Je nachdem welche Deployment-Methode verwendet wird, lässt sich OUD einfach in einem Docker Container konfigurieren und betreiben. Im Rahmen dieses Vortrages werden Punkte rund um OUD on Docker besprochen.

    More Information on the Event including full agenda, registration etc is available on the DOAG web side DOAG SIG Events.

    Slides for lecture  DOAG_OracleUnifiedDirectory_in_Docker_Oehrli.pdf and summary of the event.

  • Tue
    18
    Sep
    2018
    12:15Orace Software (Schweiz), Täfernstrasse 4, Baden-Dättwil, 5405 Schweiz

    Mid September I give a lecture on Docker Security at the SOUG day in Baden. The topic is similar to my presentation at the DOAG conference.

    Docker Security or Secure Docker. How does this now exactly work with the root user? What is Host and what is Guest OS ? How should sensitive information such as credentials, ciphers, passwords or the like be handled? Who in a Docker Swarm or Kubernets trusts whom? And how do you generally solve the challenges of identity management in the container environment? There are many questions about security and data security in the Docker and container environment. Some are quite easy to answer. For others, this is only possible with careful consideration. Some of the challenges posed by security are easy to solve. But there is "not yet" a simple and perfect solution for everything. The aim of this presentation is to give an overview of the topic of security in Docker. Wherever possible, proper solutions are presented or approaches to solutions are shown.

    Have a look at the SOUG Webpage for a detailed Agenda of the Event and the place. Looking forward to see you there.

    Slides for lecture will be uploaded after the event.

  • Tue
    20
    Nov
    2018
    Fri
    23
    Nov
    2018
    Nürnberg Convention Center Ost

    As every year, the DOAG conference in Nürnberg takes place in November. This year I've applied for four presentations and a security training respectively workshop for the education day. So far the workshop Oracle Enterprise User Security mit Oracle Unified Directory und Active Directory Integration and the presentation Docker Security has been approved.

     

    Title: Docker Security

    Abstract: Docker Security or Secure Docker. How does this now exactly work with the root user? What is Host and what is Guest OS ? How should sensitive information such as credentials, cihpers, passwords or the like be handled? Who in a Docker Swarm or Kubernets trusts whom? And how do you generally solve the challenges of identity management in the container environment? There are many questions about security and data security in the Docker and container environment. Some are quite easy to answer. For others, this is only possible with careful consideration. Some of the challenges posed by security are easy to solve. But there is "not yet" a simple and perfect solution for everything. The aim of this presentation is to provide an overview of the topic of security in Docker. Wherever possible, appropriate solutions are presented or approaches to solutions are shown.

    See you at the DOAG in Nürnberg.

  • Fri
    23
    Nov
    2018
    Nürnberg Convention Center Ost

    Also this year I have the opportunity to hold a training at the DOAG conference. At the education day I'll have a workshop on Oracle Enterprise User Security with Oracle Unified Directory and Active Directory Integration.

    With a focus on the current versions of Oracle Database and Oracle Unified Directory, the following topics are discussed among others:

    • Password verifier and strong authentication such as Kerberos and SSL
    • Alternatives for central user administration of Oracle databases
    • Integration of Oracle Database 18c with Active Directory Services
    • Oracle Enterprise User Security
    • Introduction to Oracle Unified Directory
    • Blueprint to setup Oracle Enterprise User Security with Oracle Unified Directory and Active Directory integration
    • Other topics such as high availability, backup & recovery and licensing

    Looking forward to see you at the DOAG in Nürnberg. If I am lucky, even one or other presentation will be confirmed.

  • Fri
    08
    Mar
    2019
    11:00online

    As part of the DOAG webinar series I deliver a webinar entitled “Oracle and Docker”. The webinar discusses different aspect of using Oracle databases in Docker containers. More information on this event including full agenda, registration etc. is available on the event web side DOAG Datenbank Webinar Oracle und Docker or DOAG webinar schedule.

    Slides for lecture  DOAG_Oracle_und_Docker.pdf or on slideshare

  • Tue
    26
    Mar
    2019
    16:00online

    As part of the Trivadis webinar series I deliver a webinar respectively TriCast entitled “Docker Security”. The webinar discusses different aspect of using Docker security. More information on this event including full agenda, registration etc. is available on the event web side TriCast - Docker Security or Trivadis TriCast series.

