slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Oracle Database 11g Release 2 Security Update and Plans Defense-in-Depth PowerPoint Presentation
Download Presentation
Oracle Database 11g Release 2 Security Update and Plans Defense-in-Depth

Loading in 2 Seconds...

play fullscreen
1 / 40

Oracle Database 11g Release 2 Security Update and Plans Defense-in-Depth - PowerPoint PPT Presentation


  • 180 Views
  • Uploaded on

Oracle Database 11g Release 2 Security Update and Plans Defense-in-Depth. Vipin Samar Vice President, Oracle Database Security. Program Agenda . <Insert Picture Here>. Today’s Threat Landscape Defense-in-Depth Approach Oracle Database Security Solutions Oracle Database Firewall New!

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Oracle Database 11g Release 2 Security Update and Plans Defense-in-Depth' - callum


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
oracle database 11g release 2 security update and plans defense in depth

Oracle Database 11g Release 2 Security Update and PlansDefense-in-Depth

Vipin Samar

Vice President, Oracle Database Security

program agenda
Program Agenda

<Insert Picture Here>

  • Today’s Threat Landscape
  • Defense-in-Depth Approach
  • Oracle Database Security Solutions
  • Oracle Database Firewall New!
  • Summary
  • Q&A
security technologies deployed
Security Technologies Deployed

End Point Security

Other Security

Employee

Customer

Citizen

Vulnerability Mgmt

email Security

DB Security?

Authentication

Network Security

Identity Management

how data gets compromised source verizon 2010 data breach investigations report
How Data Gets Compromised? Source: Verizon 2010 Data Breach Investigations Report

6

where losses come from
Where Losses Come From?
  • 92% of Records from Compromised Databases

2010 Data Breach Investigations Report

top attack techniques breaches and records
Top Attack Techniques% Breaches and % Records

2010 Data Breach Investigations Report

  • Most records lost through
  • ‘Stolen Credentials” & “SQL Injection”
existing security solutions not enough
Existing Security Solutions Not Enough

Key Loggers

Malware

SQL Injection

Espionage

Phishing

Botware

Social Engineering

Web Users

Application Users

Database

Application

Administrators

Data Must Be Protected in depth

database security defense in depth approach
Database SecurityDefense-In-Depth Approach
  • Monitor and block threats before they reach databases
  • Control access to data within the databases
  • Track changes and audit database activity
  • Encrypt data to prevent direct access
  • Implement with
    • Transparency – no changes to existing applications
    • High Performance – no measurable impact on applications
    • Accuracy – minimal false positives and negatives
oracle database security defense in depth
Oracle Database SecurityDefense-in-Depth

Encryption and Masking

  • Oracle Advanced Security
  • Oracle Secure Backup
  • Oracle Data Masking

Access Control

  • Oracle Database Vault
  • Oracle Label Security

Auditing and Tracking

  • Oracle Audit Vault
  • Oracle Configuration Management
  • Oracle Total Recall

Monitoring and Blocking

  • Oracle Database Firewall
oracle database security defense in depth1
Oracle Database SecurityDefense-in-Depth

Encryption and Masking

  • Oracle Advanced Security
  • Oracle Secure Backup
  • Oracle Data Masking

12

oracle advanced security end to end encryption

Disk

Backups

Exports

Off-Site

Facilities

Oracle Advanced Security End–to–end Encryption

Application

  • Efficient encryption of all application data
  • Built-in key lifecycle management
  • No application changes required
  • Works with Exadata and Oracle Advanced Compression
oracle advanced security integrated with oracle enterprise manager
Oracle Advanced Security Integrated with Oracle Enterprise Manager

14

oracle advanced security what s new and coming
Oracle Advanced Security What’s New and Coming?
  • Hardware Acceleration Support
    • Performance already < 10% for most applications
    • 7-10x performance gain with Intel Advanced Encryption Standard New Instructions (AES-NI) and Oracle SPARC T-3
  • Key Management and HSM Support
    • Certified with SafeNet, Thales, Utimaco using PKCS #11
    • Planned support for Oracle’s Key Management System
oracle data masking irreversible de identification
Oracle Data MaskingIrreversible De-Identification

