Enviar búsqueda
Cargar
Oracle Database Firewall - Pierre Leon
•
7 recomendaciones
•
3,249 vistas
O
OracleVolutionSeries
Seguir
Presentation of Oracles NEW Database Firewall Software by Pierre Leon
Leer menos
Leer más
Tecnología
Denunciar
Compartir
Denunciar
Compartir
1 de 29
Recomendados
Ppt dbsec-oow2013-avdf
Ppt dbsec-oow2013-avdf
Melody Liu
Introducing Oracle Audit Vault and Database Firewall
Introducing Oracle Audit Vault and Database Firewall
Troy Kitch
Security Inside Out: Latest Innovations in Oracle Database 12c
Security Inside Out: Latest Innovations in Oracle Database 12c
Troy Kitch
AV/DF Advanced Security Option
AV/DF Advanced Security Option
DLT Solutions
Oracle Database Security
Oracle Database Security
Troy Kitch
Presentation database security enhancements with oracle
Presentation database security enhancements with oracle
xKinAnx
Oracle database 12c security and compliance
Oracle database 12c security and compliance
FITSFSd
Oracle Security Presentation
Oracle Security Presentation
Francisco Alvarez
Recomendados
Ppt dbsec-oow2013-avdf
Ppt dbsec-oow2013-avdf
Melody Liu
Introducing Oracle Audit Vault and Database Firewall
Introducing Oracle Audit Vault and Database Firewall
Troy Kitch
Security Inside Out: Latest Innovations in Oracle Database 12c
Security Inside Out: Latest Innovations in Oracle Database 12c
Troy Kitch
AV/DF Advanced Security Option
AV/DF Advanced Security Option
DLT Solutions
Oracle Database Security
Oracle Database Security
Troy Kitch
Presentation database security enhancements with oracle
Presentation database security enhancements with oracle
xKinAnx
Oracle database 12c security and compliance
Oracle database 12c security and compliance
FITSFSd
Oracle Security Presentation
Oracle Security Presentation
Francisco Alvarez
Oracle database 12c 2 day + security guide
Oracle database 12c 2 day + security guide
bupbechanhgmail
Oracle Audit Vault Training | Audit Vault - Oracle Trainings
Oracle Audit Vault Training | Audit Vault - Oracle Trainings
OracleTrainings
Auditing security of Oracle DB (Karel Miko)
Auditing security of Oracle DB (Karel Miko)
DCIT, a.s.
SQL Server Security - Attack
SQL Server Security - Attack
webhostingguy
Oracle Audit vault
Oracle Audit vault
uzzal basak
Security Quick Tour
Security Quick Tour
Active Base
Sustainable Compliance For PCI DSS Standard
Sustainable Compliance For PCI DSS Standard
Christian Frahm
SANS Institute Product Review: Oracle Entitlements Server
SANS Institute Product Review: Oracle Entitlements Server
OracleIDM
From Cisco ACS to ISE
From Cisco ACS to ISE
Mahzad Zahedi
Cisco Study: State of Web Security
Cisco Study: State of Web Security
Cisco Canada
Isaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditing
Antonios Chatzipavlis
CISCO ACS 5.6 Migration Guide
CISCO ACS 5.6 Migration Guide
PCCW GLOBAL
Cisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group Tagging
Cisco Canada
Demystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISE
Cisco Canada
F5 Networks Application Ready Solution for Oracle Database Technologies
F5 Networks Application Ready Solution for Oracle Database Technologies
F5 Networks
Con8823 access management for the internet of things-final
Con8823 access management for the internet of things-final
OracleIDM
Con9024 next generation optimized directory - oracle unified directory - final
Con9024 next generation optimized directory - oracle unified directory - final
OracleIDM
Idm Workshop
Idm Workshop
Mohamed Atef
8 isecurity database
8 isecurity database
Anil Pandey
Enterprise Security & SSO
Enterprise Security & SSO
Ambareesh Kulkarni
Oracle Database Vault
Oracle Database Vault
Marco Alamanni
Presentation database security audit vault & database firewall
Presentation database security audit vault & database firewall
xKinAnx
Más contenido relacionado
La actualidad más candente
Oracle database 12c 2 day + security guide
Oracle database 12c 2 day + security guide
bupbechanhgmail
Oracle Audit Vault Training | Audit Vault - Oracle Trainings
Oracle Audit Vault Training | Audit Vault - Oracle Trainings
OracleTrainings
Auditing security of Oracle DB (Karel Miko)
Auditing security of Oracle DB (Karel Miko)
DCIT, a.s.
