Download Oracle-DB-Security

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
Document related concepts

Open Database Connectivity wikipedia , lookup

Entity–attribute–value model wikipedia , lookup

Microsoft Jet Database Engine wikipedia , lookup

Extensible Storage Engine wikipedia , lookup

Relational model wikipedia , lookup

Database wikipedia , lookup

Functional Database Model wikipedia , lookup

Clusterpoint wikipedia , lookup

Oracle Database wikipedia , lookup

Database model wikipedia , lookup

Transcript 
<Insert Picture Here>
Oracle Database Security
Kwesi Edwards
Principal Solutions Architect
Oracle Higher Education
Dominic Young
Account Manager
Oracle Higher Education
Data Security Lifecycle
Inbound Data
Storage
• Network Encryption
• Strong Authentication
• Identity Management Integration
• Transparent Data Encryption
• Secure Backup
Monitor
• Configuration Scanning
• Audit Vault
Access Control
Outbound Data
• Network Encryption
• Database Vault
• Oracle Label Security
• Fusion Security
Agenda
• Network Encryption
• Encryption of data in motion
• Strong Authentication
• PKI, Kerberos, Radius
• Data Encryption
• Encryption of data at rest
• Secure Backup
• Oracle DataVault
• DB Auditing
• Audit Vault
<Insert Picture Here>
Network Security Threats
1. Data Theft
2. Data Modification or Replay
$50,000
My competitor sees
my bids in a sealed
auction.
3. Data Disruption
Packet stolen
Order never arrives
$500.00
Network Encryption
• Provided by Oracle for nearly a decade
• Encrypts all communication with the database
• AES
• RSA RC4 (40-, 56-, 128-, 256-bit keys)
• DES (40-, 56-bit) and 3DES (2- and 3-key)
• Data integrity with checksums
• MD5, SHA-1
• Automatically detects modifications, replays, missing
packets
• Easy to setup
Agenda
• Network Encryption
• Encryption of data in motion
• Strong Authentication
• PKI, Kerberos, Radius
• Data Encryption
• Encryption of data at rest
• Secure Backup
• Oracle Data Vault
• DB Auditing
• Audit Vault
<Insert Picture Here>
Strong Authentication
• Kerberos
• Ease of deployment makes this a popular choice
• PKI
• Large customers are working on full scale deployments
• Strong interest among large Universities
• Oracle supports SSL accelerators
• Radius
• Database integrates with RADIUS
Agenda
• Network Encryption
• Encryption of data in motion
• Strong Authentication
• PKI, Kerberos, Radius
• Data Encryption
• Encryption of data at rest
• Secure Backup
• Oracle Data Vault
• DB Auditing
• Audit Vault
<Insert Picture Here>
The Need for Encryption
• Worldwide privacy, security laws and regulations
•
•
•
•
Sarbanes-Oxley
PCI
California SB 1386
Country-specific laws
Customer Credit
Card Numbers
Disks replaced
for maintenance
Data worthless if encrypted
Laptops stolen
Backups lost
The DBMS_CRYPTO Package
• Formerly DBMS_OBFUSCATION (Release 8)
• Extensive control of options
• Generate as many, or as few keys as you desire
• Granular access control, Manual salt generation, algorithm
selection, chaining mode
• Limited Transparency
Transparent Data Encryption
• Integrated with the Oracle database for simplicity
• Alter table encrypt column …
• Provides application transparency
• No API calls, database triggers or views required
• Media protection of PII data
• Social security numbers
• Credit Card Numbers
• Performance
• Works with existing indexes for
fast searches
Separation of duties
Wallet password is separate from
System or DBA password
No access
to wallet
DBA starts up
Database
Security DBA opens wallet
containing master key
Master key and column keys
Column keys encrypted
by master key
Master key stored
in PKCS#12 wallet
Security DBA opens wallet
containing master key
Column keys encrypt
data in columns
Oracle Secure Backup:
Tape Backup Management
Oracle Databases
File System Data
UNIX
Linux
Integration with
RMAN
Windows
NAS
Highest levels of tape data
protection at the lowest cost!
Fastest & Best Integrated
tape backup for the Oracle
Database
-Recovery Manager
(RMAN) integration
Oracle Secure Backup
Centralized Tape Backup Management
-Enterprise Manager
(EM) interface
Maximum security options
Free version (limited
functionality) will ship with the
Oracle Database
Tape
Why Use Oracle Secure Backup?
 Intelligent integration with RMAN delivering the best
performance and security for database backups
 Database tape backups can now be seamlessly managed by
Database Administrators (DBA) or storage group
 Scalable from the department to the data center
 Easily managed using Enterprise Manager (EM)
