Rhythex Consulting - Information Security::Audit & Assurance

Oracle is one of the most exciting and challenging databases that exist. When it comes to securing an Oracle database, there are many challenges that Administrators and security professionals will face. This course is designed to be a fully comprehensive and intense introduction to planning, auditing and securing an Oracle database. Ultimately, the goal is to teach how to protect one of the most important organizaztional assets , the data. Data provides information, information leads to knowledge and knowledge is power in the business world.

Rhythex Consulting has recognized the need for a comprehensive Oracle Security and Audit training to help organizations protect their most critical information resources. In this course, the student is led through the process of auditing and securing Oracle by appreciating the risks to data, using auditing techniques for detecting unauthorized access attempts, using Oracle access controls to prevent unauthorized access, user management functions, and other techniques to secure the Oracle database, as well as applications that rely on the Oracle database for their data storage.

This course is an exciting and interesting journey on protecting this critical organizational asset!

Course Contents:
1.      Overview of the Oracle RDBMS
-         The Oracle Architecture
-         The Database
-     The Oracle instance
      -     The Oracle OS file system structure – Unix, Linux,Windows
      -     Oracle Networking – Oracle Listener and TNS protocol

2.   Oracle Database Attacks
      - SQL injection attacks and an example
      - Privilege escalation attacks and an example
      - TNS Listener attack
      - The UNIX dd tool as an oracle attack tool

3.    Oracle Users Security
      -    Default user accounts and passwords
      -    Privileged user accounts
      -    Password management

4.   Oracle Security Auditing – Standard Auditing (Part 1)
      -    Oracle Audit logs
      -    Standard Auditing in Oracle
      -    Activating and using standard auditing

5. Oracle Security Auditing – Fine Grained Auditing(FGA) (Part 2)
      - Fine Grained auditing introduction
      - FGA in 9i and 10g
      - Enabling FGA
      - FGA examples

6. Oracle Access Control – Fine Grained Access Control (Part 1)
     - Fine Grained Access Control introduction
     - Application Contexts For Security And Performance
     - Implementing Fine-Grained Access Controls with Views

7. Oracle Access Control – Virtual Private Databases (Part 2)
     - Virtual Private Databases Introduction
     - Row Level Security using VPD
     - Column Sensitive Security using VPD in Oracle 10g.

8. Oracle Patching
    - Oracle patching introduction
    - Oracle OPATCH tool
    - Oracle patchsets and metalink website
    - Auditng Oracle patch level

TARGET PARTICIPANTS: I.T Security professionals, DBAs, I.T Auditors, CISSPs, Aspiring security professionals and others.

LAPTOP REQUIRED: A laptop is required for the training. This is to afford the participant the opportunity of actually simulating actual attacks on there own laptops within a VMware virtualized environment.

Laptop specification: We recommend a laptop with a minimum of 512 MB RAM (1 GB preferable) with Windows XP, Windows server 2003 or Windows Vista
A trial version of VMware workstation software will be provided for the participants that don’t already have it. Oracle 10g software will also be provided.

Participants that have paid before the start date can come and pick up the software for installation on their laptops before the start date.

Venue:       Rhythex Learning Center
                  2nd Floor, Cedar House,
                  13 Samora Machel Road,
                      Asylum Down,Accra.

In-house Training:
In-house training can be arranged at 35% discount for 8 participants and above.
Fee for In-house = GH¢ 877.50 per participant.

For further enquiries or nomination, call Rhythex consulting on 021 236375, 0243301313. Please let your nomination reach us at least one week to the commencement of the course. We are looking forward to welcome your participants to this programme.

About the Facilitator

Michael Adesoji Adegunwa, OCDBA, CISSP, CFE
Michael Adesoji Adegunwa is a Certified Information Systems Security Professional and an Oracle Certified Database Administrator with 7 years Oracle experience. He has also worked as a Software architect/programmer with programming experience in assembly language, C/C++, Java, Visual Basic, Oracle PL/SQL and others.

He is currently with Rhythex Consulting as a Senior Technical consultant for Applications and Database Security, Audit and Control. His major research interests are buffer overflows, reverse engineering applications and Database hacking, cryptography, penetration testing and other security related research. He is a speaker at the Nigeria Oracle Users Group (NOUG) conference and writes for the NOUG magazine. He could be reached via email at soji.adegunwa@rhythexconsulting.com.


