SQL Server Security - Attack
SQL Server Security - Attack
webhostingguy
Oracle Audit vault
Oracle Audit vault
uzzal basak
Security Quick Tour
Security Quick Tour
Active Base
Sustainable Compliance For PCI DSS Standard
Sustainable Compliance For PCI DSS Standard
Christian Frahm
SANS Institute Product Review: Oracle Entitlements Server
SANS Institute Product Review: Oracle Entitlements Server
OracleIDM
From Cisco ACS to ISE
From Cisco ACS to ISE
Mahzad Zahedi
Cisco Study: State of Web Security
Cisco Study: State of Web Security
Cisco Canada
Isaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditing
Antonios Chatzipavlis
CISCO ACS 5.6 Migration Guide
CISCO ACS 5.6 Migration Guide
PCCW GLOBAL
Cisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group Tagging
Cisco Canada
Demystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISE
Cisco Canada
F5 Networks Application Ready Solution for Oracle Database Technologies
F5 Networks Application Ready Solution for Oracle Database Technologies
F5 Networks
Con8823 access management for the internet of things-final
Con8823 access management for the internet of things-final
OracleIDM
Con9024 next generation optimized directory - oracle unified directory - final
Con9024 next generation optimized directory - oracle unified directory - final
OracleIDM
Idm Workshop
Idm Workshop
Mohamed Atef
8 isecurity database
8 isecurity database
Anil Pandey
Enterprise Security & SSO
Enterprise Security & SSO
Ambareesh Kulkarni
La actualidad más candente
(20)
Oracle database 12c 2 day + security guide
Oracle database 12c 2 day + security guide
Oracle Audit Vault Training | Audit Vault - Oracle Trainings
Oracle Audit Vault Training | Audit Vault - Oracle Trainings
Auditing security of Oracle DB (Karel Miko)
Auditing security of Oracle DB (Karel Miko)
SQL Server Security - Attack
SQL Server Security - Attack
Oracle Audit vault
Oracle Audit vault
Security Quick Tour
Security Quick Tour
Sustainable Compliance For PCI DSS Standard
Sustainable Compliance For PCI DSS Standard
SANS Institute Product Review: Oracle Entitlements Server
SANS Institute Product Review: Oracle Entitlements Server
From Cisco ACS to ISE
From Cisco ACS to ISE
Cisco Study: State of Web Security
Cisco Study: State of Web Security
Isaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditing
CISCO ACS 5.6 Migration Guide
CISCO ACS 5.6 Migration Guide
Cisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group Tagging
Demystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISE
F5 Networks Application Ready Solution for Oracle Database Technologies
F5 Networks Application Ready Solution for Oracle Database Technologies
Con8823 access management for the internet of things-final
Con8823 access management for the internet of things-final
Con9024 next generation optimized directory - oracle unified directory - final
Con9024 next generation optimized directory - oracle unified directory - final
Idm Workshop
Idm Workshop
8 isecurity database
8 isecurity database
Enterprise Security & SSO
Enterprise Security & SSO
Destacado
Oracle Database Vault
Oracle Database Vault
Marco Alamanni
Presentation database security audit vault & database firewall
Presentation database security audit vault & database firewall
xKinAnx
Oracle Audit Vault and Database Vault のご紹介
Oracle Audit Vault and Database Vault のご紹介
オラクルエンジニア通信
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
Edgar Alejandro Villegas
Oracle Database Vault
Oracle Database Vault
Khalid ALLILI
Enable oracle database vault
Enable oracle database vault
Osama Mustafa
Destacado
(6)
Oracle Database Vault
Oracle Database Vault
Presentation database security audit vault & database firewall
Presentation database security audit vault & database firewall
Oracle Audit Vault and Database Vault のご紹介
Oracle Audit Vault and Database Vault のご紹介
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database Vault
Oracle Database Vault
Enable oracle database vault
Enable oracle database vault
Similar a Oracle Database Firewall - Pierre Leon
Varhol oracle database_firewall_oct2011
Varhol oracle database_firewall_oct2011
Peter Varhol
Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2
Oracle BH
Talk IT_ Oracle_김상엽_110822
Talk IT_ Oracle_김상엽_110822
Cana Ko
Database Options
Database Options
Connor McDonald
Oracle 11g security - 2014
Oracle 11g security - 2014
Connor McDonald
Webdays blida mobile top 10 risks
Webdays blida mobile top 10 risks
Islam Azeddine Mennouchi
Web security
Web security
dogangcr
Best Practices in Implementing Oracle Database Security Products
Best Practices in Implementing Oracle Database Security Products
Estuate, Inc.
Tänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi Tara
ORACLE USER GROUP ESTONIA
Data Sheet: OpenDNS Enterprise Insights
Data Sheet: OpenDNS Enterprise Insights
Courtland Smith
csf_ppt.pptx
csf_ppt.pptx
0567Padma
Securing data in Oracle Database 12c - 2015
Securing data in Oracle Database 12c - 2015
Connor McDonald
Round table guide
Round table guide
OracleIDM
Innovations dbsec-12c-pub
Innovations dbsec-12c-pub
OracleIDM
MySQL Security
MySQL Security
Mario Beck
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Bob Rhubart
Security in oracle
Security in oracle
ssuser40bb47
security in oracle database
security in oracle database
ssuser40bb47
Presentation deploying oracle database 11g securely on oracle solaris
Presentation deploying oracle database 11g securely on oracle solaris
xKinAnx
Extending The Value Of Oracle Crm On Demand Through Cloud Based Extensibility
Extending The Value Of Oracle Crm On Demand Through Cloud Based Extensibility
Jerome Leonard
Similar a Oracle Database Firewall - Pierre Leon
(20)
Varhol oracle database_firewall_oct2011
Varhol oracle database_firewall_oct2011
Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2
Talk IT_ Oracle_김상엽_110822
Talk IT_ Oracle_김상엽_110822
Database Options
Database Options
Oracle 11g security - 2014
Oracle 11g security - 2014
Webdays blida mobile top 10 risks
Webdays blida mobile top 10 risks
Web security
Web security
Best Practices in Implementing Oracle Database Security Products
Best Practices in Implementing Oracle Database Security Products
Tänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi Tara
Data Sheet: OpenDNS Enterprise Insights
Data Sheet: OpenDNS Enterprise Insights
csf_ppt.pptx
csf_ppt.pptx
Securing data in Oracle Database 12c - 2015
Securing data in Oracle Database 12c - 2015
Round table guide
Round table guide
Innovations dbsec-12c-pub
Innovations dbsec-12c-pub
MySQL Security
MySQL Security
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Security in oracle
Security in oracle
security in oracle database
security in oracle database
Presentation deploying oracle database 11g securely on oracle solaris
Presentation deploying oracle database 11g securely on oracle solaris
Extending The Value Of Oracle Crm On Demand Through Cloud Based Extensibility
Extending The Value Of Oracle Crm On Demand Through Cloud Based Extensibility
Último
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
Zilliz
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
sudhanshuwaghmare1
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
apidays
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Andrey Devyatkin
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
rafiqahmad00786416
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
MIND CTI
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Edi Saputra
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Jago de Vreede
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
Nanddeep Nachan
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
danishmna97
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
Dropbox
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
Sandro Moreira
Último
(20)
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
Oracle Database Firewall - Pierre Leon
1.
<Insert Picture Here> Oracle
Database Firewall Pierre Leon Database Security – Oracle UK
2.
Agenda
• Evolving Threats to Databases • Oracle Database Firewall • Security Models • Policy Enforcement • Reporting • Architecture and Deployment Modes • Oracle Database Security Solutions • Q&A © 2011 Oracle Corporation 2
3.
How is Data
Compromised? 2010 Data Breach Investigations Report © 2011 Oracle Corporation 3
4.
#1 Cause of
Data Breaches: Web Applications Hacked with SQL Injection and Stolen Credentials Obtained Using Malware Threat action categories by percent% of breaches and% of records Types of hacking by% of breaches within Hacking and % of records Attack pathways by percent% of breaches and% of records 2010 Data Breach Investigations Report © 2011 Oracle Corporation 4
5.
Existing Security Solutions
Not Enough Key Loggers Malware SQL Injection Espionage Spear Phishing Botware Social Engineering Web Users Database Application Users Application Database Administrators Data Must Be Protected at the Source © 2011 Oracle Corporation 5
6.
