SlideShare una empresa de Scribd logo

5 steps to reduce risk and improve database security

ORACLE USER GROUP ESTONIA
ORACLE USER GROUP ESTONIA

Event: Oracle Day Estonia 2012 Date: 8.03.2012 Country: ESTONIA Speaker: – Edgars Rungis (Oracle)

TecnologíaNoticias y política
1 de 33
1 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
5 Steps to reduce Risk and improve Database Security Edgars Ruņģis, Technology Consultant 2 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Why Increase Database Security? 3 Copyright © 2011, Oracle and/or its affiliates. All rights Source: "Effective Data Leak Prevention Programs: Start by Protecting Data at reserved. the Source — Your Databases", IDC, August 2011
How Secure Are Your Databases ? 2011 IOUG Data Security Survey Results 4 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. http://www.oracle.com/us/products/database/2011-ioug-data-security-survey-516534.pdf
IT Security Not Addresing Database Security – Only 20% Have A Plan 5 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
5 Steps to Reduce Risk and Improve Database Security 1. Mitigate Database Bypass 2. Prevent Account Misuse 3. Consolidated Auditing and Compliance Reporting 4. Monitor Database Traffic and block Threats 5. Protect non-production Environments 6 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
How can we access data bypassing Database? • Restore DB from unprotected backup copy • Access data stored in database files by IT staff/OS users and read the information 7 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
What about Oracle Database Data Files ? 8 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. 8
Mitigate Database Bypass Oracle Advanced Security for authentication and encryption Disk Backups Exports Application Off-Site Facilities • Prevents access to data stored in database files, on tape, etc. by IT staff/OS users • Efficient application data encryption without changes • Strong authentication of database users for greater identity assurance • Built-in key management for Seperation of Duties 9 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Mitigate Database Bypass Transparent Data Encryption Key Architecture Hardware Security Module Tablespace Table Key Key Standard Wallet Master Key Auto-Open Wallet Local Auto-Open Oracle Wallet Wallet TDE Tablespace TDE Column Encryption Encryption 10 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Prevent Account Misuse What privileged users (DBA) can do ? – Access, delete, or change ANY application data • Change salary ? Why not! – Turn off auditing (!!!) • Change salary without audit trail ? Why not! – Modify audit trails to hide tracks – Intentional or accidental harmful changes • DB link from test to production system...? It happens! – Add unauthorized user accounts or modify existing accounts • Create new account for your best “friend” and grant DBA privileges ... – ... 11 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Prevent Account Misuse Oracle Database Vault to enforce privileged user access Procurement Applications HR select * from Finance finance.customers DBA • Restrict highly privileged users from application data and DBA seperation of duties • Enforce who, where, when and how data is accessed using rules and factors • Enforce least privilege for privileged database users • Prevent application by-pass • Securely consolidate application data or enable multi-tenant data management 12 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Prevent Account Misuse Example: Privileged User Access Fin Oracle DB DBA 13 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. 13
Prevent Account Misuse Example: Complete the Definition of the Realm 14 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. 14
Prevent Account Misuse Example: Privileged User Access, Again Fin Oracle DB DBA 15 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. 15
Prevent Account Misuse Some Use Cases of Oracle Database Vault Requirement Database Vault Solution Restrict DBA access to sensitive data Realm around application data allowing only the authorized application owner to access data Enforce application access through middle tier processes Rule restricting database access based on middle tier server IP (Prevent application bypass) addresses Protect mission-critical business data from intentional or Rule restricting dropping or wiping out associated database accidental harmful changes structures Restrict users access data outside standard working Rule restricting users’ login to working hours hours Enforce patching and backup to specific maintenance Rule restricting database maintenance DBA’s login to periods and monitor the patching process. maintenance day/time Rule requiring two DBAs to authenticate during maintenance periods from internal IP addresses 16 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Consolidated Auditing and Compliance Reporting 17 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Questions to consider • How do you consolidate your audit data ? • How do you detect and alert on suspicious activities ? • Do You run reports over audit data ? • Is Your audit data protected ? What about power users (DBAs)? • How do you cleanup/archive audit data ? 18 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Consolidated Auditing and Compliance Reporting Oracle Audit Vault - Trust But Verify • Consolidate database audit trail into secure centralized repository • Out-of-the box compliance reports for SOX, PCI, and other regulations – E.g., privileged user audit, entitlements, failed logins, regulated data changes • Detect and alert on suspicious activities, including privileged users – Creating users on sensitive systems, role grants, “DBA” grants, failed logins . 19 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Monitor Database Traffic and block Threats Oracle Database Firewall - First Line Of Defense • Blocks unauthorized access like SQL injections from reaching databases • SQL grammar analysis ensures accuracy, enforcment and scalability • White-list and black-list based security policies • In-line blocking and monitoring, or out-of-band monitoring modes 20 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
How to Catch Anomalous SQL with Accuracy, Performance, and Scale? SELECT * from stock where catalog-no = 'PHE8131' and location = 1 SELECT * from stock where catalog-no = ''--' and location = 1 SELECT * from stock where catalog-no = '' having 1=1 -- ' and location = 1 SELECT * from stock where catalog-no = '' order by 4--' and location = 1 SELECT * from stock where catalog-no = '' union select cardNo,customerId,0 from Orders where name = 'John Smith'--' and location = 1 SELECT * from stock where catalog-no = '' union select min(cardNo),1,0 from Orders where cardNo > '0'--' and location = 1 21 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Monitor Database Traffic and block Threats Oracle Database Firewall Positive Security Model SELECT * from stock White List where catalog-no='PHE8131' Allow Block Applications SELECT * from stock where catalog-no=‘ ' union select cardNo,0,0 from Orders --’ • “Allowed” behavior can be defined for any user or application • Automated whitelist generation for any application • Many factors to define policy (e.g. network, application, etc) • Out-of-policy Database network interactions instantly blocked 22 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Monitor Database Traffic and block Threats Oracle Database Firewall Negative Security Model SELECT * FROM Black List DBA activity via v$session Applications Block DBA activity via SELECT * FROM Approved Workstation v$session Allow + Log • Stop specific unwanted SQL interactions, user or schema access • Ensures database interactions originate from appropriate sources • Blacklist can take into account built-in factors such as time of day, day of week, network, application, etc • Provide flexibility to authorized DBAs while still monitoring activity 23 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Protect non-production environments Questions to consider ... • 37% “live” porduction data; 48% outdated production data is being used for testing, development, support, training, etc. * • Regulations restrict use of sensitive data and mandate access control (who, where, how, and why) • Why to break in into production system if the production data is available in development / test system ? • Are developers/testers authorized users of your production data ? 24 Copyright © 2011, Oracle and/or its affiliates. All rights * Source: IOUG 2010 data security survey reserved.
Protect non-production environments Oracle Data Masking secures Test System Deployment Production Test LAST_NAME SSN SALARY LAST_NAME SSN SALARY AGUILAR 203-33-3234 60,000 SMITH 111-23-1111 60,000 BENSON 323-22-2943 40,000 MILLER 222-34-1345 40,000 • Deploy secure test system by masking sensitive data • Extensible, centralized, template library and policies for automation • Sophisticated masking: Condition-based, compound, deterministic • Integrated masking and cloning • NEW in EM 12c: Application Data Modeling • NEW in EM 12c: Sensitive Data Discovery 25 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Protect non-production environments Data Discovery and Modeling • Sensitive data discovery – Pattern-based – Import from pre- built templates 26 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Why to use Data Masking ? Why not to write some scripts ? • Think about the maintance of the scripts by introducing some changes to the table structures... • What happens if your DBA leaves the organization ? • Quality of the scripts; Masking is resource intensive process; Oracle knows Oracle (optimizations) the best ;) 27 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
What’s next ? 28 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Secure Production Database Environment Oracle Database Lifecycle Management Discover Scan and Monitor Patch • Discover and classify databases into security policy groups • Scan databases against 400+ best practices and industry standards, custom enterprise- specific configuration policies, and enforce security compliance • Detect and prevent unauthorized database configuration changes, trouble ticket tracking • Automated patching and secure provisioning 29 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Security Homepage in Oracle Enterprise Manager 12c 30 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Oracle Database Security Strategy Compliance Data Vulnerability Scan Discovery Scan Patch Activity Audit Automation Auditing Encrypted Database Applications Authorization Data Masking Authentication Network SQL Monitoring and Blocking Unauthorized Multi-factor DBA Activity authorization 31 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
32 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
33 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.

