Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Open Database Connectivity wikipedia , lookup
Microsoft Jet Database Engine wikipedia , lookup
Relational model wikipedia , lookup
Navitaire Inc v Easyjet Airline Co. and BulletProof Technologies, Inc. wikipedia , lookup
Functional Database Model wikipedia , lookup
Clusterpoint wikipedia , lookup
1 Copyright © 2010, Oracle. All rights reserved Cyber Security / Cyber Warfare Hype or underestimated? Bert Oltmans Director Defence, Justice and Public Safety CEE&CIS Region Agenda • Current Environment • Facts & Figures • Cyber Security in Defense 3 Copyright © 2010, Oracle. All rights reserved A Definition Cyber Security is an extension of traditional IT security that protects applications and data connected to the internet and exposed to attack, including offensive (cyber warfare) as well as defensive and proactive security measures. 4 Copyright © 2010, Oracle. All rights reserved Threat Environment • Cyber Warfare is a reality Georgia 2008 Operation Aurora 2009/2010 Iran Stuxnet Worm 2010 Estonia 2007 • And many incidents more…and growing 5 Copyright © 2010, Oracle. All rights reserved The Battlefield Today The network is the battlefield JXTATM Overlay Peer-to-Peer Network Sensor Grid Virtual Mapping Internet • The network has become the battlefield • Used for Communications, collaboration, decision support, simulation and modeling • Provides content delivery & information sharing 6 Copyright © 2010, Oracle. All rights reserved SCF / Field Command The Warfighter Challenge NATO Doctrine: • Network Centric Operations require a “Share-to-Win” attitude Share-to-win Needto-know • Cyber Security Policies mandate a “need to know” strategy 7 Copyright © 2010, Oracle. All rights reserved The Transformation in Defense • Cyber Security is becoming a National concern • US Cyber Command (USCYBERCOM) created on May 21, 2010 • “The admiral said he believes a cyber attack could trigger a response in accordance with Article 5 of the NATO Charter, which states that an attack on any alliance member is an attack on all alliance members” Navy Adm. James G. Stavridis, 29 November 2010 – Time Interview 8 Copyright © 2010, Oracle. All rights reserved Regional Cyberspace 2010 Data Breach Investigations Report © 2010 Oracle Corporation 9 Role of Governments • Increased importance of National Entities like CERT’s to monitor the Nation’s Critical Infrastructures and provide guidance © 2010 Oracle Corporation 10 FACTS & FIGURES © 2010 Oracle Corporation 11 Two Thirds of Sensitive and Regulated Data Resides in Databases… Amount of Data in Databases Doubles Yearly 1,800 Exabytes 2011 Source: IDC, 2008 12 Copyright © 2010, Oracle. All rights reserved Over 900M Breached Records Resulted from Compromised Database Servers Type Category % Breaches % Records Database Server Servers & Applications 25% 92% Desktop Computer End-User Devices 21% 1% 2010 Data Breach Investigations Report 13 Copyright © 2010, Oracle. All rights reserved How do Database Breaches Occur? Bad Guys Exploit Your Weaknesses! 48% involved privilege misuse 40% resulted from hacking 38% 28% 15% utilized malware employed social tactics comprised physical attacks 2010 Data Breach Investigations Report 14 Copyright © 2010, Oracle. All rights reserved Cyber Security in Defense Some thoughts 1. Design/Procure Information Systems geared to Threat Environment (including Cyberspace) 2. Treat Information Technology as Mission Critical – not - Mission Enabling 3. Have Policies and Doctrines that acknowledge Cyber Warfare 15 Copyright © 2010, Oracle. All rights reserved Information Systems in Cyberspace It starts with a secure product A model for continuous improvement… (1) Plan (2) Do 1979: Project ‘Oracle’ with the CIA 1994: First vendor to complete ITSEC and TCSEC validations Advanced Security Option 1998: First vendor to complete Common Criteria EAL4 validation Virtual Private Database 2005: Introduction of the Critical Patch Update 2006: Database Vault Adoption of CVSS (4) Act (3) Check …… 2010 (Ref.: “PDCA Cycle”, originally developed by Walter A. Shewhart; Sometime referred as Deming Cycle.) 