Documente Academic
Documente Profesional
Documente Cultură
Agenda
<Insert Picture Here>
Todays Threat Landscape Defense-in-Depth Approach Oracle Database Security Solutions Summary
Other Security
DB Security?
Authentication
Identity Management
Access Control
Oracle Database Vault Oracle Label Security
Backups
Exports
Application
Off-Site Facilities
Efficient encryption of all application data Built-in key lifecycle management No application changes required Works with Exadata and Oracle Advanced Compression
10
Production
LAST_NAME AGUILAR BENSON SSN 203-33-3234 323-22-2943 SALARY 40,000 60,000
Non-Production
LAST_NAME ANSKEKSL BKJHHEIEDK SSN 11123-1111 222-34-1345 SALARY 40,000 60,000
Mask sensitive data for test and partner systems Sophisticated masking: Condition-based, compound, deterministic Extensible template library and policies for automation Leverage masking templates for common data types Integrated masking and cloning Masking of heterogeneous databases via database gateways New Command line support for data masking tasks New
11
11
Sensitive data identification based on privacy attributes Application Masking templates for E-Business Suite Fusion Applications
12
Access Control
Oracle Database Vault Oracle Label Security
13
13
Procurement
DBA
HR
Application
Finance select * from finance.customers
Restricts application data from privileged users DBA separation of duties Securely consolidate application data No application changes required Works with Oracle Exadata
14
14
Procurement HR
Application
Rebates
Protect application data and prevent application by-pass Enforce who, where, when, and how using rules and factors
User Factors: Name, Authentication type, Proxy Enterprise Identity Network Factors: Machine name, IP, Network Protocols Database Factors: IP, Instance, Hostname, SID Runtime Factors: Date, Time
15
15
16
16
Sensitive
Transactions
Confidential
Report Data
Public
Reports
Confidential
Sensitive
Classify users and data based on business drivers Database enforced row level access control Users classification through Oracle Identity Management Suite Classification labels can be factors in Database Vault
17
17
Access Control
Oracle Database Vault Oracle Label Security
18
18
!
Audit Data
CRM Data
ERP Data
Databases
Auditor
Consolidate audit data into a secure warehouse Create/customize compliance and entitlement reports Detect and raise alerts on suspicious activities Centralized audit policy management Integrated audit trail cleanup
19
19
Continuous scanning against best practices and gold baselines 200+ out-of-the-box policies spanning host, database, and middleware Real-time detect changes to processes, files, etc Violations can trigger emails, and create tickets Compliance reports mapped to compliance frameworks
20
20
Access Control
Oracle Database Vault Oracle Label Security
21
Alerts
Built-in Reports
Custom Reports
Policies
Prevent unauthorized activity, application bypass and SQL injections Highly accurate SQL grammar based analysis Flexible enforcement options Built-in and custom compliance reports
22
White List
Allow Applications Block
White-list based policies enforce normal or expected behavior Evaluate factors such as time, day, network, app, etc. Easily generate white-lists for any application Log, alert, block or substitute out-of-policy SQL statements Black lists to stop unwanted SQL commands, user, or schema access Superior performance and policy scalability based upon clustering
23
Database Firewall log data consolidated into reporting database Over 130 built in reports that can be modified and customized Entitlements reporting for database attestation and audit
Database activity and privileged user reports Supports demonstrating PCI, SOX, HIPAA/HITECH, etc. controls Optional database activity masking
24
Audit consolidation
Encrypted Database
Data Masking
25
26
search.oracle.com
database security
oracle.com/database/security
27
27