1 / 37

The twenty-four/seven database Oracle Database Security

The twenty-four/seven database Oracle Database Security. David Yahalom Senior database consultant davidy@xpert.com www.xpert.com www.davidyahalom.com. Security Drivers (and constraints): Enterprise value resides in Bits (I.P.) not Atoms (factories). Google Vs. Ford .

fathia
Download Presentation

The twenty-four/seven database Oracle Database Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The twenty-four/seven database Oracle Database Security David YahalomSenior database consultant davidy@xpert.com www.xpert.comwww.davidyahalom.com

  2. Security Drivers (and constraints): • Enterprise value resides in Bits (I.P.) not Atoms (factories). Google Vs. Ford. • Data everywhere, must be accurate, fast and available. • Security must be Transparent to the end user. • Security decisions increasingly tied to compliance (regulatory or in-house).

  3. Security Drivers (and constraints): • Network security is well known and understood (VPN, Firewall). • Attackers now going where data resides. • Legitimate and authenticated users are a concern.

  4. Inbound Data • Network Encryption • Strong Authentication • Identity Management • Storage • Transparent Data Encryption • Secure Backup • Monitor • Database Vault. • Audit Vault. • Configuration Scanning. • Access Control • Database Vault • Oracle Label Security • Oracle VPD • Outbound Data • Network Encryption • Data Masking

  5. “A 2007 Oracle survey found that a DBA usually spend less than 7% of total work time on database security.”

  6. Database Security is NOT a one time project.Database Security is a on-going process. • Add a security-focused DBA to the security department.

  7. The secure database solutions: • Oracle Database Vault. • Oracle Advanced Security. • Oracle Audit Vault • Virtual Private Database. • Fine-Grained Auditing. • Secure Backup.

  8. Network Oracle Database End Client DBA Backup Medium

  9. Oracle Security Solution Oracle Advanced Security

  10. Flowing & Resting data: • Worry about Encryption “in the land”. • Data at rest is a critical security concern (encrypt the heart of your data).

  11. Network Security Threats: Data Theft Data Modification or Replay My competitor sees my bids in a sealed auction. $500.00 $50,000 Data Disruption Packet stolenOrder never arrives

  12. Oracle Advanced Security: Oracle Advanced Security is a security option for the Oracle Database.Oracle Advanced Securitycombines network encryption, database encryptionand strong authenticationtogether to help customers address privacy and compliance requirements.

  13. Oracle Advanced Security: • Transparent Data Encryption: the datafile is safe! • Network protocol traffic encryption & integrity. • Strong Authentication (Kerberos, RADIUS, SSL, PKI). • Encryption standards: • RC4, DES, 3DES, AES. • MD5 + SH1 data integrity.

  14. TDE TDE Advanced Security Network Oracle Database End Client DBA Backup Medium

  15. Oracle Security Solution Oracle DatabaseVault

  16. Database Vault: Authoritative security studies have documented that more than 80% of information system data losses and attacks have been perpetrated by 'insiders' — those authorized with some level of access to the system and its data.• 80% of threats come from insiders. • 65% of internal threats are undetected.

  17. Database Vault: Oracle Database Vault addresses common regulatory compliance requirements and reduces the risk of insider threats.

  18. Database Vault: • Preventing highly privileged users (DBA) from accessing application data. • Enforcing separation of duty (DBA can’t create users, view data). • Providing controls over who, when, where and how applications, data and databases can be accessed. • Can be added to existing application environments without changes to the existing application code.

  19. Wallet password is separate from System or DBA password No access to wallet DBA starts up Database Security DBA opens wallet containing master key

  20. Database Vault Database Vault Network Oracle Database End Client DBA Backup Medium

  21. Oracle Security Solution Oracle Virtual Private Database

  22. Virtual Private Database: Also known as Fine Grained Access Control, provides powerful row-level security capabilitiesFor example, VPD can be used restrict access to data during business hours.

  23. Virtual Private Database:Transparently modifying requests for data to present a partial view of the tables to the users based on a set of defined criteria. select * from accounts; changes to: select * from accounts where am_name = BOAZ';

  24. Virtual Private Database: Oracle Label Security – optional add-on for providing easy to use interface for row-level security. No coding needed.

  25. VPD VPD Network Oracle Database End Client DBA Backup Medium

  26. Oracle Security Solution Oracle Secure Backup

  27. Secure Backup: The next generation centralized tape backupmanagement delivers advanced media management and backup encryption for file systems and Oracle.

  28. Secure Backup: • Optimized tape backup for Oracle increasing backup performance by 10 – 25%. • Secure data protection - 256 AES backup encryption for file systems protecting backup data when tapes are onsite, offsite or lost. • Integrated to EM & RMAN: tape backups can now be done by the DBA.

  29. Secure Backup Network Oracle Database End Client DBA Backup Medium

  30. Oracle Security Solution Oracle Audit Vault

  31. Audit Vault: Oracle Audit Vault turns audit data into a key security resource to help address today's security and compliance challenges. Oracle Audit Vault automates the audit collection, integrates sources, simply compliance reporting and provides scale and security.

  32. Audit Vault: • Logon failures, privilege usage, data access, object access, and other activities • Statement, privilege, schemaobject and content-based auditing. • Alerts & compliance reports. • Audit data warehouse & report generation.

  33. Oracle Security Solution The Complete Secure Database

  34. Database Vault TDE TDE Secure Backup VPD VPD Database Vault Advanced Security Advanced Security Network Oracle Database End Client DBA Backup Medium

  35. Thank You!

More Related