	Database Security and Audit >>Home Oracle is one of the most exciting and challenging databases that exist. When it comes to securing an Oracle database, there are many challenges that Administrators and security professionals will face. This course is designed to be a fully comprehensive and intense introduction to planning, auditing and securing an Oracle database. Ultimately, the goal is to teach how to protect one of the most important organizaztional assets , the data. Data provides information, information leads to knowledge and knowledge is power in the business world. Rhythex Consulting has recognized the need for a comprehensive Oracle Security and Audit training to help organizations protect their most critical information resources. In this course, the student is led through the process of auditing and securing Oracle by appreciating the risks to data, using auditing techniques for detecting unauthorized access attempts, using Oracle access controls to prevent unauthorized access, user management functions, and other techniques to secure the Oracle database, as well as applications that rely on the Oracle database for their data storage. This course is an exciting and interesting journey on protecting this critical organizational asset! Course Contents: 1. Overview of the Oracle RDBMS - The Oracle Architecture - The Database - The Oracle instance - The Oracle OS file system structure – Unix, Linux,Windows - Oracle Networking – Oracle Listener and TNS protocol 2. Oracle Database Attacks - SQL injection attacks and an example - Privilege escalation attacks and an example - TNS Listener attack - The UNIX dd tool as an oracle attack tool 3. Oracle Users Security - Default user accounts and passwords - Privileged user accounts - Password management 4. Oracle Security Auditing – Standard Auditing (Part 1) - Oracle Audit logs - Standard Auditing in Oracle - Activating and using standard auditing 5. Oracle Security Auditing – Fine Grained Auditing(FGA) (Part 2) - Fine Grained auditing introduction - FGA in 9i and 10g - Enabling FGA - FGA examples 6. Oracle Access Control – Fine Grained Access Control (Part 1) - Fine Grained Access Control introduction - Application Contexts For Security And Performance - Implementing Fine-Grained Access Controls with Views 7. Oracle Access Control – Virtual Private Databases (Part 2) - Virtual Private Databases Introduction - Row Level Security using VPD - Column Sensitive Security using VPD in Oracle 10g. 8. Oracle Patching - Oracle patching introduction - Oracle OPATCH tool - Oracle patchsets and metalink website - Auditng Oracle patch level TARGET PARTICIPANTS: I.T Security professionals, DBAs, I.T Auditors, CISSPs, Aspiring security professionals and others. LAPTOP REQUIRED: A laptop is required for the training. This is to afford the participant the opportunity of actually simulating actual attacks on there own laptops within a VMware virtualized environment. Laptop specification: We recommend a laptop with a minimum of 512 MB RAM (1 GB preferable) with Windows XP, Windows server 2003 or Windows Vista A trial version of VMware workstation software will be provided for the participants that don’t already have it. Oracle 10g software will also be provided. *Participants that have paid before the start date can come and pick up the software for installation on their laptops before the start date.* Duration: 3 days Date: 31st - 2nd April,2010 Venue: Rhythex Learning Center 2nd Floor, Cedar House, 13 Samora Machel Road, Asylum Down,Accra. Fee: Gh¢ 1,350.00 (Vat inclusive) per participant. In-house Training: In-house training can be arranged at 35% discount for 8 participants and above. Fee for In-house = GH¢ 877.50 per participant. For further enquiries or nomination, call Rhythex consulting on 021 236375, 0243301313. Please let your nomination reach us at least one week to the commencement of the course. We are looking forward to welcome your participants to this programme. About the Facilitator Michael Adesoji Adegunwa, OCDBA, CISSP, CFE Michael Adesoji Adegunwa is a Certified Information Systems Security Professional and an Oracle Certified Database Administrator with 7 years Oracle experience. He has also worked as a Software architect/programmer with programming experience in assembly language, C/C++, Java, Visual Basic, Oracle PL/SQL and others. He is currently with Rhythex Consulting as a Senior Technical consultant for Applications and Database Security, Audit and Control. His major research interests are buffer overflows, reverse engineering applications and Database hacking, cryptography, penetration testing and other security related research. He is a speaker at the Nigeria Oracle Users Group (NOUG) conference and writes for the NOUG magazine. He could be reached via email at soji.adegunwa@rhythexconsulting.com.	Upcoming Events CISSP CBK Seminar Ghana Date:3rd - 7th May, 2010 Exam Date: 29th May, 2010 ................................................ CISA/CISM Lectures CISA Ghana Date:16th Jan,2010 Nigeria Date: Dec 2009 - May 2010 Exam Date: 12th June, 2010 CISM (BOOT CAMP) Ghana/Nigeria Date:15th - 19th Mar,2010 Exam Date: 12th June, 2010 ................................................ Free IT Audit Seminar for fresh Graduates Ghana - Coming up soon Nigeria - Coming up soon ................................................ IT Audit Practicals in 6 Saturdays Ghana - 6th Feb, 2010 Nigeria - 13th Feb, 2010
About us \| Our Clients \| Our Service \| E-Cisa \| Testmonials \| Faq \| Contact Us Copyright © 2008-2009 Rhythex Consulting design & hosting by Rosev Consult