Download Oracle Audit Vault and Database Firewall

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
Document related concepts

Extensible Storage Engine wikipedia , lookup

IMDb wikipedia , lookup

Microsoft SQL Server wikipedia , lookup

SQL wikipedia , lookup

Concurrency control wikipedia , lookup

Microsoft Jet Database Engine wikipedia , lookup

Functional Database Model wikipedia , lookup

Open Database Connectivity wikipedia , lookup

Database wikipedia , lookup

Relational model wikipedia , lookup

Navitaire Inc v Easyjet Airline Co. and BulletProof Technologies, Inc. wikipedia , lookup

PL/SQL wikipedia , lookup

Database model wikipedia , lookup

Clusterpoint wikipedia , lookup

ContactPoint wikipedia , lookup

Oracle Database wikipedia , lookup

Transcript 
Oracle Audit Vault and
Database Firewall
Matteo Galimberti, Solution Account Manager – BSC Consulting
Paolo Marchei, Principal Sales Consultant – Oracle Italia
Billions of Database Records Breached Globally
97% of Breaches Were Avoidable with Basic Controls
98% records stolen
from databases
84% records breached
using stolen credentials
71% fell within minutes
92% discovered
by third party
2
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Why are Databases so Vulnerable?
80% of IT Security Programs Don’t Address Database Security
Forrester Research
“Enterprises are taking on risks
Network
Security
Authentication
& User Security
SIEM
Email Security
Endpoint
Security
that they may not even be aware
of. Especially as more and more
attacks against databases exploit
legitimate access.”
3
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Database
Security
Web
Application
Firewall
Oracle Database Security Solutions
Defense-in-Depth for Maximum Security
4
PREVENTIVE
DETECTIVE
ADMINISTRATIVE
Encryption
Activity Monitoring
Privilege Analysis
Redaction and Masking
Database Firewall
Sensitive Data Discovery
Privileged User Controls
Auditing and Reporting
Configuration Management
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Oracle Database Security Solutions
Detect and Block Threats, Alert, Audit and Report
5
PREVENTIVE
DETECTIVE
ADMINISTRATIVE
Encryption
Activity Monitoring
Privilege Analysis
Redaction and Masking
Database Firewall
Sensitive Data Discovery
Privileged User Controls
Auditing and Reporting
Configuration Management
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Oracle Audit Vault and Database Firewall
New Solution for Oracle and Non-Oracle Databases
Database Firewall
Users
Allow
Log
Alert
Substitute
Applications
Block
Firewall Events
Auditor
Reports
Alerts
Security
Manager
Audit Data
!
Policies
Audit Vault
6
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
OS, Directory, File System &
Custom Audit Logs
Oracle AVDF Accuracy
Why is understanding SQL critical?
SQL is a language with about 400 key words and a strict grammar
structure (ISO SQL spec 1500+ pages):
SELECT id, username, password, acccount_no FROM tbl_users WHERE
username = ‘Bill’ AND account_no BETWEEN 1001000 AND 1001012;
KEY
WORDS
OPERATORS
SCHEMA
DATA
Unless the grammar and structure of the language is known, then
errors are made when analysing SQL
UPDATE tbl_users SET comments = ‘The user has asked for another
account_no, and wishes to be billed for services between 1/2/2009
and 2/2/2009, and wants to know where the invoice should be sent
to. She will select the new service level agreement to run from
3/7/2009 next month’ WHERE id = ‘A15431029’;
7
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
False Alarms are too costly
8
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
False Alarms are too costly
9
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
The cost of inaccuracy
10
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Oracle AVDF Accuracy
Oracle AVDF can understand every SQL interaction and correctly
segregate it based on the intent of the transaction.
Uses semantic analysis of the grammar and structure of a SQL
transaction to determine all of the relevant information about a
query.
Can also associate attributes with a SQL transactions such as
who, what, when, from where, by whom, with what and what
happened.
11
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Oracle DB Auditing: Fine-Grained Auditing
