In this presentation we show how to harden the latest versions of Oracle (10g Rel.2 /11g). We talk about common architecture flaws in organizations (e.g. in Single-Home Installations) and typical security problems like database cloning, anonymisation, … and some possible solutions. To detect changes we talk about Oracle features like Virtual Private Database (VPD), Database Trigger, … and report these alerts via email or to syslog.
Alexander Kornbrust is the founder and CEO of Red-Database-Security GmbH, a company specialized in Oracle security. Red-Database-Security is one of the leading companies in Oracle security. He is responsible for Oracle security audits and Oracle Anti-hacker trainings and gave various presentations on security conferences like Black Hat, Defcon, Bluehat, IT Underground and Syscan. Alexander has worked with Oracle products as an Oracle DBA and Oracle developer since 1992. During the last six years, Alexander reported over 320 security bugs in different Oracle products.