  • Wed
    15
    May
    2019
    Thu
    16
    May
    2019
    09:00Vienna

    AOUG Anwenderkonferenz 2019 - "Vienna calling. Technical but fun!"Security is one of the key challenges for on-premises and cloud based databases today. But the appropriate security and hardening measures usually only make sense if authentication and authorisation have already been implemented with appropriate care. Instead of decentralised administration, where users, rights and roles are managed in each database, it is clearer and more secure to manage them centrally. The latest version of Oracle offers different possibilities to implement this requirement. With focus on the current versions of Oracle Database 18c / 19c the following topics are discussed among other things:

    • Password Verifier and strong authentication such as Kerberos and SSL
    • Variants for central user administration of Oracle databases
    • Differentiation between Oracle EUS and CMU
    • Integration of Oracle 18c/19c databases with Active Directory Services

    Sample setup of an Oracle database with Active Directory integration via Centrally Managed User CMU.

    In the context of this workshop the basics as well as extended know-how in the area of Centrally Managed Users and central user administration of Oracle databases in general will be worked out.

    More information on this event including full agenda, registration etc. is available on the AOUG web side.

    Slides for lecture  AOUG19_LiveDemo_Oracle_CMU_soe_de.pdf or on slideshare

  • Wed
    22
    May
    2019
    Olten

    This year's Spring SOUG Day will take place on 22 May in Olten. I am attending the event with a lecture about Oracle databases and Docker. Similar to my DOAG webinar but updated with the latest use cases.

    Short abstract: Oracle has long supported the use of Docker for Oracle databases. In theory, a simple docker run instantiates a container from a docker image. But why isn't the DB container ready in a few seconds? Where does my Oracle DB image come from and what happens if the container is stopped again? This talk explains how Oracle DBs are installed, configured and operated as Docker containers.
    The functional scope as well as the size of the Oracle database container presuppose that one or the other thoughts about the use and operation are made in advance. This includes topics such as data persistence, licensing, migration, backup & recovery and other operational aspects. This presentation explains how Oracle databases can be installed, configured and operated as containers in a Docker Image.

    More information about the agenda and registration will be available on the SOUG website

    Have a look at the SOUG Webpage for a detailed agenda of the event and the registration. Looking forward to see you there.

    Documentation of the demo is available via https://url.oradba.ch/SOUG1905

  • Mon
    03
    Jun
    2019
    Tue
    04
    Jun
    2019
    Düsseldorf

    I deliver a presentations entitled “Wieviel Security bietet Oracle XE?” at DOAG Datenbank Tage 2019 event organised by DOAG. More information on this event including full agenda, registration etc. is available on the DOAG web side DOAG Datenbank Tage 2019

    Short abstract for my presentation:

    The latest version of Oracle Database 18c Express Edition (XE) offers a lot of useful features, which are usually only known from enterprise environments. These include support for multitenant, in-memory, partitioning and other features. But what about database security? What is possible with Oracle 18c XE in the area of database security? Where are workarounds or other products required? And what are differences to other Oracle database editions? The presentation shows how much database security is possible with the latest version of Oracle Express Edition.

    I hope you can join this event.

  • Tue
    27
    Aug
    2019
    Baden

    This year's summer SOUG Day will take place on 27 August in Baden. I am attending the event with a lecture about PDB isolation and security.

    Short abstract: The same principles and measures of database security can be implemented in container databases as in normal single-tenant environments. However, if the container databases are to be used securely by various tenants with more or less high system privileges, additional security measures are required. Especially if access to the operating system is granted directly or indirectly with JVM, external tables, scheduler jobs or directories. The aim of this presentation is to evaluate database security in the focus of container databases and to discuss appropriate measures. This includes the use of lockdown profiles, PDB_OS_CREDENTIALS and various other measures and features. Where useful, the presentation is complemented by appropriate examples and demos. As far as possible, it is also shown how Oracle handles these problems in its cloud solutions (e.g. Autonomous Database).

    More information about the agenda and registration will be available on the SOUG website

    Have a look at the SOUG SOUG Day August 2019 for a detailed agenda of the event and the registration. Looking forward to see you there.

  • Fri
    13
    Sep
    2019
    Sat
    14
    Sep
    2019
    09:00Regensdorf

    Like every year, Trivadis meets for their annual TechEvent. This event is organised twice a year. In Spring as a smaller internal event and in late summer as one of the biggest IT event in Switzerland also for Trivadis customers. Information about the event, the registration and the venue can be found on the website. Agenda is available as PDF.

    I will participate in the event with two presentations.

    Titel DB, CMU and EUS engineering with vagrant

    Scheduled Friday, 12 Sept., 13:45 – 14:30

    Abstract Friday afternoon and some free time? Ideal to try Centrally Managed Users (CMU) with AD Integration. Or do you prefer Enterprise User Security (EUS)? Oracle features which place extended demands on the infrastructure can usually not be tested in a company without more. Or who simply has access to an Active Directory, which he can reconfigure for Oracle. Somewhat more complex Security Use Cases can be easily rebuilt in a VM environment. With the help of Vagrant, the setup and construction of an appropriate environment can be automated and greatly simplified. The test AD including Unified Directory and Oracle DB is started with a simple "vagrant up" and is then available for engineering work and testing. In the context of this lecture we will show how such an environment can be created with little effort and adapted to your own needs for cloud or on-premises.

