* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Oracle Audit Vault and Database Firewall
Survey
Document related concepts
Extensible Storage Engine wikipedia , lookup
Microsoft SQL Server wikipedia , lookup
Concurrency control wikipedia , lookup
Microsoft Jet Database Engine wikipedia , lookup
Functional Database Model wikipedia , lookup
Open Database Connectivity wikipedia , lookup
Relational model wikipedia , lookup
Navitaire Inc v Easyjet Airline Co. and BulletProof Technologies, Inc. wikipedia , lookup
Database model wikipedia , lookup
Clusterpoint wikipedia , lookup
Transcript
Oracle Audit Vault and Database Firewall Matteo Galimberti, Solution Account Manager – BSC Consulting Paolo Marchei, Principal Sales Consultant – Oracle Italia Billions of Database Records Breached Globally 97% of Breaches Were Avoidable with Basic Controls 98% records stolen from databases 84% records breached using stolen credentials 71% fell within minutes 92% discovered by third party 2 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Why are Databases so Vulnerable? 80% of IT Security Programs Don’t Address Database Security Forrester Research “Enterprises are taking on risks Network Security Authentication & User Security SIEM Email Security Endpoint Security that they may not even be aware of. Especially as more and more attacks against databases exploit legitimate access.” 3 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Database Security Web Application Firewall Oracle Database Security Solutions Defense-in-Depth for Maximum Security 4 PREVENTIVE DETECTIVE ADMINISTRATIVE Encryption Activity Monitoring Privilege Analysis Redaction and Masking Database Firewall Sensitive Data Discovery Privileged User Controls Auditing and Reporting Configuration Management Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Oracle Database Security Solutions Detect and Block Threats, Alert, Audit and Report 5 PREVENTIVE DETECTIVE ADMINISTRATIVE Encryption Activity Monitoring Privilege Analysis Redaction and Masking Database Firewall Sensitive Data Discovery Privileged User Controls Auditing and Reporting Configuration Management Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Oracle Audit Vault and Database Firewall New Solution for Oracle and Non-Oracle Databases Database Firewall Users Allow Log Alert Substitute Applications Block Firewall Events Auditor Reports Alerts Security Manager Audit Data ! Policies Audit Vault 6 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. OS, Directory, File System & Custom Audit Logs Oracle AVDF Accuracy Why is understanding SQL critical? SQL is a language with about 400 key words and a strict grammar structure (ISO SQL spec 1500+ pages): SELECT id, username, password, acccount_no FROM tbl_users WHERE username = ‘Bill’ AND account_no BETWEEN 1001000 AND 1001012; KEY WORDS OPERATORS SCHEMA DATA Unless the grammar and structure of the language is known, then errors are made when analysing SQL UPDATE tbl_users SET comments = ‘The user has asked for another account_no, and wishes to be billed for services between 1/2/2009 and 2/2/2009, and wants to know where the invoice should be sent to. She will select the new service level agreement to run from 3/7/2009 next month’ WHERE id = ‘A15431029’; 7 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. False Alarms are too costly 8 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. False Alarms are too costly 9 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. The cost of inaccuracy 10 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Oracle AVDF Accuracy Oracle AVDF can understand every SQL interaction and correctly segregate it based on the intent of the transaction. Uses semantic analysis of the grammar and structure of a SQL transaction to determine all of the relevant information about a query. Can also associate attributes with a SQL transactions such as who, what, when, from where, by whom, with what and what happened. 11 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Oracle DB Auditing: Fine-Grained Auditing Audit Policy AUDIT_CONDITION : NAME != USER AUDIT_COLUMN = SALARY Not audited SELECT name, job, deptno FROM emp Audit Records (FGA_LOG$) SELECT name, salary FROM emp <timestamp>, <SCN>, <userid>, etc. SELECT name, salary FROM emp 12 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Oracle Audit Vault and Database Firewall SQL Injection Protection with Positive Security Model SELECT * from stock where catalog-no='PHE8131' Applications SELECT * from stock where catalog-no=‘ ' union select cardNo,0,0 from Orders --’ White List Allow Block Databases • “Allowed” behavior can be defined for any user or application • Automated white list generation for any application • Out-of-policy database transaction detected and blocked/alerted 13 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Oracle Audit Vault and Database Firewall Enforcing Database Activity with Negative Security Model SELECT * FROM v$session Black List Block DBA activity from Application? DBA activity from Approved Workstation SELECT * FROM v$session Allow + Log • Stop specific unwanted SQL interactions, user or schema access • Blacklisting can be done on factors such as time of day, day of week, network, application, user name, OS user name etc • Provide flexibility to authorized users while still monitoring activity 14 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Oracle Audit Vault and Database Firewall Comprehensive Enterprise Audit and Log Consolidation Databases: Oracle, SQL Server, DB2 LUW, DB2 z/OS*, Sybase ASE New Audit Sources – Operating Systems: Microsoft Windows, Solaris – Directory Services: Active Directory – File Systems: Oracle ACFS Audit Collection Plugins for Custom Audit Sources – XML file maps custom audit elements to canonical audit elements – Collect and map data from XML audit file and database tables * Third party integration by BSC Consulting Spa & AlfaGroup 