 Single technical support resource for entire backup solution
expedites problem resolution
 Reliable data protection at lower cost and complexity
• For the Oracle Database and file system data
End to End Security
Oracle Advanced Security
Strong Authentication
Oracle Advanced Security
Network Encryption
Data
Automatically
Decrypted
Through
SQL Interface
Data
Written
To Disk
Automatically
Encrypted
Data Encrypted
On Backup Files
Oracle
Advanced
Security
Transparent
Data Encryption
Agenda
• Network Encryption
• Encryption of data in motion
• Strong Authentication
• PKI, Kerberos, Radius
• Data Encryption
• Encryption of data at rest
• Secure Backup
• Oracle Data Vault
• DB Auditing
• Audit Vault
<Insert Picture Here>
Data Vault Objectives
• Multi-factored approach to database security
• Protect and share data assets using environmental factors for
assurance
• Defense in depth approach
• Protect application schemas from system privileges
• Database Server as Database Appliance
• Lock Down, Hardened Software and Privileges
• Comprehensive Audit Policy
• Separation of Duties
Data Vault Protected Schema
• Protect Data Vault metadata from tampering
• Remove metadata dependency on SYS schema
• Access to protected schema only through the
administrative roles
• Provide separation of duties by different
administrative roles
• Password required for SYS login
• No OSDBA group membership
Agenda
• Network Encryption
• Encryption of data in motion
• Strong Authentication
• PKI, Kerberos, Radius
• Data Encryption
• Encryption of data at rest
• Secure Backup
• Oracle DataVault
• DB Auditing
• Audit Vault
<Insert Picture Here>
Oracle Database 10g Auditing
• Audit & monitor database activity
• Logon failures, privilege usage, data access,
object access,and other activities
• Standard Audit Trail (over 250 audit actions)
• Gives first level of information about access
to the database
• Statement auditing
• Privilege auditing
• Schema Object auditing
• Fine-Grained Auditing (FGA)
• Gives second level of information about
specific operations to the database
• Enables you to monitor data access
based on content.
AUDITING
Fine-grained auditing (FGA)
• Beginning with Oracle9i Database, Oracle provides the
capability to audit specific rows within a table. This is
accomplished using the DBMS_FGA package.
•
Features
• Attach audit policy to table or view
• Specify audit condition using a SQL predicate
• User’s query text with bind variables are written to audit record upon
a triggering audit event
• Event handler can alert administrator to triggering condition (e.g.
write record to log, send page)
Collect and Consolidate
Audit Data
Simplify Compliance
Reporting
Detect and Prevent
Insider Threats
Monitor Policies
Reports
Security
Lower IT Costs With
Audit Policies
Scale and Security
Oracle 9iR2
10gR2
10gR1
(Future)
Other Sources,
Databases
Oracle Database Security
30 years of Innovation
Oracle Audit Vault
Oracle Database Vault
DB Security Evaluation #19
Transparent Data Encryption
EM Configuration Scanning
Fine Grained Auditing (9i)
Secure application roles
Client Identifier / Identity propagation
Oracle Label Security
Proxy authentication
Enterprise User Security
Global roles
Virtual Private Database (8i)
1977
Database Encryption API
Strong authentication (PKI, Kerberos, RADIUS)
Native Network Encryption (Oracle7)
Database Auditing
Government customer
2007
Agenda
• Network Encryption
• Encryption of data in motion
• Strong Authentication
• PKI, Kerberos, Radius
• Data Encryption
• Encryption of data at rest
• Secure Backup
• Oracle DataVault
• DB Auditing
• Audit Vault
<Insert Picture Here>
For More Information
http://search.oracle.com
Transparent Data Encryption
or
oracle.com/security
Related documents
Big Data Gives Artificial Intelligence Something to Think About
Big Data Gives Artificial Intelligence Something to Think About
Database Security
Database Security
Slide 1
Slide 1
CSCI 3140 Module 3 – Logical Database
CSCI 3140 Module 3 – Logical Database
All Definitions for
All Definitions for
a common digital Europe
a common digital Europe
Network Security: It`s Time to Take It Seriously
Network Security: It`s Time to Take It Seriously
Exam preparation session
Exam preparation session
Pr sentation PowerPoint
Pr sentation PowerPoint
Database Build Book - Office of the Chief Information Officer
Database Build Book - Office of the Chief Information Officer
Database Confidentiality
Database Confidentiality
Oracle 10g release 2
Oracle 10g release 2