Recomendados

Database & Technology 1 _ Barbara Rabinowicz _ Database Security Methoda and ...
Database & Technology 1 _ Barbara Rabinowicz _ Database Security Methoda and ...Database & Technology 1 _ Barbara Rabinowicz _ Database Security Methoda and ...
Database & Technology 1 _ Barbara Rabinowicz _ Database Security Methoda and ...InSync2011
 
Atelier Oracle
Atelier OracleAtelier Oracle
Atelier Oraclepimp uncle
 
Presentation database security audit vault & database firewall
Presentation database security audit vault & database firewallPresentation database security audit vault & database firewall
Presentation database security audit vault & database firewallxKinAnx
 
Oracle – parim andmelao platvorm! - Andrus Altrov ja Kaur Tiitus
Oracle – parim andmelao platvorm! - Andrus Altrov ja Kaur TiitusOracle – parim andmelao platvorm! - Andrus Altrov ja Kaur Tiitus
Oracle – parim andmelao platvorm! - Andrus Altrov ja Kaur TiitusORACLE USER GROUP ESTONIA
 
Infosüsteemide infrastruktuuri haldus ja monitooring Oracle Enterprise Manage...
Infosüsteemide infrastruktuuri haldus ja monitooring Oracle Enterprise Manage...Infosüsteemide infrastruktuuri haldus ja monitooring Oracle Enterprise Manage...
Infosüsteemide infrastruktuuri haldus ja monitooring Oracle Enterprise Manage...ORACLE USER GROUP ESTONIA
 
Gender And Collective Action
Gender And Collective ActionGender And Collective Action
Gender And Collective ActionIFPRI Gender
 
