slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
The twenty-four/seven database Oracle Database Security PowerPoint Presentation
Download Presentation
The twenty-four/seven database Oracle Database Security

Loading in 2 Seconds...

play fullscreen
1 / 37

The twenty-four/seven database Oracle Database Security - PowerPoint PPT Presentation


  • 88 Views
  • Uploaded on

The twenty-four/seven database Oracle Database Security. David Yahalom Senior database consultant davidy@xpert.com www.xpert.com www.davidyahalom.com. Security Drivers (and constraints): Enterprise value resides in Bits (I.P.) not Atoms (factories). Google Vs. Ford .

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'The twenty-four/seven database Oracle Database Security' - fathia


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

The twenty-four/seven database

Oracle Database Security

David YahalomSenior database consultant

davidy@xpert.com

www.xpert.comwww.davidyahalom.com

slide2

Security Drivers (and constraints):

  • Enterprise value resides in Bits (I.P.) not Atoms (factories). Google Vs. Ford.
  • Data everywhere, must be accurate, fast and available.
  • Security must be Transparent to the end user.
  • Security decisions increasingly tied to compliance (regulatory or in-house).
slide3

Security Drivers (and constraints):

  • Network security is well known and understood (VPN, Firewall).
  • Attackers now going where data resides.
  • Legitimate and authenticated users are a concern.
slide4

Inbound Data

  • Network Encryption
  • Strong Authentication
  • Identity Management
  • Storage
  • Transparent Data Encryption
  • Secure Backup
  • Monitor
  • Database Vault.
  • Audit Vault.
  • Configuration Scanning.
  • Access Control
  • Database Vault
  • Oracle Label Security
  • Oracle VPD
  • Outbound Data
  • Network Encryption
  • Data Masking
slide5

“A 2007 Oracle survey found that a DBA usually spend less than 7% of total work time on database security.”

slide6

Database Security is NOT a one time project.Database Security is a on-going process.

  • Add a security-focused DBA to the security department.
slide7

The secure database solutions:

  • Oracle Database Vault.
  • Oracle Advanced Security.
  • Oracle Audit Vault
  • Virtual Private Database.
  • Fine-Grained Auditing.
  • Secure Backup.
slide8

Network

Oracle Database

End Client

DBA

Backup Medium

slide9

Oracle Security Solution

Oracle Advanced Security

slide10

Flowing & Resting data:

  • Worry about Encryption “in the land”.
  • Data at rest is a critical security concern (encrypt the heart of your data).
slide11

Network Security Threats:

Data Theft

Data Modification or Replay

My competitor sees my bids in a sealed auction.

$500.00

$50,000

Data Disruption

Packet stolenOrder never arrives

slide12

Oracle Advanced Security:

Oracle Advanced Security is a security option for the Oracle Database.Oracle Advanced Securitycombines network encryption, database encryptionand strong authenticationtogether to help customers address privacy and compliance requirements.

slide13

Oracle Advanced Security:

  • Transparent Data Encryption: the datafile is safe!
  • Network protocol traffic encryption & integrity.
  • Strong Authentication (Kerberos, RADIUS, SSL, PKI).
  • Encryption standards:
    • RC4, DES, 3DES, AES.
    • MD5 + SH1 data integrity.
slide14

TDE

TDE

Advanced Security

Network

Oracle Database

End Client

DBA

Backup Medium

slide15

Oracle Security Solution

Oracle DatabaseVault

slide16

Database Vault:

Authoritative security studies have documented that more than 80% of information system data losses and attacks have been perpetrated by 'insiders' — those authorized with some level of access to the system and its data.• 80% of threats come from insiders.

• 65% of internal threats are undetected.

slide18

Database Vault:

Oracle Database Vault addresses common regulatory compliance requirements and reduces the risk of

insider threats.

slide19

Database Vault:

  • Preventing highly privileged users (DBA) from accessing application data.
  • Enforcing separation of duty (DBA can’t create users, view data).
  • Providing controls over who, when, where and how applications, data and databases can be accessed.
  • Can be added to existing application environments without changes to the existing application code.
slide20

Wallet password is separate from

System or DBA password

No access to wallet

DBA starts up

Database

Security DBA opens wallet

containing master key

slide21

Database Vault

Database Vault

Network

Oracle Database

End Client

DBA

Backup Medium

slide22

Oracle Security Solution

Oracle Virtual Private Database

slide23

Virtual Private Database:

Also known as Fine Grained Access Control, provides powerful row-level security capabilitiesFor example, VPD can be used restrict access to data during business hours.

slide24

Virtual Private Database:Transparently modifying requests for data to present a partial view of the tables to the users based on a set of defined criteria. select * from accounts;

changes to:

select * from accounts where am_name = BOAZ';

slide25

Virtual Private Database:

Oracle Label Security – optional add-on for providing easy to use interface for row-level security. No coding needed.

slide26

VPD

VPD

Network

Oracle Database

End Client

DBA

Backup Medium

slide27

Oracle Security Solution

Oracle Secure Backup

slide28

Secure Backup:

The next generation centralized tape backupmanagement delivers advanced media management and backup encryption for file systems and Oracle.

slide29

Secure Backup:

  • Optimized tape backup for Oracle increasing backup performance by 10 – 25%.
  • Secure data protection - 256 AES backup encryption for file systems protecting backup data when tapes are onsite, offsite or lost.
  • Integrated to EM & RMAN: tape backups can now be done by the DBA.
slide30

Secure Backup

Network

Oracle Database

End Client

DBA

Backup Medium

slide31

Oracle Security Solution

Oracle Audit Vault

slide32

Audit Vault:

Oracle Audit Vault turns audit data into a key security resource to help address today's security and compliance challenges. Oracle Audit Vault automates the audit collection, integrates sources, simply compliance reporting and provides scale and security.

slide33

Audit Vault:

  • Logon failures, privilege usage, data access, object access, and other activities
  • Statement, privilege, schemaobject and content-based auditing.
  • Alerts & compliance reports.
  • Audit data warehouse & report generation.
slide35

Oracle Security Solution

The Complete Secure Database

slide36

Database Vault

TDE

TDE

Secure Backup

VPD

VPD

Database Vault

Advanced Security

Advanced Security

Network

Oracle Database

End Client

DBA

Backup Medium