    Titel Oracle PDB protection and isolation

    Scheduled Friday, 12 Sept., 17:10 – 17:55

    Abstract The same principles and measures of database security can be implemented in container databases as in normal single-tenant environments. However, if the container databases are to be used securely by various tenants with more or less high system privileges, additional security measures are required. Especially if access to the operating system is granted directly or indirectly with JVM, external tables, scheduler jobs or directories. The aim of this presentation is to evaluate database security in the focus of container databases and to discuss appropriate measures. This includes the use of lockdown profiles, PDB_OS_CREDENTIALS and various other measures and features. Where useful, the presentation is complemented by appropriate examples and demos. As far as possible, it is also shown how Oracle handles these problems in its cloud solutions (e.g. Autonomous Database).

    Hope to see you at the Trivadis TechEvent. Do not hesitate to register.

  • Tue
    15
    Oct
    2019
    Hamburg

    I present a lecture on Oracle PDB protection and isolation at the DOAG Security Day in Hamburg. Slides and presentations will be in German. Short abstract on my presentations:

    The same principles and measures of database security can be implemented in container databases as in normal single-tenant environments. However, if the container databases are to be used securely by various tenants with more or less high system privileges, additional security measures are required. Especially if access to the operating system is granted directly or indirectly with JVM, external tables, scheduler jobs or directories. The aim of this presentation is to evaluate database security in the focus of container databases and to discuss appropriate measures. This includes the use of lockdown profiles, PDB_OS_CREDENTIALS and various other measures and features. Where useful, the presentation is complemented by appropriate examples and demos. As far as possible, it is also shown how Oracle handles these problems in its cloud solutions (e.g. Autonomous Database).

    More Information on the Event including full agenda, registration etc is available on the DOAG web side DOAG SIG Events.

  • Tue
    19
    Nov
    2019
    Fri
    22
    Nov
    2019
    Nürnberg

    As every year, the DOAG conference in Nürnberg takes place in November. This year I am represented with a presentation about Oracle PDB protection and isolation as well a presentation about testing database features with Docker containers. Additionally I hold a workshop about Oracle databases in Docker containers on the training day.

    Conference

    Titel Testing database features with Docker containers

    Scheduled Tuesday, 19. Nov., 16:00 - 16:45

    Abstract As a DBA you are always faced with the situation of checking a feature or bug in a new database version. But this does not usually require a dedicated database environment. Many tests can be performed quickly and easily in Oracle databases in Docker Containers. In combination with Docker Compose and corresponding scripts, an appropriate environment can be set up within minutes. After a short introduction to Oracle databases in Docker Container, practical examples and demos will show how the DBA can simplify tests and troubleshooting with this method. This includes: verification of bugs in different DB versions, troubleshooting EUS, verification of PSU or RU and others.

    Titel Oracle PDB protection and isolation

    Scheduled Thursday, 21 Nov., 13:00 - 13:45

    Abstract The same principles and measures of database security can be implemented in container databases as in normal single-tenant environments. However, if the container databases are to be used securely by various tenants with more or less high system privileges, additional security measures are required. Especially if access to the operating system is granted directly or indirectly with JVM, external tables, scheduler jobs or directories. The aim of this presentation is to evaluate database security in the focus of container databases and to discuss appropriate measures. This includes the use of lockdown profiles, PDB_OS_CREDENTIALS and various other measures and features. Where useful, the presentation is complemented by appropriate examples and demos. As far as possible, it is also shown how Oracle handles these problems in its cloud solutions (e.g. Autonomous Database).

    Training day

    Titel Workshop Oracle Databases in Docker Containers

    Scheduled Friday, Nov 22nd, 09:00 - 17:00

    Abstract Oracle has long supported the use of Docker to install its products, including the latest versions of the Oracle database. In theory, a simple "docker run" instantiates a container from a docker image. But why isn't the database container ready in a few seconds? Where does my Oracle database image come from and what happens if the container is stopped again? The functional scope as well as the size of the Oracle database container presuppose that one or the other thoughts about the use and operation are made in advance. This includes topics such as data persistence, licensing and other operational aspects. Within the scope of this training we develop how Oracle databases can be installed in a Docker image, configured and then operated as corresponding containers.

    See you at the DOAG in Nürnberg.

  • Sun
    01
    Dec
    2019
    Wed
    04
    Dec
    2019
    Brigthon

    This year I have the opportunity to take part in the UKOUG TechFest for the first time. I am represented with two lectures. Have a look at the UKOUG Webpage for a detailed agenda of the event and the venue.