15 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Oracle Audit Vault and Database Firewall Solution for DB2 on z/OS Intercept SQL Write Recorder Database Firewall Users Allow Log Alert Substitute Applications Auditor DAEMON Firewall Events Applies Rules Generates Alerts & SQL Statistics Reports Alerts Security Manager Block Audit Data ! Policies Audit Vault 16 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Integration by Oracle Database Security Solutions Defense-in-Depth for Maximum Security 17 PREVENTIVE DETECTIVE ADMINISTRATIVE Encryption Activity Monitoring Privilege Analysis Redaction and Masking Database Firewall Sensitive Data Discovery Privileged User Controls Auditing and Reporting Configuration Management Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Governance & Compliance regulations 18 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Catalog Sensitive Data in Your Enterprise Databases Person Name Bank Account Number Maiden Name Card Number (Credit or Debit Card Number) Business Address Tax Registration Number or National Tax ID Business Telephone Number Person Identification Number Business Email Address Welfare Pension Insurance Number Custom Name Unemployment Insurance Number Employee Number Government Affiliation ID User Global Identifier Military Service ID Party Number or Customer Number Social Insurance Number Account Name Pension ID Number Mail Stop Article Number GPS Location Civil Identifier Number Student Exam Hall Ticket Number Hafiza Number Club Membership ID Social Security Number Library Card Number Trade Union Membership Number Identity Card Number Pension Registration Number Instant Messaging Address National Insurance Number Web site Health Insurance Number National Identifier Personal Public Service Number Passport Number Electronic Taxpayer Identification Number Driver’s License Number Biometrics Data Personal Address Digital ID Personal Telephone Number Citizenship Number Personal Email Address Voter Identification Number Visa Number or Work Permit Residency Number (Green Card) 19 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Business-driven Criteria: – Violate government regulations – Violate business regulations – Damage shareholder value through loss of Market capital Valuation Reputation Customers Lawsuits Business-driven Sensitive Data Discovery Find and Catalog Sensitive Data 1. Data Finder Patterns Table Name: “EMP*” Column Name “*SSN*” Data Format ### - ## - #### • Define pattern match rules for Tables, columns and data Data Privacy Catalog 4. PERSON_SSN, EMP_SSN, SOC_SEC_NUM • New database fields added and then protected 20 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 2. Enterprise Data Sources • Connect to Databases • Search for Data Finder patterns across databases Data Finder Reports 3. Data Finder Results • Results rendered by confidence factor • Relevant database fields imported into the Data Privacy Catalog Oracle Audit Vault and Database Firewall Auditing and Reporting Tens of default audit reports – Out-of-the Box Compliance Reporting. 21 Report with Data from Multiple Source Types Auditing Stored Procedure Calls – Not Visible on the Network Powerful Alerting Filter Conditions Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Oracle Audit Vault and Database Firewall Increasing auditing value: out-of-the-box Integration Oracle AVDF is integrated with the following third-party products: BIG-IP Application Security Manager (ASM): This product from F5 Networks, Inc. is an advanced Web Application Firewall (WAF) that provides comprehensive edge-ofnetwork protection against a wide range of Web-based attacks. It analyzes each HTTP and HTTPS request, and blocks potential attacks before they reach the Web application server. ArcSight Security Information Event Management (SIEM): This product is a centralized system for logging, analyzing, and managing syslog messages from different sources. 22 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Demo AVDF 23 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Oracle Confidential Restricted Oracle Database Security Customers Customers Worldwide Rely on Oracle Customer Benefits Enterprise ready Security and compliance Simple and flexible Speed and scale Trasparent and accurate oracle.com/goto/database/security-customers 24 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. T-Mobile Protecting Customer Data in Oracle and non-Oracle Databases Challenge Provider of wireless voice, messaging, and data services throughout the U.S. Fourth largest wireless company in the U.S. with more than 35 million subscribers Industry: Telecom 25 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Protect sensitive data – PCI, CPNI, SPII – in both Oracle and nonOracle Databases Monitor database threats, including SQL injection attacks and data harvesting, without having to change application code Full visibility into database activity Understand what types of changes are being made to sensitive data Solution Addresses data security with Database Firewall, TDE, Data Masking as comprehensive database security defense-in-depth strategy Database activity monitoring prevents insider and external threats Deployed and setup within a few hours; already protected against a few compromised accounts that were harvesting data 26 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Oracle Database Security Solutions Additional Resources Web Sites http://www.oracle.com/database/security http://www.oracle.com/technetwork/database/security Customer Successes http://www.oracle.com/goto/database/security-customers Newsletters Security Inside Out Database Insider Social Media LindkedIn Group: Database Insider Twitter: Oracle Database Blogs http://blogs.oracle.com/securityinsideout http://blogs.oracle.com/databaseinsider Email [email protected] [email protected] 27 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Oracle Confidential Restricted