Essbase juurutus Bonnier Business Press in Central and Eastern Europe divisjo...
Essbase juurutus Bonnier Business Press in Central and Eastern Europe divisjo...Essbase juurutus Bonnier Business Press in Central and Eastern Europe divisjo...
Essbase juurutus Bonnier Business Press in Central and Eastern Europe divisjo...ORACLE USER GROUP ESTONIA
 
Oracle Storage – Innovation and cost cutting bundle
Oracle Storage – Innovation and cost cutting bundleOracle Storage – Innovation and cost cutting bundle
Oracle Storage – Innovation and cost cutting bundleORACLE USER GROUP ESTONIA
 

Recomendados

Database & Technology 1 _ Barbara Rabinowicz _ Database Security Methoda and ...
Database & Technology 1 _ Barbara Rabinowicz _ Database Security Methoda and ...Database & Technology 1 _ Barbara Rabinowicz _ Database Security Methoda and ...
Database & Technology 1 _ Barbara Rabinowicz _ Database Security Methoda and ...InSync2011
 
Atelier Oracle
Atelier OracleAtelier Oracle
Atelier Oraclepimp uncle
 
Presentation database security audit vault & database firewall
Presentation database security audit vault & database firewallPresentation database security audit vault & database firewall
Presentation database security audit vault & database firewallxKinAnx
 
Oracle – parim andmelao platvorm! - Andrus Altrov ja Kaur Tiitus
Oracle – parim andmelao platvorm! - Andrus Altrov ja Kaur TiitusOracle – parim andmelao platvorm! - Andrus Altrov ja Kaur Tiitus
Oracle – parim andmelao platvorm! - Andrus Altrov ja Kaur TiitusORACLE USER GROUP ESTONIA
 
Infosüsteemide infrastruktuuri haldus ja monitooring Oracle Enterprise Manage...
Infosüsteemide infrastruktuuri haldus ja monitooring Oracle Enterprise Manage...Infosüsteemide infrastruktuuri haldus ja monitooring Oracle Enterprise Manage...
Infosüsteemide infrastruktuuri haldus ja monitooring Oracle Enterprise Manage...ORACLE USER GROUP ESTONIA
 
Gender And Collective Action
Gender And Collective ActionGender And Collective Action
Gender And Collective ActionIFPRI Gender
 
Essbase juurutus Bonnier Business Press in Central and Eastern Europe divisjo...
Essbase juurutus Bonnier Business Press in Central and Eastern Europe divisjo...Essbase juurutus Bonnier Business Press in Central and Eastern Europe divisjo...
Essbase juurutus Bonnier Business Press in Central and Eastern Europe divisjo...ORACLE USER GROUP ESTONIA
 
Oracle Storage – Innovation and cost cutting bundle
Oracle Storage – Innovation and cost cutting bundleOracle Storage – Innovation and cost cutting bundle
Oracle Storage – Innovation and cost cutting bundleORACLE USER GROUP ESTONIA
 
Net boss xt datasheet
Net boss xt datasheetNet boss xt datasheet
Net boss xt datasheetcepillorno
 
Planning Your Oracle E-Business Suite Upgrade to Release 12.1
Planning Your Oracle E-Business Suite Upgrade to Release 12.1Planning Your Oracle E-Business Suite Upgrade to Release 12.1
Planning Your Oracle E-Business Suite Upgrade to Release 12.1ORACLE USER GROUP ESTONIA
 
Millist vundamenti vajab üks korralik rakendus oracle lahendused läbi teenuse...
Millist vundamenti vajab üks korralik rakendus oracle lahendused läbi teenuse...Millist vundamenti vajab üks korralik rakendus oracle lahendused läbi teenuse...
Millist vundamenti vajab üks korralik rakendus oracle lahendused läbi teenuse...ORACLE USER GROUP ESTONIA
 
Oracle VM – the coolest virtualizator you’ve ever had
Oracle VM – the coolest virtualizator you’ve ever had Oracle VM – the coolest virtualizator you’ve ever had
Oracle VM – the coolest virtualizator you’ve ever had ORACLE USER GROUP ESTONIA
 
Database Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower CostsDatabase Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower CostsImperva
 
Oracle Database 12c Attack Vectors
Oracle Database 12c Attack VectorsOracle Database 12c Attack Vectors
Oracle Database 12c Attack VectorsMartin Toshev
 
Oracle CRM on Demand
Oracle CRM on DemandOracle CRM on Demand
Oracle CRM on DemandORACLE USER GROUP ESTONIA
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2Oracle BH
 
Les guides d'audit TI de l'ISACA
Les guides d'audit TI de l'ISACALes guides d'audit TI de l'ISACA
Les guides d'audit TI de l'ISACAYann Riviere CCSK, CISSP, CRISC, CISM
 
alphorm.com - Formation Oracle Database 11g DBA 1 (1Z0-052)
alphorm.com - Formation Oracle Database 11g DBA 1 (1Z0-052)alphorm.com - Formation Oracle Database 11g DBA 1 (1Z0-052)
alphorm.com - Formation Oracle Database 11g DBA 1 (1Z0-052)Alphorm
 
Oracle CRM Case Management
Oracle CRM Case ManagementOracle CRM Case Management
Oracle CRM Case ManagementORACLE USER GROUP ESTONIA
 