    Titel Oracle PDB protection and isolation

    Scheduled Tuesday, 3rd Dec., 9:00 AM for 45 minutes

    Abstract The same principles and measures of database security can be implemented in container databases as in normal single-tenant environments. However, if the container databases are to be used securely by various tenants with more or less high system privileges, additional security measures are required. Especially if access to the operating system is granted directly or indirectly with JVM, external tables, scheduler jobs or directories. The aim of this presentation is to evaluate database security in the focus of container databases and to discuss appropriate measures. This includes the use of lockdown profiles, PDB_OS_CREDENTIALS and various other measures and features. Where useful, the presentation is complemented by appropriate examples and demos. As far as possible, it is also shown how Oracle handles these problems in its cloud solutions (e.g. Autonomous Database).

    Titel Central user administration of Oracle databases

    Scheduled Wednesday 4th Dec., 2:45 PM for 45 minutes.

    Abstract Security is one of the key challenges for on-premises and cloud based databases nowadays. However, the appropriate security and hardening measures generally only make sense if authentication and authorization have already been implemented with appropriate care. Instead of the decentralised administration of users, privileges and roles in each database, it is easier and more secure to manage them centrally. The latest version of Oracle offers different possibilities to implement this requirement. With focus on the current versions of Oracle Database the following topics are discussed among others:

    • Password verifier and strong authentication like Kerberos and SSL.
    • Options for central user administration of Oracle databases.
    • Oracle EUS versus CMU
    • Integration of Oracle Database 19c with Active Directory Services
    • Sample setup of an Oracle database with Active Directory Integration via Centrally Managed User (CMU)

    The presentation is complemented by appropriate examples and live demos.

    See you at the UKOUG TechFest 2019.

  • Thu
    18
    Jun
    2020

    Titel: Oracle Unified Audit für Multitenant Datenbanken

    Abstract: Oracle Audit ist ein bekannte und bewährte Datenbank Funktionalität. Oder vielleicht doch nicht? Wie sieht Auditing in Kombination mit Oracle Multitenant Datenbanken aus? Funktioniert hier Datenbank und Unified Audit analog zu bestehenden Konfigurationen? Im Rahmen dieses Vortrages wird das Audit im Umfeld von Container Datenbanken genauer untersucht. Dabei wird aufgezeigt, worauf zu achten ist und wie ein Audit Konzept an die neuen Architektur anzupassen ist. Mit Fokus auf die aktuellen Versionen der Oracle Datenbank werden zudem spezifische Probleme und Workarounds im Bereich vom Unified Audit aufgezeigt. Die Präsentation wird durch entsprechende Beispiele und Live-Demos ergänzt.

  • Mon
    19
    Oct
    2020
    Fri
    30
    Oct
    2020

    Titel: Oracle Cloud deployment with Terraform

    Elevator Pitch: Quickly provisioning of infrastructure resources in the Oracle Cloud? Nothing easier than that with Terraform and the Oracle Terraform Provider. Using a training environment as an example, we show how resources in OCI can be configured and scaled with the Oracle Terraform Provider.

    Description: The Oracle Cloud allows to build and configure various infrastructure resources. But you won't get far by just using "click acrobatics" via Web Console, especially if you want to build several similar and complex environments. A mouse click cannot be saved just like that. Oracle offers several API's to create and manage objects in OCI, e.g. Oracle OCI commandline utility, OCI SDK, Terraform Provider etc. This presentation will explain how to implement Infrastructure as Code in OCI using Terraform and the Oracle Terraform Provider. Using a training environment as an example, it will be shown how to build components with Terraform Server, databases and network components and how to scale them in terms of resources or number.

    The presentation is supplemented by examples and live demos.

  • Tue
    17
    Nov
    2020
    Thu
    19
    Nov
    2020
    Nürnberg

    Oracle Cloud deployment mit Terraform

    Security Best Practice: Oracle Passwörter, aber sicher!

  • Wed
    25
    Nov
    2020
    Basel

    Titel: PDB Security, Isolation and DB Nest 20c

    Elevator Pitch: Lockdown profiles, PDB_OS_CREDENTIALS and other measures have been available since Oracle 12c to increase the security of multitenant DBs. However, these functions cover only part of the measures. Oracle 20c introduced DB Nest, which provides a different approach to security in PDBs.

    Description: Lockdown Profile, PDB_OS_CREDENTIALS and other measures to enhance security and isolation of multitenant databases are available since Oracle 12c. Unfortunately only a part of the desired measures can be technically implemented. With the latest release of Oracle 20c a new features called DB Nest has been introduced. DB Nest introduced an other approach to security in PDBs. In this presentation we will discuss the new approach and its possibilities to increase database security of PDBs. The presentation will be completed by corresponding examples and live demos.

