Oracle 11g security - 2014
1 like53 views
The document discusses Oracle's database security solutions. It notes that data security is a top priority for enterprises and that more data and breaches are occurring than ever before. It then summarizes Oracle's solutions like Database Firewall, Configuration Management, Total Recall, Audit Vault, Database Vault, and Data Masking which provide capabilities like monitoring, access control, auditing, encryption, and identity management to help secure database environments with a defense-in-depth approach.
Oracle 11g security - 2014
- 1. All About Oracle Database Security Thomas Kyte http://asktom.oracle.com/
- 2. 3 Copyright © 2010, Oracle. All rights reserved Data security remains the top priority for enterprise IT security shops with 89% of enterprises citing it as a critical or high priority. Enterprises are also continuing to focus on cutting costs and increasing efficiency. Top Priority for IT Security? Source: Forrester - The State Of Enterprise IT Security And Emerging Trends: 2009 To 2010
- 3. 4 Copyright © 2010, Oracle. All rights reserved More data than ever… Source: IDC, 2008 1,800 Exabytes Growth Doubles Yearly 2006 2011 Two Thirds of Sensitive and Regulated Data Resides in Databases…
- 4. 5 Copyright © 2010, Oracle. All rights reserved More breaches then ever… Once exposed, the data is out there – the bell can’t be un-rung PUBLICLY REPORTED DATA BREACHES Total Personally Identifying Information Records Exposed (Millions) Source: DataLossDB 0 100 200 300 400 500 600 2005 2006 2007 2008 2009 Remediation Cost Exceeds $300/record
- 5. 6 Copyright © 2010, Oracle. All rights reserved More threats than ever… Insider Fraud Is Involved in 60% of Data Breaches Source: Wall Street & Technology
- 6. © 2010 Oracle Corporation 7 • Database Vault • Label Security • Identity Management • Advanced Security • Secure Backup • Data Masking Database Security Defense In Depth Oracle Database Security Solutions • Audit Vault • Total Recall • Configuration Management Encryption & Masking Access Control Auditing • Database Firewall Monitoring & Blocking • Monitor and block threats before they reach databases • Track changes and audit database activity • Control access to data within the database • Prevent access by non database users • Remove sensitive data from non production environments
- 7. © 2010 Oracle Corporation 8 Oracle Database Firewall First Line of Defense PoliciesBuilt-in Reports Alerts Custom Reports Applications Block Log Allow Alert Substitute • Monitor database activity to prevent unauthorized database access, SQL injections, privilege or role escalation, illegal access to sensitive data, etc. • Highly accurate SQL grammar based analysis without costly false positives • Flexible SQL level enforcement options based on white lists and black lists • Scalable architecture provides enterprise performance in all deployment modes • Built-in and custom compliance reports for SOX, PCI, and other regulations
- 8. © 2010 Oracle Corporation 9 Oracle Configuration Management Secure Your Database Environment • Discover and classify databases into policy groups • Scan databases against 400+ best practices and industry standards, custom enterprise-specific configuration policies • Detect and event prevent unauthorized database configuration changes • Change management dashboards and compliance reports Monitor Configuration Management & Audit Vulnerability Management Fix Analysis & Analytics Prioritize Policy Management AssessClassify MonitorDiscover Asset Management
- 9. © 2010 Oracle Corporation 10 Oracle Total Recall Track Changes to Sensitive Data select salary from emp AS OF TIMESTAMP '02-MAY-09 12.00 AM‘ where emp.title = ‘admin’ • Transparently track application data changes over time • Efficient, tamper-resistant storage of archives in the database • Real-time access to historical application data using SQL • Simplified incident forensics and recovery
- 10. © 2010 Oracle Corporation 11 Oracle Audit Vault Audit Database Activity in Real-Time • Consolidate database audit trail into secure centralized repository • Detect and alert on suspicious activities, including privileged users • Out-of-the box compliance reports for SOX, PCI, and other regulations • E.g., privileged user audit, entitlements, failed logins, regulated data changes • Streamline audits with report generation, notification, attestation, archiving, etc. CRM Data ERP Data Databases HR Data Audit Data Policies Built-in Reports Alerts Custom Reports ! Auditor
- 11. © 2010 Oracle Corporation 12 Oracle Database Vault Enforce Security Policies Inside the Database • Automatic and customizable DBA separation of duties and protective realms • Enforce who, where, when, and how using rules and factors • Enforce least privilege for privileged database users • Prevent application by-pass and enforce enterprise data governance • Securely consolidate application data or enable multi-tenant data management Procurement HR Finance Application DBA select * from finance.customers DBA Security DBA Application
- 12. © 2010 Oracle Corporation 13 Disk Backups Exports Off-Site Facilities Oracle Advanced Security Protect Data from Unauthorized Users • Complete encryption for application data at rest to prevent direct access to data stored in database files, on tape, exports, etc. by IT Staff/OS users • Efficient application data encryption without application changes • Built-in two-tier key management for SoD with support for centralized key management using HSM/KMS • Strong authentication of database users for greater identity assurance Application
- 13. © 2010 Oracle Corporation 14 Oracle Data Masking Irreversibly De-Identify Data for Non-Production Use • Make application data securely available in non-production environments • Prevent application developers and testers from seeing production data • Extensible template library and policies for data masking automation • Referential integrity automatically preserved so applications continue to work • Real Application Testing friendly LAST_NAME SSN SALARY ANSKEKSL 111—23-1111 60,000 BKJHHEIEDK 222-34-1345 40,000 LAST_NAME SSN SALARY AGUILAR 203-33-3234 40,000 BENSON 323-22-2943 60,000 Production Non-Production Data never leaves Database
- 14. © 2010 Oracle Corporation 15 Oracle Database Security Solutions Defense-in-Depth for Maximum Security Activity Monitoring Database Firewall Auditing and Reporting DETECTIVE Redaction and Masking Multi-Factor Authorization Encryption PREVENTIVE ADMINISTRATIVE Data Discovery and Classification Vulnerability Scanning Database Lifecycle Management
- 15. © 2010 Oracle Corporation 16 • Database Vault • Label Security • Identity Management • Advanced Security • Secure Backup • Data Masking Oracle Database Security Solutions Complete Defense-in-Depth • Audit Vault • Total Recall • Configuration Management Encryption & Masking Access Control Auditing • Database Firewall Monitoring & Blocking • Comprehensive – single vendor addresses all your requirements • Transparent – no changes to existing applications or databases • Easy to deploy – point and click interfaces deliver value within hours • Cost Effective – integrated solutions reduce risk and lower TCO • Proven – #1 Database with over 30 years of security innovation!
- 16. © 2010 Oracle Corporation 17 Oracle Database 12c Privilege Analysis Data Redaction Auditing Encryption Advancements Code Based Access Control Invokers Rights Separation of duties
- 17. 18 Copyright © 2010, Oracle. All rights reserved For More Information oracle.com/database/security search.oracle.com or database security
- 18. 19 Copyright © 2010, Oracle. All rights reserved Thomas.Kyte@oracle.com
- 19. 20 Copyright © 2010, Oracle. All rights reserved