More Related Content
![[❤PDF❤] Oracle 19c Database Administration Oracle Simplified](https://cdn.slidesharecdn.com/ss_thumbnails/0137142838-210409040449-thumbnail.jpg?width=560&fit=bounds)
![E34 : [JPOUG Presents] Oracle Database の隠されている様々な謎を解くセッション「なーんでだ?」再び @ db tec...](https://cdn.slidesharecdn.com/ss_thumbnails/dbtechshowcase2015-150612232815-lva1-app6892-thumbnail.jpg?width=560&fit=bounds)
Similar to Presentation database security audit vault & database firewall (20)
Presentation database security audit vault & database firewall
- 1. Database Security Audit Vault & Database Firewall Morana Kobal Butković Senior Sales Consultant
- 2. Database Defense-in-Depth Access Control • Oracle Database Vault • Oracle Label Security • Oracle Advanced Security • Oracle Secure Backup • Oracle Data Masking Encryption and Masking Auditing and Monitoring • Oracle Audit Vault • Oracle Configuration Management • Oracle Total Recall • Oracle Database Firewall Blocking and Logging Encryption & Masking Access Control Auditing & Monitoring Blocking & Logging
- 3. <Insert Picture Here> Oracle Audit Vault
- 4. Oracle Audit Vault Business Drivers • Detective controls • Monitor privileged application user accounts for non-compliant activity – trust but verify • Audit non-application access to sensitive data (credit card, financial data, personal identifiable information, etc) • Verify that no one is trying to bypass the application security controls • PO line items are changed so it does not require more approvals • Cost of compliance • Eliminate costly and complex scripts for reporting • Reduce reporting costs for specific compliance audits • SOX, PCI, HIPAA, SAS 70, STIG
- 5. Oracle Audit Vault Automated Activity Monitoring & Audit Reporting • Consolidate audit data into secure repository • Detect and alert on suspicious activities • Out-of-the box compliance reporting • Centralized audit policy management CRM Data ERP Data Databases HR Data Audit Data Policies Built-in Reports Alerts Custom Reports ! Auditor
- 6. Oracle Audit Vault Oracle Database Audit Support • Database Audit Tables • Collect audit data for standard and fine-grained auditing • Oracle audit trail from OS files • Collect audit records written in XML or standard text file • Operating system SYSLOG • Collect Oracle database audit records from SYSLOG • Redo log • Extract before/after values and DDL changes to table • Database Vault specific audit records User Object Statement Privilege Condition AUD$ REDO Log FGA_LOG$ Audit on Logged in OS Logs
- 7. Applying Fine-Grained Auditing DBMS_FGA.ADD_POLICY ( object_schema => ‘OE', object_name => ‘ORDERS', policy_name => ‘NONAPPSUSER, audit_condition => SYS_CONTEXT('USERENV','SESSION_USER')<> 'APPS' , enable => TRUE, statement_types => 'SELECT' ); Generate Audit Record Enforce Audit Policy in Database ... SYS_CONTEXT('USERENV','SESSION_USER')<>'APPS' Select names, salary from ORDERS where...
- 8. Oracle Audit Vault Heterogeneous Database Support • Microsoft SQL server versions 2000, 2005, & 2008 • Server side trace – set specific audit event • Windows event audit – specific audit events that are viewed by the windows event viewer • C2 - automatically sets all auditable events and collects them in the audit log • Support for 2008 audit facility targeted for CY2010 • IBM DB2 8.2 - 9.5 on Linux, Unix, Windows • Extract binary audit files into a trace file • Sybase ASE 12.5.4 - 15.0.x • Utilize the native audit tables
- 9. Secure & Scalable Audit Warehouse • Audit Warehouse • Document Schema • Enable BI and analysis • Performance and Scalability • Built-in partitioning • Database compression • Scales to Terabytes • Certified with Oracle RAC • Protected with Built-in Security • Encrypted audit data transmission • Separation of Duty provided by Database Vault • Audit Vault Administrator • Audit Vault Auditor
- 10. Audit Vault User Entitlements • View all user accounts in the Oracle database • Retrieve a snapshot of user entitlement data • Filter data based on users or privileges • View or print report in PDF format • Compare changes in user accounts and privileges • View SYSDBA/SYSOPER privileges
- 11. Database User Privileges Report • Display all Oracle database users, privileges, and roles • Reports accounts and their level of access • Regulations: SOX, PCI, HIPAA, SAS 70, STIG
- 12. User Account Details Account, Roles, System/Object Privileges
- 14. Reports Management Schedule, Retention, Notification, Attestation
- 15. Oracle Audit Vault Alerts Threat Detection with Custom Alerts • Alerts can be defined for • Creating users on sensitive systems • Role grants on sensitive systems • “DBA” grants on all systems • Failed logins for application users • Directly viewing sensitive columns • …. • Add workflow for alerts • Track alerts • Drill down from the dashboard • Send alerts to distribution lists
- 16. Integration with Email / SMS / Remedy FRM: Audit Vault SUBJ: Audit Vault Alert : Create User MSG: Create User occurred On PAYROLL.ORACLE.COM @ 02-Oct-09 11:07:10 AM