    Notes: Based on the experiences from a private cloud project, we show how to implement PDB security and isolation for Oracle multitenant databases on premises and in the cloud. This covers existing security features but also new functions like DB nest. The presentation will be completed by corresponding examples and live demos.

  • Sun
    29
    Nov
    2020
    Wed
    02
    Dec
    2020

    Titel: Security Best Practice: Oracle passwords, but secure!

    Elevator Pitch:  Authentication is an integral part of security. If authentication or passwords are insufficient, all further security measures are obsolete. But how do you ensure that passwords are complex? We will explain the different password hashes and show how to make sure authentication is secure.

    Description: Authentication is an integral part of database security. If authentication or passwords are insufficient or inadequate, all further security measures are generally useless. But how do you ensure that passwords are complex and authentication is secure? In this presentation, the password hashes will be explained and it will be shown how to make sure passwords and authentication are state of the art. Focusing on the current versions of the Oracle database, the following topics will be discussed:

    – Oracle database authentication

    – Password verification and hashes

    – Where can I find password hashes?

    – Check and password hashes.

    – Discussion of various risks related to authentication.

    – Discussion of password policies and strong passwords.

    – Customer Use Case in the DB Vault environment "ups we have forgotten the passwords".

    The presentation will be supplemented by corresponding examples and live demos.

  • Tue
    20
    Apr
    2021

    Titel: Oracle Cloud deployment with Terraform

    Elevator Pitch: Quickly provisioning of infrastructure resources in the Oracle Cloud? Nothing easier than that with Terraform and the Oracle Terraform Provider. Using a training environment as an example, we show how resources in OCI can be configured and scaled with the Oracle Terraform Provider.

    Description: The Oracle Cloud allows to build and configure various infrastructure resources. But you won't get far by just using "click acrobatics" via Web Console, especially if you want to build several similar and complex environments. A mouse click cannot be saved just like that. Oracle offers several API's to create and manage objects in OCI, e.g. Oracle OCI commandline utility, OCI SDK, Terraform Provider etc. This presentation will explain how to implement Infrastructure as Code in OCI using Terraform and the Oracle Terraform Provider. Using a training environment as an example, it will be shown how to build components with Terraform Server, databases and network components and how to scale them in terms of resources or number.

    The presentation is supplemented by examples and live demos.

  • Wed
    05
    May
    2021

    Titel: DB Oracle Database Security 19c/21c new Feature

    Abstract: With the Inovation Release 21c Oracle has introduced one or the other security feature. These include small improvements that make DB operation more secure and easier. But also completely new concepts like DB Nest, which introduce a new approach for databases, how DB security can be implemented in multitenant environments. In this talk we will present the security improvements in the latest Oracle releases. By using simple examples we will check if and where the use of this new security feature is worthwhile. The presentation will be complemented by examples and live demos.

  • Tue
    11
    May
    2021
    Online

    Inhalt:
    Kerberos, CMU, EUS oder doch keine zentrale Authentifizierung / Autorisierung Es gibt verschiedene Ansätze, wie man Datenbank Benutzer und Rollen zentral verwalten kann. Doch wo beginnt man an? Welche Lösung passt in ein Unternehmen? Und wie machen es überhaupt andere Unternehmen? Diskutiere mit uns über Architektur und Lösungen für die zentral Verwaltung von Datenbank Benutzer / Rollen.

  • Wed
    02
    Jun
    2021

    Titel: Oracle Cloud deployment with Terraform

    Elevator Pitch: Quickly provisioning of infrastructure resources in the Oracle Cloud? Nothing easier than that with Terraform and the Oracle Terraform Provider. Using a training environment as an example, we show how resources in OCI can be configured and scaled with the Oracle Terraform Provider.

    Description: The Oracle Cloud allows to build and configure various infrastructure resources. But you won't get far by just using "click acrobatics" via Web Console, especially if you want to build several similar and complex environments. A mouse click cannot be saved just like that. Oracle offers several API's to create and manage objects in OCI, e.g. Oracle OCI commandline utility, OCI SDK, Terraform Provider etc. This presentation will explain how to implement Infrastructure as Code in OCI using Terraform and the Oracle Terraform Provider. Using a training environment as an example, it will be shown how to build components with Terraform Server, databases and network components and how to scale them in terms of resources or number.

    The presentation is supplemented by examples and live demos.

    Notes: Einstig in Infrastructure as Code, OCI und Terraform am beispiel von Oracle Schulungs- und Engineeringumgebungen.

  • Fri
    10
    Sep
    2021
    Sat
    11
    Sep
    2021
    Warsaw

    This year I have the opportunity to take part in the POUG for the first time. Ok just remote, but it is a start. I am represented with one lecture. Have a look at the POUG Webpage for a detailed agenda of the event and the venue.