Production

Non-Production

  • Mask sensitive data for test and partner systems
  • Sophisticated masking: Condition-based, compound, deterministic
  • Extensible template library and policies for automation
  • Leverage masking templates for common data types
  • Integrated masking and cloning
  • Masking of heterogeneous databases via database gateways
  • Command line support for data masking tasks

New

New

17

oracle data masking what s coming
Oracle Data MaskingWhat’s Coming?
  • Sensitive data identification based on privacy attributes
  • Application Masking templates for
    • E-Business Suite
    • Fusion Applications
oracle database security defense in depth2
Oracle Database SecurityDefense-in-Depth

Encryption and Masking

  • Oracle Advanced Security
  • Oracle Secure Backup
  • Oracle Data Masking

Access Control

  • Oracle Database Vault
  • Oracle Label Security

19

oracle database vault separation of duties privileged user controls
Oracle Database VaultSeparation of Duties & Privileged User Controls

Procurement

DBA

HR

Application

Finance

select * from finance.customers

  • Restricts application data from privileged users
  • DBA separation of duties
  • Securely consolidate application data
  • No application changes required
  • Works with Oracle Exadata

20

oracle database vault multi factor access control policy enforcement
Oracle Database VaultMulti-Factor Access Control Policy Enforcement

Procurement

HR

Application

Rebates

  • Protect application data and prevent application by-pass
  • Enforce who, where, when, and how using rules and factors
    • User Factors: Name, Authentication type, Proxy Enterprise Identity
    • Network Factors: Machine name, IP, Network Protocols
    • Database Factors: IP, Instance, Hostname, SID
    • Runtime Factors: Date, Time

21

oracle database vault out of the box protections for applications
Oracle Database VaultOut-of-the Box Protections For Applications

Oracle E-Business Suite 11i / R12

  • Pre-built policies with further possible customization
  • Complements application security
  • Transparent to existing applications
  • Minimal performance overhead
  • Certifications Underway:
    • Oracle Hyperion
    • Oracle Tax and Utilities

PeopleSoft Applications

Siebel, i-Flex, Retek

JD Edwards EnterpriseOne

SAP

Infosys Finacle

22

oracle label security data classification for access control
Oracle Label SecurityData Classification for Access Control

Sensitive

Confidential

Transactions

Public

Report Data

Reports

Confidential

Sensitive

  • Classify users and data based on business drivers
  • Database enforced row level access control
  • Users classification through Oracle Identity Management Suite
  • Classification labels can be factors in Database Vault

23

oracle database security defense in depth3
Oracle Database SecurityDefense-in-Depth

Encryption and Masking

  • Oracle Advanced Security
  • Oracle Secure Backup
  • Oracle Data Masking

Access Control

  • Oracle Database Vault
  • Oracle Label Security

Auditing and Tracking

  • Oracle Audit Vault
  • Oracle Configuration Management
  • Oracle Total Recall

24

oracle audit vault automated audit collection and reporting

Policies

HR Data

!

Alerts

CRM Data

Built-in

Reports

ERP Data

Custom

Reports

Databases

Oracle Audit VaultAutomated Audit Collection and Reporting

Audit Data

Auditor

  • Consolidate audit data into a secure warehouse
  • Create/customize compliance and entitlement reports
  • Detect and raise alerts on suspicious activities
  • Centralized audit policy management
  • Integrated audit trail cleanup

25

oracle configuration management secure configuration change tracking

Out-of-box Policies

User-defined Policies & Groups

Real-Time Change Detection

Industry & Regulatory Frameworks

Compliance Dashboard

Optimized for Oracle with Industry Specific Compliance Dashboards

Oracle Configuration ManagementSecure Configuration & Change Tracking
  • Continuous scanning against best practices and gold baselines
    • 200+ out-of-the-box policies spanning host, database, and middleware
    • Real-time detect changes to processes, files, etc
  • Violations can trigger emails, and create tickets
  • Compliance reports mapped to compliance frameworks

28

oracle database security defense in depth4
Oracle Database SecurityDefense-in-Depth

Encryption and Masking

  • Oracle Advanced Security
  • Oracle Secure Backup
  • Oracle Data Masking

Access Control

  • Oracle Database Vault
  • Oracle Label Security

Auditing and Tracking

  • Oracle Audit Vault
  • Oracle Configuration Management
  • Oracle Total Recall

Monitoring and Blocking

  • Oracle Database Firewall
oracle database firewall first line of defense
Oracle Database FirewallFirst Line of Defense

