Académique Documents
Professionnel Documents
Culture Documents
Program Agenda
Todays Threat Landscape Defense-in-Depth Approach Oracle Database Security Solutions Oracle Database Firewall New! Summary Q&A
<Insert Picture Here>
Lot at stake
Customer, Employee, Citizen, Corporate data Reputation Fines & Penalties
Deployment triggers
Other Security
DB Security?
Authentication
Identity Management
Social Engineering
Web Users
Application Users
Application
Database
Administrators
Database Security
Defense-In-Depth Approach
Monitor and block threats before they reach databases Control access to data within the databases Track changes and audit database activity Encrypt data to prevent direct access Implement with
Transparency no changes to existing applications High Performance no measurable impact on applications Accuracy minimal false positives and negatives
10
Access Control
Oracle Database Vault Oracle Label Security
11
12
12
Backups
Exports
Application
Off-Site Facilities
Efficient encryption of all application data Built-in key lifecycle management No application changes required Works with Exadata and Oracle Advanced Compression
13
14
14
15
15
16
Production
LAST_NAME AGUILAR BENSON SSN 203-33-3234 323-22-2943 SALARY 40,000 60,000
Non-Production
LAST_NAME ANSKEKSL BKJHHEIEDK SSN 11123-1111 222-34-1345 SALARY 40,000 60,000
Mask sensitive data for test and partner systems Sophisticated masking: Condition-based, compound, deterministic Extensible template library and policies for automation Leverage masking templates for common data types Integrated masking and cloning Masking of heterogeneous databases via database gateways New Command line support for data masking tasks New
17
17
Sensitive data identification based on privacy attributes Application Masking templates for E-Business Suite Fusion Applications
18
Access Control
Oracle Database Vault Oracle Label Security
19
19
Procurement HR
DBA
Application
Finance select * from finance.customers
Restricts application data from privileged users DBA separation of duties Securely consolidate application data No application changes required Works with Oracle Exadata
20
20
Procurement HR
Application
Rebates
Protect application data and prevent application by-pass Enforce who, where, when, and how using rules and factors
User Factors: Name, Authentication type, Proxy Enterprise Identity Network Factors: Machine name, IP, Network Protocols Database Factors: IP, Instance, Hostname, SID Runtime Factors: Date, Time
21
21
22
22
Sensitive
Transactions
Confidential
Report Data
Public
Reports
Confidential
Sensitive
Classify users and data based on business drivers Database enforced row level access control Users classification through Oracle Identity Management Suite Classification labels can be factors in Database Vault
23
23
Access Control
Oracle Database Vault Oracle Label Security
24
24
!
Audit Data
CRM Data
ERP Data
Databases
Auditor
Consolidate audit data into a secure warehouse Create/customize compliance and entitlement reports Detect and raise alerts on suspicious activities Centralized audit policy management Integrated audit trail cleanup
25
25
26
26
27
27
Continuous scanning against best practices and gold baselines 200+ out-of-the-box policies spanning host, database, and middleware Real-time detect changes to processes, files, etc Violations can trigger emails, and create tickets Compliance reports mapped to compliance frameworks
28
28
Access Control
Oracle Database Vault Oracle Label Security
29
Alerts
Built-in Reports
Custom Reports
Policies
Prevent unauthorized activity, application bypass and SQL injections Highly accurate SQL grammar based analysis Flexible enforcement options Built-in and custom compliance reports
30
White List
Allow Applications Block
White-list based policies enforce normal or expected behavior Evaluate factors such as time, day, network, app, etc. Easily generate white-lists for any application Log, alert, block or substitute out-of-policy SQL statements Black lists to stop unwanted SQL commands, user, or schema access Superior performance and policy scalability based upon clustering
31
In-line blocking and monitoring, or out-of-band monitoring modes Monitoring of remote databases by forwarding network traffic Centralized policy management and reporting High availability options for Database firewalls and Management Servers Support for multiple Oracle/non-Oracle Databases with the same firewall
32
Audit consolidation
Sensitive Procurement
HR Confidential Rebates Public
Encrypted Database
Data Masking
33
34
Tuesday:
12:30 pm: Real-World Deployment and Best Practices : Oracle Audit Vault 2:00 pm: Real-World Deployment and Best Practices : Oracle Advanced Security 2:00 pm: Best Practices for Ensuring the Highest Enterprise Database Security 3:30 pm: Database Security Event Management : Oracle Audit Vault and ArcSight 5:00 pm: Real-World Deployment and Best Practices :Oracle Database Vault
Wednesday:
10:00 am: Protect Data and Save Money: Aberdeen 11:30 am: Preventing Database Attacks With Oracle Database Firewall 4:45 pm: Centralized Key Management and Performance :Oracle Advanced Security
Thursday:
10:30 am: Deploying Oracle Database 11g Securely on Oracle Solaris
MS = Moscone South
35
Check Availability
36
The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracles products remains at the sole discretion of Oracle.
38
search.oracle.com
database security
oracle.com/database/security
39
39
40
40