    Titel DB Nest 21c - PDB Security and Isolation

    Scheduled Saturday, 11th Sep., 12:55 AM for 45 minutes

    Abstract Lockdown Profile, PDB_OS_CREDENTIALS and other measures to enhance security and isolation of multitenant databases are available since Oracle 12c. Unfortunately only a part of the desired measures can be technically implemented. With the latest release of Oracle 21c a new features called DB Nest has been introduced. DB Nest introduced an other approach to security in PDBs. In this presentation we will discuss the new approach and its possibilities to increase database security of PDBs. The presentation will be completed by corresponding examples and live demos.

    See you at the POUG 2021.

  • Wed
    29
    Sep
    2021
    Thu
    30
    Sep
    2021
    Online

    Titel: DB Nest 21c - PDB Security and Isolation 

    Elevator Pitch: Lockdown profiles, PDB_OS_CREDENTIALS and other measures have been available since Oracle 12c to increase the security of multitenant DBs. However, these functions cover only part of the measures. Oracle 21c introduced DB Nest, which provides a different approach to security in PDBs.

    Description: Lockdown Profile, PDB_OS_CREDENTIALS and other measures to enhance security and isolation of multitenant databases are available since Oracle 12c. Unfortunately only a part of the desired measures can be technically implemented. With the latest release of Oracle 21c a new features called DB Nest has been introduced. DB Nest introduced an other approach to security in PDBs. In this presentation we will discuss the new approach and its possibilities to increase database security of PDBs. The presentation will be completed by corresponding examples and live demos.

    The presentation is supplemented by examples and live demos.

    Link: to the Event and Agenda

  • Tue
    09
    Nov
    2021
    Fri
    12
    Nov
    2021
    Online

    AUSOUG Connect 2021 will take place over 4 days from 9th November 2021 to 12th November 2021, virtually and online, with each day dedicated to a stream. Registrations is NOW open. Click on the respective streams to register.

    Link: https://ausoug.org.au/connect-2021/

    My Speeches

    Titel: Security Best Practice: Oracle passwords, but secure!

    Elevator Pitch:  Authentication is an integral part of security. If authentication or passwords are insufficient, all further security measures are obsolete. But how do you ensure that passwords are complex? We will explain the different password hashes and show how to make sure authentication is secure.

    Description: Authentication is an integral part of database security. If authentication or passwords are insufficient or inadequate, all further security measures are generally useless. But how do you ensure that passwords are complex and authentication is secure? In this presentation, the password hashes will be explained and it will be shown how to make sure passwords and authentication are state of the art. Focusing on the current versions of the Oracle database, the following topics will be discussed:

    • Oracle database authentication
    • Password verification and hashes
    • Where can I find password hashes?
    • Check and password hashes.
    • Discussion of various risks related to authentication.
    • Discussion of password policies and strong passwords.
    • Customer Use Case in the DB Vault environment "ups we have forgotten the passwords".

    The presentation will be supplemented by corresponding examples and live demos.

    Schedule: Thu, Nov 11, 2021 4:30 PM - 5:20 PM AEDT

    Blog Post: A short blog post about the password demos https://www.oradba.ch/2021/11/notes-on-oracle-password-security/

    Slides: 

  • Tue
    16
    Nov
    2021
    Thu
    18
    Nov
    2021
    Mixed

    The DOAG 2021 Conference + Exhibition will take place from November 16-18, 2021 as a moderated online conference. Ticket sales have started!

    Link: https://2021.doag.org/de/home/

    My Speeches

    Ready, set, go - DB Sec LAB in 5min 

    Elevator Pitch: Always having a lab environment at hand to test the latest security features is not easy. Especially when additional infrastructure components like MS AD are needed. We show a few approaches based on IaC, cloud, containers and more.

    Description: There is always the problem to analyze or the new feature you want to test briefly. But often you lack a corresponding LAB environment.In this presentation, we will show how you can use Infrastructure as Code and Terraform, Vagrant or Docker to quickly and easily create corresponding LAB environments. In doing so, we will show how to create configurations in OCI and on-premises, depending on the use case. Terraform modules, Vagrant configuration, Docker containers as well as a collection of scripts provide the basics to deploy corresponding resources. Enough material to implement your own ideas. The presentation will be complemented by corresponding demos and examples.

    Schedule: Wednesday 17.11.2021, 08:00 - 08:40

    Oracle Database Vault - Protection from Thieves, Snakes,...  

    Elevator Pitch: Oracle DB Vault has been around for a while. What can it be used to take DB security to the next level? How does it fix in an Enterprise Security Architecture. Let’s have a close look into the latest features and possible use cases.