IT valdkonna konsolideerimine Rahandusministeeriumi valitsemisalas – RMIT
IT valdkonna konsolideerimine Rahandusministeeriumi valitsemisalas – RMITIT valdkonna konsolideerimine Rahandusministeeriumi valitsemisalas – RMIT
IT valdkonna konsolideerimine Rahandusministeeriumi valitsemisalas – RMITORACLE USER GROUP ESTONIA
 
Maailmarekordi sünd läbi rahva- ja eluruumide loenduse e-lahenduse
Maailmarekordi sünd läbi rahva- ja eluruumide loenduse e-lahenduseMaailmarekordi sünd läbi rahva- ja eluruumide loenduse e-lahenduse
Maailmarekordi sünd läbi rahva- ja eluruumide loenduse e-lahenduseORACLE USER GROUP ESTONIA
 
Advanced Customer Support Services - Alexander Barkalov
Advanced Customer Support Services - Alexander BarkalovAdvanced Customer Support Services - Alexander Barkalov
Advanced Customer Support Services - Alexander BarkalovORACLE USER GROUP ESTONIA
 
Oracle University - Your Complete Training Source for Oracle Software and Har...
Oracle University - Your Complete Training Source for Oracle Software and Har...Oracle University - Your Complete Training Source for Oracle Software and Har...
Oracle University - Your Complete Training Source for Oracle Software and Har...ORACLE USER GROUP ESTONIA
 
Oracle University - Your Complete Training Source for Oracle Software and Har...
Oracle University - Your Complete Training Source for Oracle Software and Har...Oracle University - Your Complete Training Source for Oracle Software and Har...
Oracle University - Your Complete Training Source for Oracle Software and Har...ORACLE USER GROUP ESTONIA
 
Corporate overview the services story
Corporate overview the services storyCorporate overview the services story
Corporate overview the services storyORACLE USER GROUP ESTONIA
 
Oracle Fusion Middleware - pragmatic approach to build up your applications -...
Oracle Fusion Middleware - pragmatic approach to build up your applications -...Oracle Fusion Middleware - pragmatic approach to build up your applications -...
Oracle Fusion Middleware - pragmatic approach to build up your applications -...ORACLE USER GROUP ESTONIA
 
Metaandmete haldus - Jüri Harju
Metaandmete haldus - Jüri HarjuMetaandmete haldus - Jüri Harju
Metaandmete haldus - Jüri HarjuORACLE USER GROUP ESTONIA
 
Golden gate11g overview - Edgars Rungis
Golden gate11g overview - Edgars RungisGolden gate11g overview - Edgars Rungis
Golden gate11g overview - Edgars RungisORACLE USER GROUP ESTONIA
 
Oracle data integrator in swedbank EDW - Rein Adamson ja Mart Tudre
Oracle data integrator in swedbank EDW - Rein Adamson ja Mart TudreOracle data integrator in swedbank EDW - Rein Adamson ja Mart Tudre
Oracle data integrator in swedbank EDW - Rein Adamson ja Mart TudreORACLE USER GROUP ESTONIA
 

Más contenido relacionado

Destacado

Net boss xt datasheet
Net boss xt datasheetNet boss xt datasheet
Net boss xt datasheetcepillorno
 
Planning Your Oracle E-Business Suite Upgrade to Release 12.1
Planning Your Oracle E-Business Suite Upgrade to Release 12.1Planning Your Oracle E-Business Suite Upgrade to Release 12.1
Planning Your Oracle E-Business Suite Upgrade to Release 12.1ORACLE USER GROUP ESTONIA
 
Millist vundamenti vajab üks korralik rakendus oracle lahendused läbi teenuse...
Millist vundamenti vajab üks korralik rakendus oracle lahendused läbi teenuse...Millist vundamenti vajab üks korralik rakendus oracle lahendused läbi teenuse...
Millist vundamenti vajab üks korralik rakendus oracle lahendused läbi teenuse...ORACLE USER GROUP ESTONIA
 
Oracle VM – the coolest virtualizator you’ve ever had
Oracle VM – the coolest virtualizator you’ve ever had Oracle VM – the coolest virtualizator you’ve ever had
Oracle VM – the coolest virtualizator you’ve ever had ORACLE USER GROUP ESTONIA
 
Database Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower CostsDatabase Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower CostsImperva
 
Oracle Database 12c Attack Vectors
Oracle Database 12c Attack VectorsOracle Database 12c Attack Vectors
Oracle Database 12c Attack VectorsMartin Toshev
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2Oracle BH
 
alphorm.com - Formation Oracle Database 11g DBA 1 (1Z0-052)
alphorm.com - Formation Oracle Database 11g DBA 1 (1Z0-052)alphorm.com - Formation Oracle Database 11g DBA 1 (1Z0-052)
alphorm.com - Formation Oracle Database 11g DBA 1 (1Z0-052)Alphorm
 

Destacado (11)

Net boss xt datasheet
Net boss xt datasheetNet boss xt datasheet
Net boss xt datasheet
 
Planning Your Oracle E-Business Suite Upgrade to Release 12.1
Planning Your Oracle E-Business Suite Upgrade to Release 12.1Planning Your Oracle E-Business Suite Upgrade to Release 12.1
Planning Your Oracle E-Business Suite Upgrade to Release 12.1
 
Millist vundamenti vajab üks korralik rakendus oracle lahendused läbi teenuse...
Millist vundamenti vajab üks korralik rakendus oracle lahendused läbi teenuse...Millist vundamenti vajab üks korralik rakendus oracle lahendused läbi teenuse...
Millist vundamenti vajab üks korralik rakendus oracle lahendused läbi teenuse...
 
