AUDIENCE:   This course is for security specialists and auditors who are aware their businesses use Oracle based products, but do not understand the database platform and therefore the risks it may carry. PREREQUISITES:   No prior knowledge of Oracle is expected but delegates should have a general understanding of how computers work. DURATION:   2 days. Hands on. OBJECTIVES:   Delegates will learn how Oracle is built and understand what the various categories of user do on the database and the risks they carry. Hands on labs will show the students how to scan the system for objects, especially sensitive tables, and to find out who can do what to them. Furthermore, in this age of web technology, the concept of the authenticated user accessing parts of your data is passing away. COURSE CONTENT:   Introducing Oracle The database management system The Oracle security model SQL*PLUS Connecting to ORACLE Commands available in SQL*PLUS SQL code – the development life cycle Configuring the SQL*PLUS monitor environment The data dictionary The Oracle system Log files Datafiles Init.ora Net8 *.ora files The control file The external password file Trace and alert files User security User creation issues Categories of users Viewing users on the system Profiles Roles Permissions and privileges Passwords Maintaining user accounts Power user accounts - system, sys, internal Startup and shutdown Operating system security Backup and recovery of the database Strategy and tactics New features in Oracle 9i and 10G Logging Auditing the database Strategy and tactics The audit sub-system master switch Creating the audit trail Viewing the audit settings Challenge and output Managing audit data Laying an audit trail Extracting production data from the system Database triggers Introduction to triggers Audit triggers Audit Workpack MB07/01