    Description: Oracle Database Vault has been on the market for a few years now. The product has been constantly improved over the years. But where is it worthwhile to use it? Which security measures can be implemented with it? And from whom does DB Vault protect me at all? In this presentation, the technical possibilities of Database Vault 19c / 21c will be explained in addition to the experiences from two customer projects. We will try to show where the use of Database Vault is worthwhile under certain circumstances and under which conditions it is not. This also includes whether protection against snakes and thieves is ensured. PS: I asked my children what kind of presentation I should submit.The answers were snakes, thieves and cheetahs…

    Schedule: Wednesday 17.11.2021, 11:00 - 11:40

  • Mon
    22
    Nov
    2021
    Sat
    11
    Dec
    2021
    Online

    Event: Oracle Groundbreakers APAC Virtual Tour 2021 are 2 weeks of exciting speeches, round tables and workshops. This year our annual APAC Groundbreakers tour is going virtual. With the participation of many Oracle User Groups, and Java Communities in the region, this year event is promising to be the biggest event ever done within the APACOUC Community.

    Link: 

    My Speeches

    Titel: DB Nest 21c - PDB Security and Isolation 

    Elevator Pitch: Lockdown profiles, PDB_OS_CREDENTIALS and other measures have been available since Oracle 12c to increase the security of multitenant DBs. However, these functions cover only part of the measures. Oracle 21c introduced DB Nest, which provides a different approach to security in PDBs.

    Description: Lockdown Profile, PDB_OS_CREDENTIALS and other measures to enhance security and isolation of multitenant databases are available since Oracle 12c. Unfortunately only a part of the desired measures can be technically implemented. With the latest release of Oracle 21c a new features called DB Nest has been introduced. DB Nest introduced an other approach to security in PDBs. In this presentation we will discuss the new approach and its possibilities to increase database security of PDBs. The presentation will be completed by corresponding examples and live demos.

    The presentation is supplemented by examples and live demos.

    Schedule: 22. Nov. 2021 01:00-01:45 Europe/Zurich TZ

    Titel: Oracle Database Vault - Protection from Thieves, Snakes,...  

    Elevator Pitch: Oracle DB Vault has been around for a while. What can it be used to take DB security to the next level? How does it fix in an Enterprise Security Architecture. Let’s have a close look into the latest features and possible use cases.

    Description: Oracle Database Vault has been on the market for a few years now. The product has been constantly improved over the years. But where is it worthwhile to use it? Which security measures can be implemented with it? And from whom does DB Vault protect me at all? In this presentation, the technical possibilities of Database Vault 19c / 21c will be explained in addition to the experiences from two customer projects. We will try to show where the use of Database Vault is worthwhile under certain circumstances and under which conditions it is not. This also includes whether protection against snakes and thieves is ensured. PS: I asked my children what kind of presentation I should submit.The answers were snakes, thieves and cheetahs…

    Schedule: 30. Nov. 2021 09:00-09:45 Europe/Zurich TZ

     

  • Fri
    10
    Dec
    2021
    10:00online

    Titel: Erfahrungsbericht PoC DB Vault 19c mit TDE

    Abstract: Oracle Database Vault ist nun bereits seit ein paar Jahren am Markt. Das Produkt wurde über die Jahr stetig verbessert. Doch wo lohnt sich der Einsatz? Welche Sicherheitsmassnahmen können damit umgesetzt werden? Und vor wem schützt mich DB Vault überhaupt? Im Rahmen von dieses Vortrages werden neben den Erfahrungen aus zwei Kundenprojekten die technischen Möglichkeiten von Database Vault 19c / 21c erläutert. Wir versuchen aufzuzeigen, wo sich unter umständen den Einsatz von Database Vault lohnt und unter welchen Bedingungen eher nicht. Dazu gehört auch, ob der Schutz vor Schlangen und Räubern sichergestellt wird.

    Link: https://shop.doag.org/shop/prd.110.erfahrungsbericht-poc-db-vault-19c-mit-tde/

  • Thu
    01
    Dec
    2022
    Fri
    02
    Dec
    2022
    Birmingham

    UK Oracle community anual conference: two days jampacked with content covering both Oracle Applications and Technology.

    Event overview and agenda.

    Titel: Oracle CMU Lessons Learned from Projects

    Elevator Pitch: Great, you choose Oracle Centrally Managed users. But whats next? What about shared users, global roles? One, two or more? What and where to mapped them? And who will maintain what? Let’s discuss a few lessons learned from projects.

    Description: Since Oracle 18c, Oracle databases with Centrally Managed Users (CMU) can be integrated directly into Active Directory. Tempting alternative to Oracle Enterprise Security. Especially since no additional directory and thus additional licenses are necessary. But how does the practical use of CMU look like? What are the stumbling blocks on the way to central administration of users and roles? In this talk we will present the findings from 4+ projects on CMU. In addition to the technical challenges, the conceptual challenges will also be considered. It will be shown what else a DBA has to face after the CMU wallet and user have been created. The presentation will be completed with examples and demos from practice.