Oracle VM – the coolest virtualizator you’ve ever had
Oracle VM – the coolest virtualizator you’ve ever had Oracle VM – the coolest virtualizator you’ve ever had
Oracle VM – the coolest virtualizator you’ve ever had
 
Database Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower CostsDatabase Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower Costs
 
Oracle Database 12c Attack Vectors
Oracle Database 12c Attack VectorsOracle Database 12c Attack Vectors
Oracle Database 12c Attack Vectors
 
Oracle CRM on Demand
Oracle CRM on DemandOracle CRM on Demand
Oracle CRM on Demand
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
 
Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2
 
Les guides d'audit TI de l'ISACA
Les guides d'audit TI de l'ISACALes guides d'audit TI de l'ISACA
Les guides d'audit TI de l'ISACA
 
alphorm.com - Formation Oracle Database 11g DBA 1 (1Z0-052)
alphorm.com - Formation Oracle Database 11g DBA 1 (1Z0-052)alphorm.com - Formation Oracle Database 11g DBA 1 (1Z0-052)
alphorm.com - Formation Oracle Database 11g DBA 1 (1Z0-052)
 

Más de ORACLE USER GROUP ESTONIA

IT valdkonna konsolideerimine Rahandusministeeriumi valitsemisalas – RMIT
IT valdkonna konsolideerimine Rahandusministeeriumi valitsemisalas – RMITIT valdkonna konsolideerimine Rahandusministeeriumi valitsemisalas – RMIT
IT valdkonna konsolideerimine Rahandusministeeriumi valitsemisalas – RMITORACLE USER GROUP ESTONIA
 
Maailmarekordi sünd läbi rahva- ja eluruumide loenduse e-lahenduse
Maailmarekordi sünd läbi rahva- ja eluruumide loenduse e-lahenduseMaailmarekordi sünd läbi rahva- ja eluruumide loenduse e-lahenduse
Maailmarekordi sünd läbi rahva- ja eluruumide loenduse e-lahenduseORACLE USER GROUP ESTONIA
 
Advanced Customer Support Services - Alexander Barkalov
Advanced Customer Support Services - Alexander BarkalovAdvanced Customer Support Services - Alexander Barkalov
Advanced Customer Support Services - Alexander BarkalovORACLE USER GROUP ESTONIA
 
Oracle University - Your Complete Training Source for Oracle Software and Har...
Oracle University - Your Complete Training Source for Oracle Software and Har...Oracle University - Your Complete Training Source for Oracle Software and Har...
Oracle University - Your Complete Training Source for Oracle Software and Har...ORACLE USER GROUP ESTONIA
 
Oracle University - Your Complete Training Source for Oracle Software and Har...
Oracle University - Your Complete Training Source for Oracle Software and Har...Oracle University - Your Complete Training Source for Oracle Software and Har...
Oracle University - Your Complete Training Source for Oracle Software and Har...ORACLE USER GROUP ESTONIA
 
Oracle Fusion Middleware - pragmatic approach to build up your applications -...
Oracle Fusion Middleware - pragmatic approach to build up your applications -...Oracle Fusion Middleware - pragmatic approach to build up your applications -...
Oracle Fusion Middleware - pragmatic approach to build up your applications -...ORACLE USER GROUP ESTONIA
 
Oracle data integrator in swedbank EDW - Rein Adamson ja Mart Tudre
Oracle data integrator in swedbank EDW - Rein Adamson ja Mart TudreOracle data integrator in swedbank EDW - Rein Adamson ja Mart Tudre
Oracle data integrator in swedbank EDW - Rein Adamson ja Mart TudreORACLE USER GROUP ESTONIA
 
Mitmepalgeline uus protsessor T4 SUN´i perekonnast - Karel Kannel
Mitmepalgeline uus protsessor T4 SUN´i perekonnast - Karel KannelMitmepalgeline uus protsessor T4 SUN´i perekonnast - Karel Kannel
Mitmepalgeline uus protsessor T4 SUN´i perekonnast - Karel KannelORACLE USER GROUP ESTONIA
 
Oracle´i maailma uudised - Olle Tischler ja Tarvi Tara
Oracle´i maailma uudised - Olle Tischler ja Tarvi TaraOracle´i maailma uudised - Olle Tischler ja Tarvi Tara
Oracle´i maailma uudised - Olle Tischler ja Tarvi TaraORACLE USER GROUP ESTONIA
 
Ettevõtte sisuhaldus (ECM) - Leeni Langebraun
Ettevõtte sisuhaldus (ECM) - Leeni LangebraunEttevõtte sisuhaldus (ECM) - Leeni Langebraun
Ettevõtte sisuhaldus (ECM) - Leeni LangebraunORACLE USER GROUP ESTONIA
 
Tänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi TaraTänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi TaraORACLE USER GROUP ESTONIA
 
Using multi tiered storage systems for storing both structured & unstructured...
Using multi tiered storage systems for storing both structured & unstructured...Using multi tiered storage systems for storing both structured & unstructured...
Using multi tiered storage systems for storing both structured & unstructured...ORACLE USER GROUP ESTONIA
 
Oracle Open-Office and other freeware solutions for end-users - Tarvi Tara
Oracle Open-Office and other freeware solutions for end-users - Tarvi TaraOracle Open-Office and other freeware solutions for end-users - Tarvi Tara
Oracle Open-Office and other freeware solutions for end-users - Tarvi TaraORACLE USER GROUP ESTONIA
 
Sun T3 massively parallel CPU for today's workloads. Solaris 11 express new ...
Sun T3 massively parallel CPU for today's workloads. Solaris 11 express new ...Sun T3 massively parallel CPU for today's workloads. Solaris 11 express new ...
Sun T3 massively parallel CPU for today's workloads. Solaris 11 express new ...ORACLE USER GROUP ESTONIA
 
Oracle best kept secrets for platform consolidation and virtualisation sun b...
Oracle best kept secrets for platform consolidation and virtualisation sun b...Oracle best kept secrets for platform consolidation and virtualisation sun b...
Oracle best kept secrets for platform consolidation and virtualisation sun b...ORACLE USER GROUP ESTONIA
 

Más de ORACLE USER GROUP ESTONIA (20)

Oracle CRM Case Management
Oracle CRM Case ManagementOracle CRM Case Management
Oracle CRM Case Management
 
IT valdkonna konsolideerimine Rahandusministeeriumi valitsemisalas – RMIT
IT valdkonna konsolideerimine Rahandusministeeriumi valitsemisalas – RMITIT valdkonna konsolideerimine Rahandusministeeriumi valitsemisalas – RMIT
IT valdkonna konsolideerimine Rahandusministeeriumi valitsemisalas – RMIT
 
Maailmarekordi sünd läbi rahva- ja eluruumide loenduse e-lahenduse
Maailmarekordi sünd läbi rahva- ja eluruumide loenduse e-lahenduseMaailmarekordi sünd läbi rahva- ja eluruumide loenduse e-lahenduse
Maailmarekordi sünd läbi rahva- ja eluruumide loenduse e-lahenduse
 
Advanced Customer Support Services - Alexander Barkalov
Advanced Customer Support Services - Alexander BarkalovAdvanced Customer Support Services - Alexander Barkalov
Advanced Customer Support Services - Alexander Barkalov
 
Oracle University - Your Complete Training Source for Oracle Software and Har...
Oracle University - Your Complete Training Source for Oracle Software and Har...Oracle University - Your Complete Training Source for Oracle Software and Har...
Oracle University - Your Complete Training Source for Oracle Software and Har...
 
Oracle University - Your Complete Training Source for Oracle Software and Har...
Oracle University - Your Complete Training Source for Oracle Software and Har...Oracle University - Your Complete Training Source for Oracle Software and Har...
Oracle University - Your Complete Training Source for Oracle Software and Har...
 
Corporate overview the services story
Corporate overview the services storyCorporate overview the services story
Corporate overview the services story
 
Oracle Fusion Middleware - pragmatic approach to build up your applications -...
Oracle Fusion Middleware - pragmatic approach to build up your applications -...Oracle Fusion Middleware - pragmatic approach to build up your applications -...
Oracle Fusion Middleware - pragmatic approach to build up your applications -...
 
Metaandmete haldus - Jüri Harju
Metaandmete haldus - Jüri HarjuMetaandmete haldus - Jüri Harju
Metaandmete haldus - Jüri Harju
 
Golden gate11g overview - Edgars Rungis
Golden gate11g overview - Edgars RungisGolden gate11g overview - Edgars Rungis
Golden gate11g overview - Edgars Rungis
 
Oracle data integrator in swedbank EDW - Rein Adamson ja Mart Tudre
Oracle data integrator in swedbank EDW - Rein Adamson ja Mart TudreOracle data integrator in swedbank EDW - Rein Adamson ja Mart Tudre
Oracle data integrator in swedbank EDW - Rein Adamson ja Mart Tudre
 
Mitmepalgeline uus protsessor T4 SUN´i perekonnast - Karel Kannel
Mitmepalgeline uus protsessor T4 SUN´i perekonnast - Karel KannelMitmepalgeline uus protsessor T4 SUN´i perekonnast - Karel Kannel
Mitmepalgeline uus protsessor T4 SUN´i perekonnast - Karel Kannel
 
Oracle vm 3.0 Fresh Start - Tarmo Alasoo
Oracle vm 3.0 Fresh Start - Tarmo AlasooOracle vm 3.0 Fresh Start - Tarmo Alasoo
Oracle vm 3.0 Fresh Start - Tarmo Alasoo
 
Oracle´i maailma uudised - Olle Tischler ja Tarvi Tara
Oracle´i maailma uudised - Olle Tischler ja Tarvi TaraOracle´i maailma uudised - Olle Tischler ja Tarvi Tara
Oracle´i maailma uudised - Olle Tischler ja Tarvi Tara
 
Ettevõtte sisuhaldus (ECM) - Leeni Langebraun
Ettevõtte sisuhaldus (ECM) - Leeni LangebraunEttevõtte sisuhaldus (ECM) - Leeni Langebraun
Ettevõtte sisuhaldus (ECM) - Leeni Langebraun
 
Tänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi TaraTänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi Tara
 
Using multi tiered storage systems for storing both structured & unstructured...
Using multi tiered storage systems for storing both structured & unstructured...Using multi tiered storage systems for storing both structured & unstructured...
Using multi tiered storage systems for storing both structured & unstructured...
 
