Tag: Oracle Blog .

Threats to Database Security Part 1

Posted on by Osama Mustafa in Database

Today, all company needs to save data and information, these kinds of data different from company to other such as (pictures, employee and Customer data); it’s so rarely to find companies used papers to save important data.We don’t disagree on database type, Sure Oracle is the best but there’s another product in the market today such as Oracle, Microsoft and k2 but all these products have common thing Called Threats .

Before this, we need to know what we mean with database Security since it’s my article subject
Database Security: can be defined as a system or process by which the “Confidentiality, Integrity, and Availability (CIA) of the database can be protectedUnauthorized entry or access to a database server signifies a loss of confidentiality; unauthorized alteration to the available data signifies loss of integrity; and lack of access to database services signifies loss of availability. Loss of one or more of these basic facets will have a significant impact on the security of the database.
This is the common defined for database security.For an illustration of this concept, imagine that the website of a company contains information like who they are, what they do, and what prospective customers have to do to contact them for their queries. In this case, the availability of the database services is more important when compared with other factors like the confidentiality or integrity of the database security.
Threats and risks to databases have increased and therefore, the need for securing databases has also increased. When it comes to securing a database, lots of things have to take care of , if you was focused On pervious talking you will know that I am talking about:
1- Confidentiality
2- Integrity
3- Availability

Confidentiality

What I mean in this word is so simple by encrypting the data stored in the database,two type of encryption in database :
1-Data-in-transit:
This refers to data that is moving within the network. Sensitive data, for example, that is sent through network layers or through the Internet. A hacker can gain access to this sensitive data by eavesdropping. When this happens, the confidentiality of the data is compromised. Encrypting datain-transit avoids such compromises.

2- Data-at-rest:
It is possible for a hacker to hack the data that is stored in the database. Encrypting data-at-rest prevents such data leakages.

Integrity
 
I am not going to say it’s too simple to, because I don’t want from Listeners to kick me; but guys for me It’s simple sorry, Integrity talking about which users have to be given what permissions in the database For example, data related to employee information is stored in a database. An employee may have permission for viewing the records and altering only part of information like his contact details, whereas a person in the human resources department will have more privileges.

To make sure everything is going to be ok just following these steps:

  • Change the password, once the database is installed.
  • Policies to set strong passwords have to be enforced. A good idea is to have a policy of changing the passwords once per a month.
  • Does your company have multiple database administrators? If yes, segregate the duties
    among these database administrators. 

Simple steps (again simple) save you and your company. 

Now last but I am not finished yet



Availability

Databases must not have unplanned downtime, to ensure this, following steps have to be taken:

  • To ensure high availability, usage of database clusters is recommended. 
  • Databases should be secured against security vulnerabilities.
  • Backup the data at periodic intervals to ensure data recovery in case of application issues.

As we all know there’s nothing perfect so when we talk about Security, that mean we talk about Threats and attackers. With the increase in usage of databases, the frequency of attacks against those databases has also increased; Database attacks are an increasing trend these days. What is the reason behind database attacks? One reason is the increase in access to data stored in databases. When the data is been accessed by many people, the chances of data theft increases. In the past, database attacks were prevalent, but were less in number as hackers hacked the network more to show it was possible to hack and not to sell proprietary information. Another reason for database attacks is to gain money selling sensitive information, which includes credit card numbers, Social Security Numbers, etc. We previously defined database security and talked about common database security concepts. Now let’s look at the various types of threats that affect database security.



Thank You 
Written By : Osama Mustafa 
Consider this as part one since i will post another one related to this .
Twitter

How to check default temporary tablespace

Posted on by Osama Mustafa in Scripts
COLUMN property_name FORMAT A30
COLUMN property_value FORMAT A30
COLUMN description FORMAT A50
SET LINESIZE 200

SELECT *
FROM database_properties
WHERE property_name like ‘%TABLESPACE’;

short topic but hope it will be useful
Thank you
Osama Mustafa

Backup an entire hard disk using dd command

Posted on by Osama Mustafa in Operating system
The ‘ dd ‘ command is one of the original Unix utilities and should be in everyone’s tool box. It can strip headers, extract parts of binary files and write into the middle of floppy disks; it is used by the Linux kernel Makefiles to make boot images. It can be used to copy and convert magnetic tape formats, convert between ASCII and EBCDIC, swap bytes, and force to upper and lowercase. 

# dd –help

full hard disk copy

dd if=/dev/hdx of=/dev/hdy
dd if=/dev/hdx of=/path/to/image
dd if=/dev/hdx | gzip > /path/to/image.gz

Hdx could be hda, hdb etc. In the second example gzip is used to compress the image if it is really just a backup.  



Restore Backup of hard disk copy

dd if=/path/to/image of=/dev/hdx

gzip -dc /path/to/image.gz | dd of=/dev/hdx  




MBR backup

In order to backup only the first few bytes containing the MBR and the partition table you can use dd as well.

dd if=/dev/hdx of=/path/to/image count=1 bs=512 



MBR restore

dd if=/path/to/image of=/dev/hdx

Add “count=1 bs=446” to exclude the partition table from being written to disk. You can manually restore the table.