Database Security
Defense In Depth Approach • Monitor and block threats before they reach databases • Track changes and audit database activity • Control access to data within the database • Prevent access by non database users • Implement with • Transparency – no changes to existing applications • High Performance – no measurable impact on applications • Accuracy – minimal false positives and negatives © 2011 Oracle Corporation 6
7.
Business Drivers
• Customers need a first line of defence to monitor and protect against existing and emerging threats • Hackers breach databases from the web exploiting vulnerabilities in applications • Stolen credentials exploited for unauthorised use Application Database Firewall Database © 2011 Oracle Corporation 7
8.
Oracle Database Firewall
First Line of Defense Allow Log Alert Substitute Applications Block Alerts Built-in Custom Policies Reports Reports • Monitor database activity to help prevent unauthorisedactivity, application bypass and SQL injections, illegal access to sensitive data etc. • Highly accurate SQL grammar based analysis, no false positives • White-list, black-list, and exception-list based security policies • Built-in and custom compliance reports for regulations © 2011 Oracle Corporation 8
9.
Oracle Database Firewall
Positive Security Model Based Enforcement White List Allow Block Applications • White-list based policies enforce normal or expected behavior • Policies evaluate factors such as time, day, network, and application • Easily generate white-lists for any application • Out of policy SQL statements can be logged, alerted, blocked or substituted with a harmless SQL statement • SQL substitution foils attackers without disrupting applications © 2011 Oracle Corporation 9
10.
Oracle Database Firewall
Negative Security Model Based Enforcement Black List Allow Block Applications • Stop specific unwanted SQL commands, user or schema access • Prevent privilege or role escalation and unauthorisedaccess to sensitive data • Black list policies can evaluate factors such as day, time, network, and application © 2011 Oracle Corporation 10
11.
Oracle Database Firewall
Scalable and Safe Policy Enforcement Log Allow SELECT * FROM accounts Alert Becomes SELECT * FROM dual where 1=0 Substitute Applications Block • Innovative SQL grammar technology reduces millions of SQL statements into a small number of SQL characteristics or “clusters” • Flexible enforcement at SQL level: block, substitute, alert and pass, log only • SQL substitution foils attackers without disrupting applications • Centralisedpolicy management and reporting • Superior performance and policy scalability © 2011 Oracle Corporation 11
12.
SQL Injection
Too much trust in applications SELECT *FROMdvd_stock WHERE catalog-no = 'PHE8131' AND location = 1 Allow SELECT *FROMdvd_stock Block WHERE catalog-no = '' Application UNION SELECTcardNo, customerId, 0 FROM DVD_Orders–-' AND location = 1 • Applications are given high levels of privilege • Database trusts the application • “Users” subvert the application to access to the database (and beyond) • Each application is unique • Regular expression black lists are ineffective • Grammar based white list blocks SQL injection attacks © 2011 Oracle Corporation 12
13.
Oracle Database Firewall
Semantic Analysis and Policy Creation • Train the Analyser on Firewall logs • Automatically generate White Lists • Create exceptions • Create default actions for unrecognised SQL/anomalies • Novelty policies • Assign threat levels • Assign actions • Set policies for Logon/Logoff and Failed Login © 2011 Oracle Corporation 13
14.
Oracle Database Firewall
Data Masking • Prevents creating yet another database with sensitive and regulated data • Sensitive and regulated information contained in SQL statements can be masked or redacted in real-time prior to being logged • Flexible masking policies allow masking all data or just specific columns • Critical for organisationswho want to monitor and log all database activity © 2011 Oracle Corporation 14
15.
Oracle Database Firewall
Reporting • Database Firewall log data consolidated into reporting database • Dozens of built in reports that can be modified and customised • Database activity and privileged user reports • Entitlements reporting for database attestation and audit • Supports demonstrating controls for PCI, SOX, HIPAA, etc. • Logged SQL statements can be sanitisedof sensitive PII data © 2011 Oracle Corporation 15
16.
Oracle Database Firewall
Local Monitor Architecture In-Line Blocking and Monitoring Out-of-Band Inbound Monitoring SQL Traffic HA Mode Policy Management Analyser Server(s) • In-line blocking and monitoring, or out-of-band monitoring modes • High availability with parallelFirewalls / Management Servers • Monitoring of remote databases by forwarding network traffic • Application agnostic • Support for Oracle and non-Oracle Databases © 2011 Oracle Corporation 16
17.
