Keep Informed

This site offers "remedial security for overworked DBAs". Once you have taken the steps outlined in the tutorials to secure your database, you will want to learn more about other security features available in Oracle™ including context security, fine grained access, virtual private databases, label security and database encryption. If you are using Oracle™ 10g, you should refer to the Oracle® Database Security Guide 10g Release 2, as it contains a wealth of useful information. In addition to information that is available from the Oracle™ Web site, http://www.oracle.com, the following Web sites and books are particularly useful.

Web Sites

• Oracle Information Security
  Security recommendations from Oracle, Critical Patch Updates, Security Blogs.
• DatabaseSecurity.com
  This site is maintained by David Litchfield, author of The Database Hackers Handbook. David offers security information for Oracle, DB2, SQL Server, MySQL, and other RDBMS platforms.
• NSA Database Server Guides
  The National Security Agency publishes configuration guides for Oracle 9i, Oracle 10g and Microsoft SQL Server.
• Pete Finnigan
  Pete is the preeminent authority in matters of Oracle security. His site offers news, scripts and tools.
• Red Database Security
  A great source for unpublished alerts, whitepapers, potential exploits and fact sheets.
• The SANS Institute
  Security alerts, articles, Oracle Security Checklist

Other Tutorial Sites

• Oracle SQL Injection Prevention Tutorial

Blogs

Suggested Reading