There is a lot of information to know and understand about Oracle Security and the internal database features. The security features that i will discuss here are those that are internal to the database and in future articles I will look deeper into some of these articles.
Transparent Data Encryption (TDE) is the ability to encrypt data internal in the database so it appears only as encrypted strings to those that don’t have appropriate privileges. The data is encrypted by column so only that information that is truly sensitive such as the credit card number or health care number that could identify a patient is encrypted. The encryption requires the use of the wallet. Ideally it would be kept in a separate file system which increases the level of difficulty of it being recovered along with the database from backups in the event of it being stolen. It need not be as the master key cannot be retrieved without the wallet password. The great feature of Transparent Data Encryption is that it works without altering any application code or features. A few quick changes, you can enable transparent data encryption in around 30 minutes with a few simple changes.

Proxy User is another great feature that is there to allow middle tiers to connect to the database with restricted privileges. This then means that a connection to the database from the middle tier that is compromised in an attack as not so likely to expose the data. The other feature that this brings is that in increases the audit capabilities from a three tier application. This feauter from 10gR2 is available via both thick and thin client. There is credential proxy which requires certificates and Internet Directory to associate the certificate with the LDAP DN for the user. The other feature in this is Application user proxy. Many application servers use a connection pool that is using a single user to connect to the database. This allows application users to be traced within the sessions created with the connection pool
Using Internet directory is an additional feature as identification of users can be very clearly defined and privileges are able to be managed from central privilege sets. Another useful feature is the shared schem user that can be configured in the Internet Directory This user is able to be mapped along with any others to a single schema and provided with a role that controls what that user has access to. These would be great for use with tools like Discoverer, where users could be logged into a schema with managed views of data and then through applied privileges have data access restricted.

Other features to discuss are Virtual Private database and Row Level Encryption, then there is Auditing and fine grained auditing to boot, which allows very intense scrutiny of what people are looking at.  When Oracle 10g came out there was additional auditing of the SYSDBA account and Oracle Vault has also been added to the mix. These are all features to protect your data within the database.
There are still many external features available to protect communications to the database and protect the data at rest in backups or elsewhere.
In wrapping up Oracle has many security features internal to the database that allow the DBA to configure a level of security for the businesses needs to protect important data. I will discuss this in greater details in future articles on security that I have coming up

See ya round

Peter