  • Thu
    02
    Mar
    2023
    18:00Denkbar by Edorex Gerechtigkeitsgasse 7 · Bern, BE

    Testautomatisierung für Infrastruktur und DB as Code

    Nach viel zu langer Zeit ist es so weit, das nächste Oracle Beer Bern Meetup findet in Bern vor Ort statt. Wir wollen ins Thema "Testen von Infrastruktur Automatisierung" eintauchen und uns hierzu austauschen. Weitere Informationen zum Event.

    Title: Testing mit Terraform - Ein paar Ideen für den Anfang

    Abstract: Klick, klick, klick und schon habe ich meine Infrastruktur in der Cloud aufgebaut. Doch weis man anschliessend noch was man aufgebaut hat? Mit Infrastruktur as Code respektive Terraform können Cloud Ressourcen relativ einfach aufgebaut, verändert und wieder gelöscht werden. Ideal für das dynamische aufbauen von Test und Lab Umgebung. Doch wie stellt man sicher, dass ein falsches Kommando in der Terraform Konfiguration nicht die ganze Infrastruktur wieder abbaut oder die Kosten in astronomische Höhen schiesst? Wo ist die Grenze zwischen IaC Test und den eigentlichen Release Tests auf den generierten Systemen? Am Beispiel der Accenture Lab und Trainingsumgebungen zeige ich verschiedene Aspekte rund um das Bereitstellen von Cloud basierten Infrastrukturen mit Terraform. Diese Kurspräsentation wird mit Demos und Beispielen ergänzt.

  • Tue
    04
    Apr
    2023
    Adeline Favre Katharina-Sulzer-Platz 9, 8400 Winterthur

    logo-soug

    We are pleased to organize for and with you the SOUG Day on the topic of Securtiy in the house "Adeline Favre", Department of Health. Event details and agenda stream 1, stream 2 and stream 3.

    Title: Oracle Audit Vault and Database Firewall at a Glance

    Schedule: Thuesday April 4th 15:00 - 15:45

    Elevator Pitch: Oracle Audit Vault and Database Firewall has been improved again with the latest version 20.8. But what capabilities does Oracle’s software appliance offer to protect and monitor my databases?

    Description: With Audit Vault and Database Firewall (AVDF) Oracle offers a software appliance for the management, collection and analysis of audit data. Besides regular audit information directly from databases, AVDF can also collect information from other audit trails. This includes operating systems as well as other databases such as MS SQL Server, Sybase, MySQL and more. With the firewall functionality it is even possible to actively prevent security breaches. But for whom is the use of Oracle AVDF worthwhile? What has to be considered for security projects with Oracle AVDF? In this presentation we will take a look at the current version of Oracle AVDF and try to show if and where the use of Oracle AVDF is worthwhile.

  • Wed
    24
    May
    2023
    Thu
    25
    May
    2023
    Düsseldorf

    Two day event in Düsseldorf organiszed by DOAG. See DOAG 2023 Datenbank mit Exaday for the event information or check out the agenda.

    Titel:Database Security but what about Performance?

    Schedule:Thursday 25.05.2023, 13:15 - 14:00

    Abstract: Oracle offers a number of features and options that allow you to comprehensively protect databases with various measures. License and operating costs are certainly a decisive criterion. But what about database performance? Are the measures always transparent or do they have an influence on the performance of the databases? Using a simple setup, swingbench and various use cases, we tried to measure the impact of the security measures on performance. In this presentation we will discuss the test setup, experiences of the tests as well as the results. What can be measured and how? How meaningful are the results? What does the corresponding information mean for a practical implementation of a database security concept? The presentation will be complemented by corresponding examples and live demos.

  • Wed
    24
    May
    2023
    12:00online

    Title: Oracle Database: Unified Audit and SYSLOG - Blessing or Curse?

    Abstract: Oracle Audit and SYSLOG is a story with many ups and downs. In old versions it was already possible to configure audit events for SYSLOG with AUDIT_SYSLOG_LEVEL. With Unified Audit this was only possible with UNIFIED_AUDIT_SYSTEMLOG from Oracle 18c and was improved with 19c. But what exactly can you do with it now? Is it a replacement for the UNIFIED_AUDIT_TRAIL?

    Using examples from a customer project, we show the possibilities of the SYSLOG integration of Unified Audit. In addition to the technical configuration, we look at different use cases with their advantages and disadvantages. At the end of this presentation, you will know whether the use of Unified Audit with SYSLOG also makes sense in your database environment. The presentation will be complemented by examples and live demos.

    Translated with DeepL