oracle database vault n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
ORACLE DATABASE VAULT PowerPoint Presentation
Download Presentation
ORACLE DATABASE VAULT

Loading in 2 Seconds...

play fullscreen
1 / 85

ORACLE DATABASE VAULT - PowerPoint PPT Presentation


  • 348 Views
  • Uploaded on

ORACLE DATABASE VAULT. Đỗ Phước Hậu 50800617 Trương Quốc Khánh 51001496. Contents. Introducing Oracle Database Vault What is a Oracle Database Vault? Components of Oracle Database Vault. Install ODV 11g Release 2 HOWTO use a Realm to secure Data Access from DBA access.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

ORACLE DATABASE VAULT


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
    Presentation Transcript
    1. ORACLE DATABASE VAULT ĐỗPhướcHậu 50800617 TrươngQuốcKhánh 51001496 Oracle Database Vault

    2. Contents • Introducing Oracle Database Vault • What is a Oracle Database Vault? • Components of Oracle Database Vault. • Install ODV 11g Release 2 • HOWTO use a Realm to secure Data Access from DBA access. • HOWTO use a Command rules to secure User Activity. • HOWTO use Rule Sets, Factors, and secure Application roles Oracle Database Vault

    3. Contents • HOWTO Use Reports in DV • HOWTO Disable and Enable DV • HOWTO Better Understand DV’s Impact on Performance Oracle Database Vault

    4. Introducing Oracle Database Vault • What is oracle database vault? • Components of oracle database vault Oracle Database Vault

    5. What is Oracle Database Vault? • Oracle Database Vault (DV) was introduced in Oracle 10gR2, 11g and 9iR2. • DV restricts access to specific areas in an Oracle database from any user. • Enable you to apply access control to your sensitive data. • Protect your data from super-privileged users but still them maintain your Oracle databases. Oracle Database Vault

    6. What is Oracle Datbase Vault? • Help to address the most difficult security problems: protecting against insider threats, meeting regulatory compliance requirements, and enforcing separation of duty. • Manage the security of an individual Oracle Database instance Oracle Database Vault

    7. Components of Oracle Database Vault Oracle Database Vault has the following components: ■ Oracle Database Vault Access Control Components ■ Oracle Database Vault Administrator (DVA) ■ Oracle Database Vault Configuration Assistant (DVCA) ■ Oracle Database Vault DVSYS and DVF Schemas ■ Oracle Database Vault PL/SQL Interfaces and Packages ■ Oracle Database Vault and Oracle Label Security PL/SQL APIs ■ Oracle Database Vault Reporting and Monitoring Tools Oracle Database Vault

    8. Oracle Database Vault Access Control Components • Realms: a functional grouping of database schemas, objects, and roles that must be secured. • Command rules: a special rule that you can create to control how users can execute almost any SQL statement, including SELECT, ALTER SYSTEM, database definition language (DDL), and data manipulation language (DML) statements. Oracle Database Vault

    9. Oracle Database Vault Access Control Components • Factors: a named variable or attribute, such as a user location, database IP address, or session user, which Oracle Database Vault can recognize and secure. • Rule sets: a collection of one or more rules that you can associate with a realm authorization, command rule, factor assignment, or secure application role. • Secure application roles: A secure application role is a special Oracle Database role that can be enabled based on the evaluation of an Oracle Database Vault rule set. Oracle Database Vault

    10. Oracle Database Vault Administrator (DVA) • A Java application that is built on top of the Oracle Database Vault PL/SQL application programming interfaces (API). • Allows security managers who may not be proficient in PL/SQL to configure the access control policy through a user-friendly interface. • An extensive collection of security-related reports that assist in understanding the baseline security configuration. Oracle Database Vault

    11. Oracle Database Vault Access Control Components • Oracle Database Vault Configuration Assistant (DVCA): To perform maintenance tasks on your Oracle Database Vault installation • Oracle Database Vault DVSYS and DVF Schemas: Stores the database objects needed to process Oracle data for Oracle Database Vault, contains the roles, views, accounts, functions, and other database objects that Oracle Database Vault uses. The DVF schema contains public functions to retrieve (at run time) the factor values set in the Oracle Database Vault access control configuration. Oracle Database Vault

    12. Oracle Database Vault Access Control Components • Oracle Database Vault PL/SQL Interfaces and Packages: allow security managers or application developers to configure the access control policy as required. • Oracle Database Vault and Oracle Label Security PL/SQL APIs: enables the security manager to define label security policy and apply it to database objects. • Oracle Database Vault Reporting and Monitoring Tools: generate reports on the various activities that Oracle Database Vault monitors. Oracle Database Vault

    13. HOWTO install Oracle Database Vault • In Oracle 11gR2, all options are already installed, you only need to enable them as follow: • Open Command Prompt, then get to [Oracle Database Homes]/bin • Type: • chopt enable lbac • chopt enable dv Oracle Database Vault

