Documente Academic
Documente Profesional
Documente Cultură
All rights
reserved.
The following is intended to outline our general product
direction. It is intended for information purposes only, and
may not be incorporated into any contract. It is not a
commitment to deliver any material, code, or functionality,
and should not be relied upon in making purchasing
decisions. The development, release, and timing of any
features or functionality described for Oracles products
remains at the sole discretion of Oracle.
Firewall Events
Auditor
Reports
Audit Data
Alerts !
Security
Manager Policies
OS, Directory, File System &
Custom Audit Logs
Audit Vault
Separation of duties
Powerful multi-event alerting with thresholds and group-by
Audit Vault
Supports monitoring and auditing multiple hundreds of heterogeneous
database and non-database targets
Supports wide range of hardware to meet load requirements
Database Firewall
Decision time is independent of the number of rules in the policy
Multi-device / multi-process / multi-core scalability
8 core can handle between 30K 60K transactions/second
Database
1) Transfer audit trail data
17
Agenda
Oracle Audit Vault and Database Firewall
Lab Exercises
LAB CONFIGURATION SETUP OF THE AUDIT VAULT AND DATABASE FIREWALL
ENVIRONMENT
19
To deactivate and remove the Audit Vault Agent:
1.Stop all audit trails being collected by the Audit Vault Agent.
1.In the Audit Vault Server console, click the Hosts tab, then click Audit Trails.
2.Select the audit trails being collected by this Audit Vault Agent, and then click Stop
2.Stop the Audit Vault Agent by running the following command on the host computer:
agentctl stop
3.Deactivate the Audit Vault Agent on the host computer:
1.In the Audit Vault Server console, click the Hosts tab.
2.Select the host name, and then click Deactivate.
3.Optionally, drop the host by selecting it, and then clicking Delete.
4.Delete the Audit Vault Agent home directory on the host computer.
Here is a summary of the users and their functions that will be used
throughout this lab exercise.
DBA_DEBRA Database Administrator Account
avadmin/Oracle123 Audit Vault Administrator
avauditor/Oracle123 Auditor
LAB EXERCISE 01 EFFECTIVELY MANAGING DATABASE AUDIT
POLICY
During this lab you will:
1. Demonstrate native Oracle database auditing and the audit settings
configured for this environment.
i) Create a table, configure auditing on that table then confirm that the audit
records are being generated successfully
Privilege auditing is the auditing of SQL statements that use a system privilege. You can audit the
use of any system privilege
(a)For example, if you enable AUDIT SELECT ANY TABLE, Oracle Database audits all SELECT tablename statements issued by
users who have the SELECT ANY TABLE privilege. This type of auditing is very important for the Sarbanes-Oxley (SOX) Act
compliance requirements.
(b) Privilege auditing audits the use of powerful system privileges enabling corresponding actions, such as AUDIT CREATE TABLE
(c) Privilege auditing does not occur if the action is already permitted by the existing owner and schema object privileges.
(d) Privilege auditing is more focused than statement auditing for the following reasons:
a. It audits only a specific type of SQL statement, not a related list of statements.
b. It audits only the use of the target privilege
Understanding Fine-Grained Auditing
Fine-grained auditing (FGA) enables you to create a policy that defines specific
conditions that must take place for the audit to occur. For example, fine-grained
auditing lets you audit the following types of activities:
(a) An IP address from outside the corporate network being used
(b) A table being accessed between 9 p.m. and 6 a.m. or on Saturday and Sunday.
(c) A table column being selected or updated
(d) A value in a table column being modified
You can create a capture rule to track changes in the database redo
log files. The capture rule specifies DML and DDL changes that should
be checked when Oracle Database scans the database redo log. You
can apply the capture rule to an individual table, a schema, or globally
to the entire database. Unlike statement, object, privilege, and fine-
grained audit policies, you do not retrieve and activate capture rule
settings from a source database, because you cannot create them
there. You only can create the capture rule in the Audit Vault Console
LAB EXERCISE 02 REDUCE TIME TO COMPLIANCE USING
ORACLE AUDIT VAULT REPORTING
HR application Logon
Username: hradmin
Password: abcd1234
Agenda
38 Copyright 2012, Oracle and/or its affiliates. All rights
reserved.
39 Copyright 2012, Oracle and/or its affiliates. All rights
reserved.