- 17. Oracle Recommended Audit Settings • Auditing should be selective and effective – target privileges users, selective tables, and secure configurations • Oracle Database 11g provides default audit policy configuration ALTER ANY PROCEDURE CREATE ANY JOB DROP ANY TABLE ALTER ANY TABLE CREATE ANY LIBRARY DROP PROFILE ALTER DATABASE CREATE ANY PROCEDURE DROP USER ALTER PROFILE CREATE ANY TABLE EXEMPT ACCESS POLICY AUDIT ROLE BY ACCESS CREATE EXTERNAL JOB GRANT ANY OBJECT PRIVILEGE ALTER SYSTEM CREATE PUBLIC DATABASE LINK GRANT ANY PRIVILEGE ALTER USER CREATE SESSION GRANT ANY ROLE AUDIT SYSTEM CREATE USER AUDIT SYSTEM BY ACCESS DROP ANY PROCEDURE Included in the demo directory of the Audit Vault Server: $ORACLE_HOME/demo/secconf.sql
- 18. Auditing Resources Impact on CPU performance • Original workload CPU 1.08% for 10 audit/sec case • Original workload CPU 1.56% for 100 audit/sec case Database auditing / No Audit Vault Audit Vault collection turned on Database auditing / No Audit Vault Audit Vault collection turned on Audit Load 10 records / second 10 records / second 100 records / second 100 records / second OS Log 0.08% 0.7% 0.15% 2.7% DB Audit 0.13% 0.5% 1.6% 3.4% Redo 0% 3.7% 0% 8.2% Audit Source *Internal testing: Source: 4x32GB 3GHz Intel Xeons RHEL3.0, running 2 Oracle Database 10.2.0.3.0 AV Server: 2x6GB 3GHz Intel Xeons RHEL3.0, AV Server 10.2.2.0.0
- 19. <Insert Picture Here> New Product: Oracle Database Firewall
- 20. Oracle Database Firewall First Line of Defense • Monitor database activity on network and log/block unauthorized database access • Highly accurate SQL grammar based analysis to enforce normal activity • Built-in and custom compliance reports for SOX, PCI, and other regulations
- 21. Challenges of a Database Firewall • Building accurate policy profiles of good application behavior with changes over time • Performance to your application as the number of transactions increase over the network • Needing to throw more hardware on the network to handle my workload for scalability
- 22. Security Model and Policy Enforcement • Policy Enforcement • Performance and scalability since millions of statements can be simplified into a small number of SQL characteristics or “clusters” • High level of accuracy • Flexible enforcement: block, substitute, alert and pass, log only • Policies are easily configured using: • White List • Can be automatically generated for any application • “Allowed” behavior can be defined for any user or application • Transactions found not to match the policy instantly rejected • Black List • Stop unwanted transactions, users or schema access • Prevent privilege or role escalation and illegal access to sensitive data by using factors • Selectively block any part of transaction in context to your business and security goals
- 23. Heterogeneous Database Support • Oracle 8i, 9i, 10g, 11g • MS-SQL 2000, 2005, 2008 • Sybase 12.5.3 to 15 • SQL Anywhere v10
- 24. The Basic Components • Creates security policies • Runs on Windows desktop • Reports, archives repository • Firewall mgmt, policy mgmt • Alerts, integration • Reads SQL traffic on the network • Logs/Blocks unauthorized traffic • Monitors access Database Firewall Database Firewall Management Server Policy Analyzer Database Firewall (HA Mode) Remote/Local Monitor • Capture network traffic on DB host and forwards it to DBFW • Capture non-network traffic on DB host and sends it to the DBFW
- 25. Oracle Database Firewall Flexible Deployment Model • Deploy on customer’s existing or new hardware: • Runs Oracle Enterprise Linux base operating system • Firewall blocking mode requires certified NIC card • Scales vertically • Add CPU, disk, and memory to the servers versus adding more and more appliances • Database Firewall and Database Firewall Management Server can co-reside
- 26. Oracle Database Firewall Out of Band Deployment Mode • Monitor Only Mode – No Blocking • Also known as “SPAN” or “Span port” or “Mirrored” or “Tap” • SQL logging and reporting only • Easy for demo / POC or lab test • Easy to deploy, no risk of impacting databases or applications
- 27. Oracle Database Firewall In-Line Deployment Modes • Blocking and Monitoring • SQL traffic is inspected and verified against policy • Also known as a “Bridge” or “transparent bridge” • Sometimes only option if out-of-band ports are not available
- 28. Reporting • Database Firewall log data consolidated into reporting database • Over 130 built in reports that can be modified/customized • Entitlement report for database attestation • Activity and privileged user reports • Supports demonstrating PCI, SOX, HIPAA, etc.
- 29. Accurate, Scalable, Flexible • Most accurate Zero false positives and the competition can never get the policy created • Most scalable Scales easily by adding more CPU’s, more disk, more memory to accommodate growth. • Most flexible Software and can be deployed onto any server that supports OEL. These platforms can be servers, blades or virtual platforms.
- 30. Fast, Transparent, Open • Fastest You get more transactions through put per second that an equivalent competitive solution • Easiest to deploy Ability to understand the SQL language and categorize 10’s of thousands of transactions, results in simple policy configuration • Open Reporting Documented database tables enables customers to use virtually any reporting tool to extract forensic or summary data.