Documente Academic
Documente Profesional
Documente Cultură
Database Firewall
Firewall Events
Auditor
Reports
Audit Data
Alerts !
Security
Manager Policies
OS, Directory, File System &
Custom Audit Logs
Audit Vault
SQL is a language with about 400 key words and a strict grammar
structure (ISO SQL spec 1500+ pages):
SELECT id, username, password, acccount_no FROM tbl_users WHERE
username = Bill AND account_no BETWEEN 1001000 AND 1001012;
KEY WORDS
OPERATORS
SCHEMA
DATA
Unless the grammar and structure of the language is known, then
errors are made when analysing SQL
UPDATE tbl_users SET comments = The user has asked for another
account_no, and wishes to be billed for services between 1/2/2009
and 2/2/2009, and wants to know where the invoice should be sent
to. She will select the new service level agreement to run from
3/7/2009 next month WHERE id = A15431029;
7 Copyright 2013, Oracle and/or its affiliates. All rights reserved.
False Alarms are too costly
Audit Records
Not audited (FGA_LOG$)
SELECT name, salary
SELECT name, job, FROM emp <timestamp>,
deptno FROM emp <SCN>,
<userid>, etc.
Block
Applications SELECT * from stock
where catalog-no= Databases
' union select cardNo,0,0
from Orders --
Databases: Oracle, SQL Server, DB2 LUW, DB2 z/OS*, Sybase ASE
New Audit Sources
Operating Systems: Microsoft Windows, Solaris
Directory Services: Active Directory
File Systems: Oracle ACFS
Auditor
Reports
Audit Data
Alerts !
Security
Manager Policies
Custom Name
Welfare Pension Insurance Number
Student Exam Hall Ticket Number Hafiza Number Damage shareholder value
Club Membership ID
New database fields added and then Results rendered by confidence factor
protected Relevant database fields imported into
the Data Privacy Catalog
23 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Oracle Confidential Restricted
Oracle Database Security Customers
Customers Worldwide Rely on Oracle
Customer Benefits
Enterprise ready
Security and compliance
Simple and flexible
Speed and scale
Trasparent and accurate
oracle.com/goto/database/security-customers
Challenge
Protect sensitive data PCI, CPNI, SPII in both Oracle and non-
Oracle Databases
Monitor database threats, including SQL injection attacks and data
Provider of wireless voice, harvesting, without having to change application code
messaging, and data
Full visibility into database activity
services throughout the U.S.
Fourth largest wireless
Understand what types of changes are being made to sensitive data
company in the U.S. with Solution
more than 35 million
subscribers Addresses data security with Database Firewall, TDE, Data Masking
Industry: Telecom as comprehensive database security defense-in-depth strategy
Database activity monitoring prevents insider and external threats
Deployed and setup within a few hours; already protected against a
few compromised accounts that were harvesting data
27 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Oracle Confidential Restricted