16 Copyright © 2010, Oracle. All rights reserved Ongoing certifications Information Systems in Cyberspace And a Secure Implementation PEOPLE PROCESSES CYBER SPACE TECHNOLOGY 17 Copyright © 2010, Oracle. All rights reserved Software Security End User Perspectives Vendor patch issuance practices are most visible with customers, Security Patches … BUT… Service Packs Release QA Secure Development Producing secure software requires Security Testing • Focused attention as early as the design phase • Ongoing commitment throughout the entire development and pre-release phases • Effective remediation procedures Coding Practices Coding Standards Design Requirements 18 Copyright © 2010, Oracle. All rights reserved Make IT Mission Critical Include Deployment and Support Access Control • Controlling Privileged Users • Custom Security Policies • RBAC & LBAC Implementation User Management • Strong Authentication • Fine-grained Authorizations Monitoring • Enterprise-Wide Auditing • Configuration Core Platform Security Data Protection • Network Encryption • Data Encryption • Backup Encryption Secure Operating Environment • Multi-Level Security • Fault Tolerance • Ubiquitous Support 19 Copyright © 2010, Oracle. All rights reserved Policies & Doctrines • Cover Defensive and Offensive measures • Implement down to single combat unit 20 Copyright © 2010, Oracle. All rights reserved JICPAC Supports Coalition Forces with Access to Secure Information OVERVIEW • Joint Intelligence Center of the Pacific (JICPAC) is located within the US Pacific Command (PACOM) Pearl Harbor, HI CHALLENGES / OPPORTUNITIES • Security was preserved through air-gap networks (entirely disconnected) yet analyst required multiple networks and therefore 1 to 1 mapping of multiple desktop clients creating clutter and manual process • Logging of audit trails was mostly on the “honor-system” with manual documentation • Local clients meant far more maintenance and chance for degradation of information assurance levels 21 SOLUTIONS JICPAC Trusted Workstation (TWS): • SunRay Ultra-thin client • Trusted Extensions for Solaris • CC EAL4 Certification on NEBS-certified Sun Servers RESULTS • Reduced acquisition costs and power consumption through the consolidation of multiple PC clients into a single Sun Ray ultra-thin client • Improved end-user operational efficiencies in the secure information workflows with complete audit trails through simultaneous connection to multiple networks • Compatible with existing applications since they run in a Solaris open environment Copyright © 2010, Oracle. All rights reserved Albanian MoD Safeguards Classified Data to Prepare for NATO Accession OVERVIEW • Agency responsible for implementing the govt’s defense & foreign policy objectives, & protecting the security of 3.6 million Albanian people • Industry: Public Sector • Employees: 500 CHALLENGES / OPPORTUNITIES • Consolidate all structured and unstructured classified data on a secure, scalable, electronic platform prior to the April 2009 accession to the North Atlantic Treaty Organization (NATO) CUSTOMER PERSPECTIVE “Oracle’s unbreakable security platform enables us to guarantee the integrity of sensitive defense data without impeding access to it by authorized personnel. We now have our data consolidated on a secure, scalable platform - enabling us to prepare for the accession to NATO.” Genci Kokoshi, Chief of Information Technology • Enforce the highest internationally recognized standards for providing & auditing authorized access to classified Ministry of Defense (MoD) information • Protect the integrity of sensitive military documents relating to Albania’s role in NATO operations assurance levels SOLUTIONS • Oracle Universal Content Management • Oracle Identity Management • Oracle Virtual Directory • Oracle Access Manager 22 RESULTS • Provided a secure Web-based data storage platform to create and publish classified content • Offered 100 users a single sign on and secure, seamless access to job-appropriate data • Enabled the organization to set up user accounts in only a few hours Copyright © 2010, Oracle. All rights reserved For More Information oracle.com/database/security search.oracle.com database security 23 Copyright © 2010, Oracle. All rights reserved [email protected] 24 Copyright © 2010, Oracle. All rights reserved 25 