Audit Policy
AUDIT_CONDITION :
NAME != USER
AUDIT_COLUMN = SALARY
Not audited
SELECT name, job,
deptno FROM emp
Audit Records
(FGA_LOG$)
SELECT name, salary
FROM emp <timestamp>,
<SCN>,
<userid>, etc.
SELECT name, salary
FROM emp
12
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Oracle Audit Vault and Database Firewall
SQL Injection Protection with Positive Security Model
SELECT * from stock
where catalog-no='PHE8131'
Applications
SELECT * from stock
where catalog-no=‘
' union select cardNo,0,0
from Orders --’
White List
Allow
Block
Databases
• “Allowed” behavior can be defined for any user or application
• Automated white list generation for any application
• Out-of-policy database transaction detected and blocked/alerted
13
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Oracle Audit Vault and Database Firewall
Enforcing Database Activity with Negative Security Model
SELECT * FROM
v$session
Black List
Block
DBA activity
from Application?
DBA activity from
Approved Workstation
SELECT * FROM
v$session
Allow
+ Log
• Stop specific unwanted SQL interactions, user or schema access
• Blacklisting can be done on factors such as time of day, day of week,
network, application, user name, OS user name etc
• Provide flexibility to authorized users while still monitoring activity
14
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Oracle Audit Vault and Database Firewall
Comprehensive Enterprise Audit and Log Consolidation
Databases: Oracle, SQL Server, DB2 LUW, DB2 z/OS*, Sybase ASE
New Audit Sources
– Operating Systems: Microsoft Windows, Solaris
– Directory Services: Active Directory
– File Systems: Oracle ACFS
Audit Collection Plugins for Custom Audit Sources
– XML file maps custom audit elements to canonical audit elements
– Collect and map data from XML audit file and database tables
* Third party integration by BSC Consulting Spa & AlfaGroup
15
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Oracle Audit Vault and Database Firewall
Solution for DB2 on z/OS
Intercept SQL
Write Recorder
Database Firewall
Users
Allow
Log
Alert
Substitute
Applications
Auditor
DAEMON
Firewall Events
Applies Rules
Generates Alerts
& SQL Statistics
Reports
Alerts
Security
Manager
Block
Audit Data
!
Policies
Audit Vault
16
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Integration by
Oracle Database Security Solutions
Defense-in-Depth for Maximum Security
17
PREVENTIVE
DETECTIVE
ADMINISTRATIVE
Encryption
Activity Monitoring
Privilege Analysis
Redaction and Masking
Database Firewall
Sensitive Data Discovery
Privileged User Controls
Auditing and Reporting
Configuration Management
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Governance & Compliance regulations
18
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Catalog Sensitive Data in Your Enterprise Databases
Person Name
Bank Account Number
Maiden Name
Card Number (Credit or Debit Card Number)
Business Address
Tax Registration Number or National Tax ID
Business Telephone Number
Person Identification Number
Business Email Address
Welfare Pension Insurance Number
Custom Name
Unemployment Insurance Number
Employee Number
Government Affiliation ID
User Global Identifier
Military Service ID
Party Number or Customer Number
Social Insurance Number
Account Name
Pension ID Number
Mail Stop
Article Number
GPS Location
Civil Identifier Number
Student Exam Hall Ticket Number
Hafiza Number
Club Membership ID
Social Security Number
Library Card Number
Trade Union Membership Number
Identity Card Number
Pension Registration Number
Instant Messaging Address
National Insurance Number
Web site
Health Insurance Number
National Identifier
Personal Public Service Number
Passport Number
Electronic Taxpayer Identification Number
Driver’s License Number
Biometrics Data
Personal Address
Digital ID
Personal Telephone Number
Citizenship Number
Personal Email Address
Voter Identification Number
Visa Number or Work Permit
Residency Number (Green Card)
19
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Business-driven
Criteria:
– Violate government
regulations
– Violate business regulations
– Damage shareholder value
through loss of
Market capital
Valuation
Reputation
Customers