Oracle Database Firewall
Fast and Flexible Deployments Application Servers Users Database Out-of-Band Router Firewall Database Servers Host Based In-Line Agent • In-Line: All database traffic goes through the Oracle Database Firewall • Out-of-Band/Passive: Database Firewall connected to a SPAN port or TAP • Optional Host Based Remote or Local Monitors • Can send network traffic from the database host to the Database Firewall • Can send non-network database activity to the Database Firewall to identify unauthoriseduse of local console or remote sessions © 2011 Oracle Corporation 17
18.
Major US East-Coast
Bank Active Database Firewall • Protect business critical databases to prevent unauthorisedaccess, data loss and PII exposure Business Challenges • Monitor and protect over 600 databases across 7 international data centers. • Minimal impact to existing database performance • Oracle Database Firewall for real-time database protection and monitoring of billions of transactions Solution per day • Prevent unauthorised data access and malicious activity • Passed internal and external audit • Demonstrate active controls over data access and Business Results database systems • Standardised security, alerts and reporting across the complete business © 2011 Oracle Corporation 18
19.
Major US Investment
Bank Auditing Data Changes • Monitor 60+ databases • Track every change to customer data Business Challenges • Alert on unauthorisedchanges to stored procedures or user roles and privileges • Automated report distribution to internal auditors • Database Firewall deployed in heterogeneous environments providing monitoring and reporting on Solution every change to customer data • Monitor procedure and user role changes with full separation of duties from existing DBA team • Passes daily audits Business Results • Audit data ready for sign-off automatically emailed before the start of business © 2011 Oracle Corporation 19
20.
Major European Government
Protecting Government Data and PII • Prevent access to highly sensitive citizen data other than via certified application Business Challenges • Enforce strict application behavior through white-list • Monitor and audit every transaction 24x365 • Six fully redundant pairs of Database Firewall to maintain a complete database security perimeter Solution • Critical high-availability architecture to meet strict service-level requirements • Complete protection from unauthorisedaccess, hacking of malicious changes to application code Business Results • Highly sensitive citizen data protected by continuously available firewall perimeter • Meets government standards for PII data storage © 2011 Oracle Corporation 20
21.
Heterogeneous Database Support
• Oracle 8i, 9i, 10g, 11g • MS-SQL 2000, 2005, 2008 • Sybase 12.5.4 to 15.0.x • SQL Anywhere 10.x • DB2 9.x for LUW © 2011 Oracle Corporation 21
22.
Oracle Database Security
Solutions Inside. Outside. Complete. • Monitor and block threats before they reach databases • Track changes and audit database activity • Control access to data within the database • Prevent access by non database users • Transparency, high performance, accuracy Monitoring Access Auditing & Encryption & Blocking Control Tracking & Masking • Database Firewall • Database Vault • Audit Vault • Advanced Security • Label Security • Configuration • Secure Backup • Identity Management Management • Data Masking • Total Recall © 2011 Oracle Corporation 22
23.
For More Information
search.oracle.com database security or oracle.com/database/security © 2011 Oracle Corporation 23
24.
© 2011 Oracle
Corporation 24
25.
Remote/Local Monitor
• Remote Monitor • Runs on the server operating system. • Sends database transactions to Oracle Database Firewall • Supported platforms is by OS -- and then by the RDBMS platforms that DBFW support: • Local Monitor • Resides inside a database • Monitors local / non-network access. © 2011 Oracle Corporation 25
26.
User Role Reporting
• Entitlement Reports • User names • User roles and privileges • Last changed, changed by whom and when • Automated and transparent • User role reporting can be run ad-hoc or scheduled • Report on user roles and privileges • Deltas since the last report © 2011 Oracle Corporation 26
27.
Stored Procedure Reporting
• Stored procedure contents • Its not enough to know a procedure was run, it is important to know what SQL was executed when the procedure is called. • Stored procedure reports • Name • Content • Threat rating (injection risk, system tables etc). • Stored procedure type (DML, DDL, DCL, SELECT etc) • Last changed, changed by whom and when • Automated and transparent • Stored procedure reporting can be run adhoc or scheduled © 2011 Oracle Corporation 27
28.
The Cost of
Inaccuracy select * from hr.employees; 3,000 transactions per second 260 million transactions per day © 2011 Oracle Corporation 28
29.
© 2011 Oracle
Corporation 29
Notas del editor
Add one slide after on database firewall category