Académique Documents
Professionnel Documents
Culture Documents
• What to secure?
• Sensitive
S Data: Confidential,
C f PII, regulatory
• Data in packaged and custom applications
• Secure Life cycle: creation, transit, storage, backup, test, transfer
• Can we secure it now?
• Secure using existing systems?
• Transparent?
• Loss,
Loss Unauthorized access
access, Separation of Duty
• Will it meet business requirements?
• Flexible, Transparent, Compliant?
• Secures both custom and packaged applications?
• Will it reduce operational cost?
• Easy to manage?
• Performant?
2
Oracle Database Security
Defense-in-Depth for Security and Compliance
Monitoring Audit
Vault Total
Configuration
Management Recall
Access Control
Database Label
Vault Security
Advanced Data
Secure
Security Masking
Backup
3
Oracle Database Security
Defense-in-Depth for Security and Compliance
Advanced Data
Secure
Security Masking
Backup
4
Oracle Advanced Security
Transparent Data Encryption
Disk
Backups
Exports
Application
Off-Site
Facilities
5
Security Tip
• Migrate
g Oracle PeopleSoft applications to encrypted
y
tablespaces without downtime and data loss with this
FREE downloadable script and detailed
implementation guide from here
http://www.oracle.com/technology/deploy/security/dat
abase-security/pdf/tde_tabsp_enc_for_psft.zip
b it / df/td t b f ft i
6
Oracle Advanced Security
Network Encryption & Strong Authentication
7
Oracle Secure Backup
Integrated Tape or Cloud Backup Management
8
Oracle Data Masking
Irreversible De-Identification
Production Non-Production
LAST_NAME SSN SALARY LAST_NAME SSN SALARY
BENSON
SO 323-22-2943
3 3 9 3 60,000 BKJHHEIEDK 222-34-1345
222 34 1345 60,000
9
Large Credit Card Services Provider
Cost Effective Encryption of Card Holder Data
10
U.S. Pharmaceutical Tools Manufacturer
Oracle Advanced Security Protects Sensitive Data
11
Oracle Database Security
Defense-in-Depth for Security and Compliance
Access Control
Database Label
Vault Security
Advanced Data
Secure
Security Masking
Backup
12
Oracle Database Vault
Separation of Duties & Privileged User Controls
Procurement
DBA
HR
Application
Finance
select * from finance.customers
13
Oracle Database Vault
Multi-Factor Access Control Policy Enforcement
Procurement
HR
Application Rebates
14
Oracle Label Security
Data Classification for Access Control
Sensitive
Transactions
Confidential
Report Data
Public
Reports
Confidential Sensitive
15
Did you know?
• Finding
g User Accounts That Have Default
Passwords
• When you create a database in Oracle Database 11g Release 2 (11.2),
most of its default accounts are locked with the passwords expired.
• To find both locked and unlocked accounts that use default passwords,
log onto SQL*Plus using the SYSDBA privilege and then query the
DBA_USERS_WITH_DEFPWD data dictionary view.
SELECT d.username, u.account_status
FROM DBA_USERS_WITH_DEFPWD d,
DBA_USERS u WHERE d.username = u.username ORDER BY 2,1;
USERNAME ACCOUNT_STATUS
----------------- --------------------------
SCOTT EXPIRED & LOCKED
16
Large US Based Global Bank
Enable
ab e Secu
Secure
e Cost Effective
ect e Deployments
ep oy e ts
17
Pharmaceutical Services Provider
Protect
otect Sensitive
Se s t e Custo
Customer
e Information
o at o and
a d Address
dd ess Regulations
egu at o s
18
Large European Telecom Provider
Enable
ab e O
Organization
ga at o to Meet
eet Regulations
egu at o s
• Protect the privacy of sensitive client data in their telecom billing system
Business • Meet internal, European Data Security Directive, and country
country-specific
specific
Challenges privacy requirements
• Prevent tampering or deletion of database objects or database users
19
Oracle Database Security
Defense-in-Depth for Security and Compliance
Monitoring Audit
Vault Total
Configuration
Management Recall
Access Control
Database Label
Vault Security
Advanced Data
Secure
Security Masking
Backup
20
Oracle Audit Vault
Automated Activity Monitoring & Audit Reporting
HR Data ! Alerts
Built-in
CRM Data Reports
Audit
Data Custom
ERP Data Reports
Databases Policies
Auditor
21
Security Tip
22
Oracle Database Auditing Performance
A dit users/tables
Audit sers/tables effectively
effecti el
23
Oracle Total Recall
Secure Change Tracking
24
Oracle Configuration Management
Vulnerability Assessment & Secure Configuration
Discover C
Classify
f Assess Prioritize Fix Monitor
Asset Configuration
Policy Vulnerability Analysis &
Management Management
Management Management Analytics
& Audit
• Database discovery
• Continuous scanning against best practices
• Detect and prevent unauthorized configuration changes
• Change management compliance reports
25
European Healthcare Insurance Provider
Simplified Reporting and Stronger Security
26
Large Financial Services Provider
Stronger Controls
27
Large European Telco Provider
Address Telco Regulations on Call Records
28
Oracle Database Security
Defense-in-Depth for Security and Compliance
Monitoring Audit
Vault Total
Configuration
Management Recall
Access Control
Database Label
Vault Security
Advanced Data
Secure
Security Masking
Backup
29
For More Information
search.oracle.com
database security
oracle.com/database/security
l /d t b / it
30
Oracle Products Available Online
Oracle Store