Oracle Open-Office and other freeware solutions for end-users - Tarvi Tara
Oracle Open-Office and other freeware solutions for end-users - Tarvi TaraOracle Open-Office and other freeware solutions for end-users - Tarvi Tara
Oracle Open-Office and other freeware solutions for end-users - Tarvi Tara
 
Sun T3 massively parallel CPU for today's workloads. Solaris 11 express new ...
Sun T3 massively parallel CPU for today's workloads. Solaris 11 express new ...Sun T3 massively parallel CPU for today's workloads. Solaris 11 express new ...
Sun T3 massively parallel CPU for today's workloads. Solaris 11 express new ...
 
Oracle best kept secrets for platform consolidation and virtualisation sun b...
Oracle best kept secrets for platform consolidation and virtualisation sun b...Oracle best kept secrets for platform consolidation and virtualisation sun b...
Oracle best kept secrets for platform consolidation and virtualisation sun b...
 

Último

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 

Último (20)

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 

5 steps to reduce risk and improve database security

  • 1. 1 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • 2. 5 Steps to reduce Risk and improve Database Security Edgars Ruņģis, Technology Consultant 2 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • 3. Why Increase Database Security? 3 Copyright © 2011, Oracle and/or its affiliates. All rights Source: "Effective Data Leak Prevention Programs: Start by Protecting Data at reserved. the Source — Your Databases", IDC, August 2011
  • 4. How Secure Are Your Databases ? 2011 IOUG Data Security Survey Results 4 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. http://www.oracle.com/us/products/database/2011-ioug-data-security-survey-516534.pdf
  • 5. IT Security Not Addresing Database Security – Only 20% Have A Plan 5 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • 6. 5 Steps to Reduce Risk and Improve Database Security 1. Mitigate Database Bypass 2. Prevent Account Misuse 3. Consolidated Auditing and Compliance Reporting 4. Monitor Database Traffic and block Threats 5. Protect non-production Environments 6 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • 7. How can we access data bypassing Database? • Restore DB from unprotected backup copy • Access data stored in database files by IT staff/OS users and read the information 7 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • 8. What about Oracle Database Data Files ? 8 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. 8
  • 9. Mitigate Database Bypass Oracle Advanced Security for authentication and encryption Disk Backups Exports Application Off-Site Facilities • Prevents access to data stored in database files, on tape, etc. by IT staff/OS users • Efficient application data encryption without changes • Strong authentication of database users for greater identity assurance • Built-in key management for Seperation of Duties 9 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • 10. Mitigate Database Bypass Transparent Data Encryption Key Architecture Hardware Security Module Tablespace Table Key Key Standard Wallet Master Key Auto-Open Wallet Local Auto-Open Oracle Wallet Wallet TDE Tablespace TDE Column Encryption Encryption 10 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • 11. Prevent Account Misuse What privileged users (DBA) can do ? – Access, delete, or change ANY application data • Change salary ? Why not! – Turn off auditing (!!!) • Change salary without audit trail ? Why not! – Modify audit trails to hide tracks – Intentional or accidental harmful changes • DB link from test to production system...? It happens! – Add unauthorized user accounts or modify existing accounts • Create new account for your best “friend” and grant DBA privileges ... – ... 11 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • 12. Prevent Account Misuse Oracle Database Vault to enforce privileged user access Procurement Applications HR select * from Finance finance.customers DBA • Restrict highly privileged users from application data and DBA seperation of duties • Enforce who, where, when and how data is accessed using rules and factors • Enforce least privilege for privileged database users • Prevent application by-pass • Securely consolidate application data or enable multi-tenant data management 12 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • 13. Prevent Account Misuse Example: Privileged User Access Fin Oracle DB DBA 13 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. 13
  • 14. Prevent Account Misuse Example: Complete the Definition of the Realm 14 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. 14
  • 15. Prevent Account Misuse Example: Privileged User Access, Again Fin Oracle DB DBA 15 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. 15
  • 16. Prevent Account Misuse Some Use Cases of Oracle Database Vault Requirement Database Vault Solution Restrict DBA access to sensitive data Realm around application data allowing only the authorized application owner to access data Enforce application access through middle tier processes Rule restricting database access based on middle tier server IP (Prevent application bypass) addresses Protect mission-critical business data from intentional or Rule restricting dropping or wiping out associated database accidental harmful changes structures Restrict users access data outside standard working Rule restricting users’ login to working hours hours Enforce patching and backup to specific maintenance Rule restricting database maintenance DBA’s login to periods and monitor the patching process. maintenance day/time Rule requiring two DBAs to authenticate during maintenance periods from internal IP addresses 16 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • 17. Consolidated Auditing and Compliance Reporting 17 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • 18. Questions to consider • How do you consolidate your audit data ? • How do you detect and alert on suspicious activities ? • Do You run reports over audit data ? • Is Your audit data protected ? What about power users (DBAs)? • How do you cleanup/archive audit data ? 