Lawsuits
Business-driven
Sensitive Data Discovery
Find and Catalog Sensitive Data
1.
Data Finder Patterns
Table Name: “EMP*”
Column Name “*SSN*”
Data Format ### - ## - ####
• Define pattern match rules for Tables,
columns and data
Data Privacy Catalog
4.
PERSON_SSN,
EMP_SSN,
SOC_SEC_NUM
• New database fields added and then
protected
20
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
2.
Enterprise Data Sources
• Connect to Databases
• Search for Data Finder patterns across
databases
Data Finder Reports
3.
Data
Finder
Results
• Results rendered by confidence factor
• Relevant database fields imported into
the Data Privacy Catalog
Oracle Audit Vault and Database Firewall
Auditing and Reporting
Tens of default audit reports
– Out-of-the Box Compliance Reporting.
21
Report with Data from Multiple Source Types
Auditing Stored Procedure Calls – Not Visible on the Network
Powerful Alerting Filter Conditions
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Oracle Audit Vault and Database Firewall
Increasing auditing value: out-of-the-box Integration
Oracle AVDF is integrated with the following third-party products:
BIG-IP Application Security Manager (ASM): This product from F5 Networks, Inc. is
an advanced Web Application Firewall (WAF) that provides comprehensive edge-ofnetwork protection against a wide range of Web-based attacks. It analyzes each
HTTP and HTTPS request, and blocks potential attacks before they reach the Web
application server.
ArcSight Security Information Event Management (SIEM): This product is a
centralized system for logging, analyzing, and managing syslog messages from
different sources.
22
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Demo AVDF
23
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Oracle Confidential Restricted
Oracle Database Security Customers
Customers Worldwide Rely on Oracle
Customer Benefits
Enterprise ready
Security and compliance
Simple and flexible
Speed and scale
Trasparent and accurate
oracle.com/goto/database/security-customers
24
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
T-Mobile
Protecting Customer Data in Oracle and non-Oracle Databases
Challenge
Provider of wireless voice,
messaging, and data
services throughout the U.S.
Fourth largest wireless
company in the U.S. with
more than 35 million
subscribers
Industry: Telecom
25
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Protect sensitive data – PCI, CPNI, SPII – in both Oracle and nonOracle Databases
Monitor database threats, including SQL injection attacks and data
harvesting, without having to change application code
Full visibility into database activity
Understand what types of changes are being made to sensitive data
Solution
Addresses data security with Database Firewall, TDE, Data Masking
as comprehensive database security defense-in-depth strategy
Database activity monitoring prevents insider and external threats
Deployed and setup within a few hours; already protected against a
few compromised accounts that were harvesting data
26
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Oracle Database Security Solutions
Additional Resources
Web Sites
http://www.oracle.com/database/security
http://www.oracle.com/technetwork/database/security
Customer Successes
http://www.oracle.com/goto/database/security-customers
Newsletters
Security Inside Out
Database Insider
Social Media
LindkedIn Group: Database Insider
Twitter: Oracle Database
Blogs
http://blogs.oracle.com/securityinsideout
http://blogs.oracle.com/databaseinsider
Email
[email protected]
[email protected]
27
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Oracle Confidential Restricted
Related documents
Slide 1
Slide 1
Course flyer
Course flyer
Oracle vs. SQL Server
Oracle vs. SQL Server
Applied Database Techniques
Applied Database Techniques
Database Analyst - BC Public Service
Database Analyst - BC Public Service
Database Design and Programming with SQL
Database Design and Programming with SQL
Oracle Enterprise Manager
Oracle Enterprise Manager
Jerry Held
Jerry Held
Finding Petroleum - Oracle
Finding Petroleum - Oracle
Downlaod File
Downlaod File
Project Manager - Functional
Project Manager - Functional
Database Programming
Database Programming