Copyright © 2010, Oracle. All rights reserved 26 Copyright © 2010, Oracle. All rights reserved Oracle Advanced Security Protect Data from Unauthorized Users Disk Backups Application Exports Off-Site Facilities • Complete encryption for application data at rest to prevent direct access to data stored in database files, on tape, exports, etc. by IT Staff/OS users • Efficient application data encryption without application changes • Built-in two-tier key management for SoD with support for centralized key management using HSM/KMS • Strong authentication of database users for greater identity assurance © 2010 Oracle Corporation 27 Oracle Database Vault Enforce Security Policies Inside the Database Security DBA Procurement Application Application DBA HR Finance select * from finance.customers DBA • Automatic and customizable DBA separation of duties and protective realms • Enforce who, where, when, and how using rules and factors • Enforce least privilege for privileged database users • Prevent application by-pass and enforce enterprise data governance • Securely consolidate application data or enable multi-tenant data management © 2010 Oracle Corporation 28 Oracle Audit Vault Audit Database Activity in Real-Time ! HR Data CRM Data ERP Data Databases Audit Data Alerts Built-in Reports Custom Reports Policies Auditor • Consolidate database audit trail into secure centralized repository • Detect and alert on suspicious activities, including privileged users • Out-of-the box compliance reports for SOX, PCI, and other regulations • E.g., privileged user audit, entitlements, failed logins, regulated data changes • Streamline audits with report generation, notification, attestation, archiving, etc. © 2010 Oracle Corporation 29 Oracle Total Recall Track Changes to Sensitive Data select salary from emp AS OF TIMESTAMP '02-MAY-09 12.00 AM‘ where emp.title = ‘admin’ • Transparently track application data changes over time • Efficient, tamper-resistant storage of archives in the database • Real-time access to historical application data using SQL • Simplified incident forensics and recovery © 2010 Oracle Corporation 30 Oracle Database Firewall First Line of Defense Allow Log Alert Substitute Applications Block Alerts Built-in Reports Custom Reports Policies • Monitor database activity to prevent unauthorized database access, SQL injections, privilege or role escalation, illegal access to sensitive data, etc. • Highly accurate SQL grammar based analysis without costly false positives • Flexible SQL level enforcement options based on white lists and black lists • Scalable architecture provides enterprise performance in all deployment modes • Built-in and custom compliance reports for SOX, PCI, and other regulations © 2010 Oracle Corporation 31 Oracle Configuration Management Secure Your Database Environment Monitor Discover Asset Management Classify Policy Management Assess Prioritize Vulnerability Management Fix Configuration Management & Audit Monitor Analysis & Analytics • Discover and classify databases into policy groups • Scan databases against 400+ best practices and industry standards, custom enterprise-specific configuration policies • Detect and event prevent unauthorized database configuration changes • Change management dashboards and compliance reports © 2010 Oracle Corporation 32 Oracle Data Masking Irreversibly De-Identify Data for Non-Production Use Production Non-Production LAST_NAME SSN SALARY LAST_NAME SSN SALARY AGUILAR 203-33-3234 40,000 ANSKEKSL 111—23-1111 60,000 BENSON 323-22-2943 60,000 BKJHHEIEDK 222-34-1345 40,000 Data never leaves Database • Make application data securely available in non-production environments • Prevent application developers and testers from seeing production data • Extensible template library and policies for data masking automation • Referential integrity automatically preserved so applications continue to work © 2010 Oracle Corporation 33 Oracle Database Defense In Depth • Oracle Advanced Security • Oracle Identity Management • Oracle Database Vault • Oracle Label Security Data • Oracle Audit Vault • Oracle Total Recall • Oracle Database Firewall • Oracle Configuration Management • Oracle Data Masking © 2010 Oracle Corporation 34