Allow

Log

Alert

Substitute

Applications

Block

Built-in

Reports

Custom

Reports

Alerts

Policies

  • Prevent unauthorized activity, application bypass and SQL injections
  • Highly accurate SQL grammar based analysis
  • Flexible enforcement options
  • Built-in and custom compliance reports
oracle database firewall security model
Oracle Database FirewallSecurity Model

White List

Allow

Block

Applications

  • White-list based policies enforce normal or expected behavior
    • Evaluate factors such as time, day, network, app, etc.
    • Easily generate white-lists for any application
  • Log, alert, block or substitute out-of-policy SQL statements
  • Black lists to stop unwanted SQL commands, user, or schema access
  • Superior performance and policy scalability based upon clustering
oracle database firewall deployment architecture
Oracle Database FirewallDeployment Architecture

In-Line Blocking

and Monitoring

Management

Server

Management

Server

Out-of-Band Monitoring

Inbound

SQL Traffic

HA In-Line Mode

Policy

Analyzer

  • In-line blocking and monitoring, or out-of-band monitoring modes
    • Monitoring of remote databases by forwarding network traffic
  • Centralized policy management and reporting
  • High availability options for Database firewalls and Management Servers
  • Support for multiple Oracle/non-Oracle Databases with the same firewall
oracle database security big picture
Oracle Database Security – Big Picture

Audit consolidation

Sensitive

Unauthorized Local Activity

Procurement

Procurement

Allow

Confidential

DB Consolidation Security

Log

HR

HR

Public

Alert

Local DBA Privilege Mis-Use

Substitute

Rebates

Rebates

Applications

Block

Network SQL Monitoring and Blocking

Encrypted Database

Data Masking

Encrypted Backups

Encrypted Exports

more oracle database security presentations
More Oracle Database Security Presentations
  • Monday:
    • 12:30 pm: Making a Business Case for Information Security MS 300
    • 3:30 pm: Oracle Database 11g Release 2 Security: Defense-in-Depth MS 103
  • Tuesday:
    • 12:30 pm: Real-World Deployment and Best Practices : Oracle Audit Vault MS 104
    • 2:00 pm: Real-World Deployment and Best Practices : Oracle Advanced Security MS 300
    • 2:00 pm: Best Practices for Ensuring the Highest Enterprise Database Security MS 304
    • 3:30 pm: Database Security Event Management : Oracle Audit Vault and ArcSight MS 300
    • 5:00 pm: Real-World Deployment and Best Practices :Oracle Database Vault MS 303
  • Wednesday:
    • 10:00 am: Protect Data and Save Money: Aberdeen MS 306
    • 11:30 am: Preventing Database Attacks With Oracle Database Firewall MS 306
    • 4:45 pm: Centralized Key Management and Performance :Oracle Advanced Security MS 306
  • Thursday:
    • 10:30 am: Deploying Oracle Database 11g Securely on Oracle Solaris MS 104

MS = Moscone South

oracle database security hands on labs
Oracle Database Security Hands-on-Labs
  • Monday:
    • Database Vault 11:00AM | Marriott Marquis, Salon 10 / 11        Check Availability 
    • Database Vault 5:00PM | Marriott Marquis, Salon 10 / 11        Check Availability
  • Tuesday:
    • Database Security 11:00AM | Marriott Marquis, Salon 10 / 11     Check Availability
  • Thursday
    • Advanced Security 12:00PM | Marriott Marquis, Salon 10 / 11    Check Availability
    • Audit Vault 1:30PM | Marriott Marquis, Salon 10 / 11       Check Availability
oracle database security demo grounds moscone west
Oracle Database Security Demo GroundsMoscone West
  • Oracle Database Firewall
  • Oracle Database Vault
  • Oracle Label Security
  • Oracle Audit Vault
  • Oracle Advanced Security
  • Oracle Database 11g Release2 Security
slide38

The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions.The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

for more information

database security

oracle.com/database/security

For More Information

search.oracle.com

39

slide40

Q

&

A

40