18 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • 19. Consolidated Auditing and Compliance Reporting Oracle Audit Vault - Trust But Verify • Consolidate database audit trail into secure centralized repository • Out-of-the box compliance reports for SOX, PCI, and other regulations – E.g., privileged user audit, entitlements, failed logins, regulated data changes • Detect and alert on suspicious activities, including privileged users – Creating users on sensitive systems, role grants, “DBA” grants, failed logins . 19 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • 20. Monitor Database Traffic and block Threats Oracle Database Firewall - First Line Of Defense • Blocks unauthorized access like SQL injections from reaching databases • SQL grammar analysis ensures accuracy, enforcment and scalability • White-list and black-list based security policies • In-line blocking and monitoring, or out-of-band monitoring modes 20 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • 21. How to Catch Anomalous SQL with Accuracy, Performance, and Scale? SELECT * from stock where catalog-no = 'PHE8131' and location = 1 SELECT * from stock where catalog-no = ''--' and location = 1 SELECT * from stock where catalog-no = '' having 1=1 -- ' and location = 1 SELECT * from stock where catalog-no = '' order by 4--' and location = 1 SELECT * from stock where catalog-no = '' union select cardNo,customerId,0 from Orders where name = 'John Smith'--' and location = 1 SELECT * from stock where catalog-no = '' union select min(cardNo),1,0 from Orders where cardNo > '0'--' and location = 1 21 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • 22. Monitor Database Traffic and block Threats Oracle Database Firewall Positive Security Model SELECT * from stock White List where catalog-no='PHE8131' Allow Block Applications SELECT * from stock where catalog-no=‘ ' union select cardNo,0,0 from Orders --’ • “Allowed” behavior can be defined for any user or application • Automated whitelist generation for any application • Many factors to define policy (e.g. network, application, etc) • Out-of-policy Database network interactions instantly blocked 22 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • 23. Monitor Database Traffic and block Threats Oracle Database Firewall Negative Security Model SELECT * FROM Black List DBA activity via v$session Applications Block DBA activity via SELECT * FROM Approved Workstation v$session Allow + Log • Stop specific unwanted SQL interactions, user or schema access • Ensures database interactions originate from appropriate sources • Blacklist can take into account built-in factors such as time of day, day of week, network, application, etc • Provide flexibility to authorized DBAs while still monitoring activity 23 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • 24. Protect non-production environments Questions to consider ... • 37% “live” porduction data; 48% outdated production data is being used for testing, development, support, training, etc. * • Regulations restrict use of sensitive data and mandate access control (who, where, how, and why) • Why to break in into production system if the production data is available in development / test system ? • Are developers/testers authorized users of your production data ? 24 Copyright © 2011, Oracle and/or its affiliates. All rights * Source: IOUG 2010 data security survey reserved.
  • 25. Protect non-production environments Oracle Data Masking secures Test System Deployment Production Test LAST_NAME SSN SALARY LAST_NAME SSN SALARY AGUILAR 203-33-3234 60,000 SMITH 111-23-1111 60,000 BENSON 323-22-2943 40,000 MILLER 222-34-1345 40,000 • Deploy secure test system by masking sensitive data • Extensible, centralized, template library and policies for automation • Sophisticated masking: Condition-based, compound, deterministic • Integrated masking and cloning • NEW in EM 12c: Application Data Modeling • NEW in EM 12c: Sensitive Data Discovery 25 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • 26. Protect non-production environments Data Discovery and Modeling • Sensitive data discovery – Pattern-based – Import from pre- built templates 26 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • 27. Why to use Data Masking ? Why not to write some scripts ? • Think about the maintance of the scripts by introducing some changes to the table structures... • What happens if your DBA leaves the organization ? • Quality of the scripts; Masking is resource intensive process; Oracle knows Oracle (optimizations) the best ;) 27 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • 28. What’s next ? 28 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • 29. Secure Production Database Environment Oracle Database Lifecycle Management Discover Scan and Monitor Patch • Discover and classify databases into security policy groups • Scan databases against 400+ best practices and industry standards, custom enterprise- specific configuration policies, and enforce security compliance • Detect and prevent unauthorized database configuration changes, trouble ticket tracking • Automated patching and secure provisioning 29 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • 30. Security Homepage in Oracle Enterprise Manager 12c 30 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • 31. Oracle Database Security Strategy Compliance Data Vulnerability Scan Discovery Scan Patch Activity Audit Automation Auditing Encrypted Database Applications Authorization Data Masking Authentication Network SQL Monitoring and Blocking Unauthorized Multi-factor DBA Activity authorization 31 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • 32. 32 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • 33. 33 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.