Oracle Database Security A Monty Python approach

Database secure, system flawed… Web App. – Database – OS – Network/LAN Firewall’s don’t help; don’t rely on… http://www.myserver.com/main.jsp?table=usertable ?user=app_owner

Database secure, system flawed…

Web App. – Database – OS – Network/LAN

Firewall’s don’t help; don’t rely on…

http://www.myserver.com/main.jsp?table=usertable

?user=app_owner

Security is a chain! A single weak link can break the entire system! http://www.schneier.com/essay-037.html

Security is a chain!

A single weak link can break the entire system!

http://www.schneier.com/essay-037.html

DBA = The Weakest Link? NO! So security is a NONE issue for DBA’s

DBA = The Weakest Link?

NO!

So security is a NONE issue for DBA’s

So, it’s a dead parrot discussion! "I know a dead parrot when I see one, and I'm lookin' at one right now."

So, it’s a dead parrot discussion!

"I know a dead parrot when I see one,

and I'm lookin' at one right now."

Why is a DBA <> The Weakest Link? Wants to know how it works Is as accurate as possible Takes responsibility Has to clean up the mess Is security aware!

Why is a DBA <> The Weakest Link?

Wants to know how it works

Is as accurate as possible

Takes responsibility

Has to clean up the mess

Is security aware!

Being security minded is a nasty habit ! You can’t be creative anymore Security is just no fun You are doing a lot of extra work, which should have be done by some else at the first place Security makes life complex No one likes you (if you start talking about security measures)

Being security minded is a nasty habit !

You can’t be creative anymore

Security is just no fun

You are doing a lot of extra work, which should have be done by some else at the first place

Security makes life complex

No one likes you (if you start talking about security measures)

A DBA being aware of the WLF (the Weakest Link Factor) realizes: A DBA job can be healthy ! No stress anymore ! Everyone loves you ! The CREATE USER example…

A DBA being aware of the WLF

(the Weakest Link Factor) realizes:

A DBA job can be healthy !

No stress anymore !

Everyone loves you !

The CREATE USER example…

CREATE USER ( Old DBA style) SQL> CREATE USER app_owner IDENTIFIED BY “#D1ff1cultP@ssw0rd” DEFAULT TABLESPACE app_data_01 TEMPORARY TABLESPACE app_temp QUOTA 10M ON app_data_01 PROFILE app_owner PASSWORD EXPIRE; SQL> GRANT create session TO app_owner; Plus X extra measures to ensure that it is difficult to use this account

CREATE USER ( Old DBA style)

SQL> CREATE USER app_owner

IDENTIFIED BY “#D1ff1cultP@ssw0rd”

DEFAULT TABLESPACE app_data_01

TEMPORARY TABLESPACE app_temp

QUOTA 10M ON app_data_01

PROFILE app_owner

PASSWORD EXPIRE;

SQL> GRANT create session TO app_owner;

Plus X extra measures to ensure that it is difficult to use this account

CREATE USER ( New DBA style) SQL> CREATE USER app_owner IDENTIFIED BY app_owner; SQL> GRANT dba TO app_owner; This can now be implemented because off the Weakest Link Factor!

CREATE USER ( New DBA style)

SQL> CREATE USER app_owner

IDENTIFIED BY app_owner;

SQL> GRANT dba TO app_owner;

This can now be implemented because off the Weakest Link Factor!

CREATE normal USER (This is the weakest link) SQL> CREATE USER app_user IDENTIFIED BY app_user; SQL> GRANT dba TO app_user; SQL> GRANT select any dictionary TO app_user;

CREATE normal USER

(This is the weakest link)

SQL> CREATE USER app_user

IDENTIFIED BY app_user;

SQL> GRANT dba TO app_user;

SQL> GRANT select any dictionary TO

app_user;

Oracle Critical Patch Update Doesn’t make any sense anymore So more free weekends, less work No testing requirements Stable database systems No changes ;-) GREAT and all this, Just because we are Now Weakest Link Factor aware !

Oracle Critical Patch Update

Doesn’t make any sense anymore

So more free weekends, less work

No testing requirements

Stable database systems

No changes ;-)

GREAT and all this, Just because we are Now Weakest Link Factor aware !

Try to imagine what WLF can do for you! Passwords on Post-it’s or text files named “passwords.txt” Unlocked keyboard, Unprotected access to PC’s Super user privileges for everyone Etcetera “ Life becomes so easy…”

Try to imagine what WLF can do for you!

Passwords on Post-it’s or text files named “passwords.txt”

Unlocked keyboard, Unprotected access to PC’s

Super user privileges for everyone

Etcetera

“ Life becomes so easy…”

Is this what we want?  OFF COURSE NOT ! … or at least, I hope you will agree, this isn’t what we want and be-aware that YOUR system is also compromised…

Is this what we want?

 OFF COURSE NOT !

… or at least, I hope you will agree, this isn’t what we want and be-aware that YOUR system is also compromised…

First steps to improvement Create a holistic security minded approach Do you best possible (ask college’s | Google!) Invest in knowledge Be realistic, but also be prepared (paranoia systems, backup and recover) Threat Models (not only “general” architecture design)

First steps to improvement

Create a holistic security minded approach

Do you best possible (ask college’s | Google!)

Invest in knowledge

Be realistic, but also be prepared

(paranoia systems, backup and recover)

Threat Models (not only “general” architecture design)

Threat Models http://www.schneier.com/essay-037.html A good design starts with a threat model: what the system is designed to protect , from whom , and for how long The threat model must take the entire system into account - not just the data to be protected, but the people who will use the system and how they will use it

Threat Models

http://www.schneier.com/essay-037.html

A good design starts with a threat model: what the system is designed to protect , from whom , and for how long

The threat model must take the entire system into account - not just the data to be protected, but the people who will use the system and how they will use it

Questions to be asked… http://www.schneier.com/essay-037.html What motivates the attackers? Must attacks be prevented, or can they just be detected? What kind of disaster recovery is possible? Analyze the real risks!

Questions to be asked…

http://www.schneier.com/essay-037.html

What motivates the attackers?

Must attacks be prevented, or can they just be detected?

What kind of disaster recovery is possible?

Analyze the real risks!

Threat model measures http://www.schneier.com/essay-037.html Threat models allow both product designers and consumers to determine what security measures they need.

Threat model measures

http://www.schneier.com/essay-037.html

Threat models allow both product designers and consumers to determine what security measures they need.

Threat model awareness http://www.schneier.com/essay-037.html Does it makes sense to encrypt your hard drive if you don't put your files in a safe? Are the audit logs good enough to convince a court of law? Does all this effort make sense as long people do not lock there keyboards and / or do not care ?

Threat model awareness

http://www.schneier.com/essay-037.html

Does it makes sense to encrypt your hard drive if you don't put your files in a safe?

Are the audit logs good enough to convince a court of law?

Does all this effort make sense as long people do not lock there keyboards and / or do not care ?

General consequence off all our efforts? We are security aware, we have control We have become smarter Less damage, if security fails… Protected investment

General consequence off all our efforts?

We are security aware, we have control

We have become smarter

Less damage,

if security fails…

Protected investment

Extra Result? A happy, stress free DBA ! A happy Development Team ! A happy Customer ! Great Team Work !

Extra Result?

A happy, stress free DBA !

A happy Development Team !

A happy Customer !

Great Team Work !

Brothers at Arms! So protect our Stuff!

Brothers at Arms! So protect our Stuff!

Who buys a dead parrot anyway…?

Who buys a dead parrot anyway…?

I Hope You Have Enjoyed It Marco Gralike http://blog.gralike.com

Marco Gralike

http://blog.gralike.com