    14. HOWTO install Oracle Database Vault Oracle Database Vault

    15. HOWTO install Oracle Database Vault • Then configure the options using dbca: Oracle Database Vault

    16. HOWTO install Oracle Database Vault • After completion of this, the “Database Vault” option will be available: Oracle Database Vault

    17. HOWTO install Oracle Database Vault • Login Oracle Database Vault Oracle Database Vault

    18. HOWTO use a Realm to secure Data Access from DBA access. • Let’s use SCOTT.EMP—it has salary information in it. Before we define a realm, DBAs have access to this table—for example: Oracle Database Vault

    19. HOWTO use a Realm to secure Data Access from DBA access. Oracle Database Vault

    20. HOWTO use a Realm to secure Data Access from DBA access. Oracle Database Vault

    21. HOWTO use a Realm to secure Data Access from DBA access. Oracle Database Vault

    22. HOWTO use a Realm to secure Data Access from DBA access. Oracle Database Vault

    23. HOWTO use a Realm to secure Data Access from DBA access. Oracle Database Vault

    24. HOWTO use a Realm to secure Data Access from DBA access. Oracle Database Vault

    25. HOWTO use a Realm to secure Data Access from DBA access. Oracle Database Vault

    26. HOWTO use a Realm to secure Data Access from DBA access. • Logged on as SYSTEM you will no longer be able to access the data: Oracle Database Vault

    27. HOWTO use a Realm to secure Data Access from DBA access. • Connect as SCOTT and issue this query you will have access: Oracle Database Vault

    28. More on Realms • Realms contain a larger set of objects – schema, a group of roles or a group of objects which you want to associate a security policy. Example: Associate a role with realm, you can ensure that only you can assign this role and that a DBA can’t grant this role. Oracle Database Vault

    29. More on Realms • Allows to define who the realms owners are. • Realm participants can user their system privileges to access a realm-protected object. Oracle Database Vault

    30. More on realms • DV includes a number of prebuilt realms, they are: • DV Account Management Realm: the most important realm, it limits who can manage and create database accounts. • DV Realm: protects the DV schemas (DVSYS, DVF, and LBACSYS) • Oracle Data Dictionary Realm: protect the catalog, the SYS schema, the SYSTEM schema. • Oracle Enterprise Manager Realm: protect SYSMAN and DBSNMP. Oracle Database Vault

    31. HOWTO use a Command rules to secure User Activity. • A definition can be used to protect any activity on any object in the database. • Based on a security policy phrased within a rule. • A command rule is evaluated after the realm is checked and only if the realm check succeeds. • DV checks all relevant command rules and only if they all evaluate to true will the action be allowed. • Override regular object privilege. Oracle Database Vault

    32. HOWTO use a Command rules to secure User Activity. • Example 1: • Built a command rule disables the ability to update the SCOTT.EMP table Oracle Database Vault

    33. HOWTO use a Command rules to secure User Activity. Oracle Database Vault

    34. HOWTO use a Command rules to secure User Activity. Oracle Database Vault

    35. HOWTO use a Command rules to secure User Activity. Oracle Database Vault

    36. HOWTO use a Command rules to secure User Activity. • Now, SCOTT can insert into this table but can’t update: Oracle Database Vault

    37. HOWTO use a Command rules to secure User Activity. • Example 2: • Allow UPDATES only if the connection is made locally over a bequeath session (BEQ). Oracle Database Vault

    38. HOWTO use a Command rules to secure User Activity. Oracle Database Vault

    39. HOWTO use a Command rules to secure User Activity. Oracle Database Vault

    40. HOWTO use a Command rules to secure User Activity. Oracle Database Vault

    41. HOWTO use a Command rules to secure User Activity. Oracle Database Vault

    42. HOWTO use a Command rules to secure User Activity. Oracle Database Vault

    43. HOWTO use a Command rules to secure User Activity. Oracle Database Vault

    44. HOWTO use a Command rules to secure User Activity. Oracle Database Vault

    45. HOWTO use a Command rules to secure User Activity. Oracle Database Vault

    46. HOWTO use a Command rules to secure User Activity. Oracle Database Vault

    47. HOWTO use a Command rules to secure User Activity. Oracle Database Vault

    48. HOWTO use a Command rules to secure User Activity. • Login to the databases as SCOTT using BEQ connection Oracle Database Vault

    49. HOWTO use a Command rules to secure User Activity. • Login to the databases as SCOTT using a listener connection (TCP connection) Oracle Database Vault

    50. HOWTO use a Command rules to secure User Activity. • DV provide a set of PL/SQL procedures that can be used to create these contructs. • These are part of the DBMS_MACADM package within the DVSYS schema. Oracle Database Vault