 “All This Information was taken from the other site , just for information to take hard-disk backup , it will be useful to use it with Oracle ”

thank you 
Osama mustafa  
  

Upgrade 11.1.0.6 to 11.1.0.7 – APPS DBA

Posted on by Osama Mustafa in Application
On each application tier server node,
shut down all server processes or services.

On the database tier server node,
shut down the database listener in the old Oracle home.

On the database server node,
as the owner of the Oracle 11g file system and database instance, unzip and extract the 11.1.0.7 patch set file for your platform.

Use the runInstaller in the patchset to start the OUI.

Once the OUi starts from the LOV s in the Oracle_home list choose the appropriate one to be upgraded and the location also.

The present oracle_home and its location will appear if the environment is set correctly.

Proceed with the next steps on the OUI screen.

On next Screen it will Say Configuration Assistant has failed.Skip this Step since its not required for Oracle E-Business Suite .

MOST IMPORTANT STEP IN UPGRADE .
After Installation you need to Apply the RDBMS patches7486407 and 7684818

Copy $APPL_TOP/admin/adstats.sql from the administration server node to the database server node.

$ sqlplus / as sysdba
SQL> shutdown normal;
SQL> startup restrict;
SQL> @adstats.sql
SQL> shutdown normal;
SQL> startup;
SQL> exit;

Thank You
Osama mustafa

steps to upgrade 11.1.0.6.0 to 11.1.0.7.0

Posted on by Osama Mustafa in Application
O.S : Linux 64Bit
the steps the same for all Database with different patch .
Database : 11.1.0.6 (R1)

Let start upgrading :

1 – You need To install this patch p6890831_111070_Linux-x86-64.zip.
2-   Bring Down Database And Services Down And make sure it .
*Database :
sqlplus / as sysdba
SQL>shutdown immediate ;
$ps -ef | grep pmon “to make sure the database is not running”

Listener :
$lsnrctl status
$lsnrctl stop
$lsnrctl status

3-Just In case Take backup of your database .

4-unzip the patch , and run it under Oracle User 
$./runInstaller

Select the ORACLE_HOME to upgrade and then click next, the prerequisites steps will complete last click INSTALL. At the end up the installation it will ask to run root.sh as root user. We need root user password or sudo user privilege to run root.sh script.

5-After Upgrade do the following and its mandatory : 
cd $ORACLE_HOME/rdbms/admin
sqlplus  / as sysdba
SQL> startup upgrade;
SQL>spool pre_upgrade.log
SQL> @utlu111i.sql

6-cd $ORACLE_HOME/rdbms/admin
sqlplus / as sysdba
SQL> spool upgrade_date.log
SQL> @catupgrd.sql

Take check the validity, version of the installed components

sqlplus / as sysdba
sql>set pages 250
sql> set lines 1000
sql> col comp_name for a40
sql> select comp_name, version, status from dba_registry;

 7-SQL>shutdown immediate;

8-Recompiling the invalid objects
cd $ORACLE_HOME/rdbms/admin
sqlplus / as sysdba
SQL>startup;
SQL>spool recompile.log
SQL> @utlrp.sql

Cold Backup Steps for your Database :

Controlfiles, datafiles, redo logs, archive files, tempfiles must be included in the backup. If the files are in different paths, the same has to be backedup.

As Oracle User :

$mkdir /backup_date
$cp /u01/oracle/oradata/orcl/*.* /backup/backup_date
$cd $ORACLE_HOME/dbs
$cp inittest.ora inittest.ora_bkpdate
$cp spfiletest.ora spfiletest.or_bkpdate
$cp orapwtest.ora orapwtest.ora_bkpdate

**Take a backup of home path
$mkdir product_bkp
$cd /u01/oracle/product
$tar czf /backup/oracle_11106.tar.gz 11.1.0

**dbhome, coraenv,oraenv backup
As Root User :
#cd /usr/local/bin
#cp dbhome dhome_bkpdate
#cp coraenv coraenv_bkpdate
#cp oraenv oraenv_bkpdate

revert back to old version  :

1. untar the binary backup
2. Backup  the current database and then replace them with cold back taken before applying the patch.

 As Root User :

cd /usr/local/bin
#cp dbhome_bkpdate dbhome
#cp coraenv_bkpdate coraenv
#cp oraenv_bkpdate oraenv

 As Oracle User :
oracle binary restoration
cd /u01/oracle/product
$rm -rf 11.1.0
$mkdir 11.1.0
$cp /backup/oracle_11106.tar.gz 11.1.0
$cd 11.1.0
$gunzip oracle_11106.tar.gz
$tar -xvf oracle_11106.tar

Datafile backup restoration
cd /u01/oracle/oradata/orcl/
$rm *
$cd /backup/backup_date
$cp *.* /App1/oracle/oradata/orcl/
$cd $ORACLE_HOME/dbs
$cp inittest.ora_bkpdate inittest.ora
$cp spfiletest.ora_bkpdate spfiletest.ora
$cp orapwtest.ora_bkpdate orapwtest.ora

 sqlplus / as sysdba
SQL>startup;
SQL>select * from v$version;
SQL>select comp_name, version, status from dba_registry;

Osama mustafa 

Osamamustafa.blogspot.com