Your SlideShare is downloading. ×
0
Database Vault
Database Vault
Database Vault
Database Vault
Database Vault
Database Vault
Database Vault
Database Vault
Database Vault
Database Vault
Database Vault
Database Vault
Database Vault
Database Vault
Database Vault
Database Vault
Database Vault
Database Vault
Database Vault
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Database Vault

752

Published on

Oracle Security Summit 2011

Oracle Security Summit 2011

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
752
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
3
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. DatabaseVault<br />Jarosław Jóźwiak<br />
  • 2. 2<br />What we hear from our customers…Protecting Access to Application Data<br />“Legal says our DBA should not be able to read financial records, but the DBA needs to access the database to do her job. What do we do?”<br />“Our SOX auditors require that we separate account creation from granting privileges to accounts.”<br />“No user should be able to by-pass our application to access information in the database directly.”<br />“New DBAs should not be able to make database changes without a senior DBA being present.”<br />
  • 3. 3<br />Privacy and Regulatory ComplianceData Security Challenges<br />Protecting Access to Application Data<br />Data Encryption<br /> Database Monitoring <br />De-Identifying Information for Sharing<br />Data Classification<br />
  • 4. 4<br />Oracle Database Security Solutions for Privacy and Compliance<br />Database Vault<br />Advanced Security<br />Configuration Management<br />Secure<br />Backup<br />Total<br />Recall<br />Label <br />Security<br />Audit <br />Vault<br />Data Masking<br />
  • 5. 5<br />Oracle Database VaultFeature Overview<br />Controls on privileged users<br />Restrict privileged users from accessing application data<br />Enforces separation of duty <br />Real time access controls<br />Controls access based on IP address, authentication method, time of day,….<br />Transparency<br />No changes to applications required<br />Protection Realms<br />Multi-Factor<br />Authorization<br />Realm Violation<br />Reports<br />Separation<br />of Duty<br />Command<br />Rules<br />Existing Oracle Database<br />
  • 6. 6<br />Oracle Database Vault Protection Realms<br />Security firewalls<br />Block select any, update any, delete any, insert any, execute privileges <br />Protect single object or entire application schema<br />Include tables, views, roles, functions, stored procedures,….<br />Audit blocked access attempts<br />Easily applied<br />Define using web interface or API<br />Protected objects can be by schema, object type and wildcard<br />Low performance overhead<br />1-5%<br />
  • 7. 7<br />select * from HR.emp<br /> DBA<br />HR<br /> Fin<br />Oracle Database Vault Protection Realms<br /><ul><li>Database DBA views HR data</li></ul>Compliance and protection from insiders<br /><ul><li>HR APP views Fin. data</li></ul>HR App<br />HR Realm<br />Eliminates security risks from server consolidation<br />FIN Realm<br />FIN App<br />
  • 8. 8<br />Oracle Database VaultCommand Rules<br />Provide extensible controls<br />Assign security rules to database commands<br />Enforce a "trusted" path by checking Database Vault built-in factors such as program names, IP addresses, host names<br />Enforce 2 man rule for specific DBA activities<br />Customize Separation of Duty<br />Easily applied<br />Rule sets associates multiple rules with a single command<br />Define using web interface or API<br />
  • 9. 9<br />HR<br />FIN<br />Oracle Database VaultCommand Rules and Multi-factor Authorization<br />CONNECT ….<br />Unexpected IP address <br />HR account<br />CREATE …<br />Business hours<br />FIN DBA<br />
  • 10. 10<br />Oracle Database VaultBuilt-In Factors Overview<br /><ul><li>User Factors
  • 11. Name
  • 12. Authentication type
  • 13. Session User
  • 14. Proxy Enterprise Identity
  • 15. Network Factors
  • 16. Machine name
  • 17. Client IP
  • 18. Network Protocols
  • 19. Extensible
  • 20. Define custom factors
  • 21. Database Factors
  • 22. Database IP
  • 23. Database Instance
  • 24. Database Hostname
  • 25. Database SID
  • 26. Runtime Factors
  • 27. Language
  • 28. Date
  • 29. Time</li></li></ul><li>11<br />Oracle Database VaultSeparation of Duty<br />Account Management <br />Account administrator creates new database accounts<br />Security administration<br />Management of Database Vault Realms, Command rules, Rule Sets,……<br />Database Administration<br />Traditional DBA tasks such as space management, tuning<br />
  • 30. 12<br />Oracle Database VaultReports<br />Built-in Auditing and Reporting<br />Realm violation audit report built-in<br />Privileges reports such as Who has the DBA Role?<br />Other reports<br />2 dozen other Database Vault and security reports<br />Easy to administer<br />Web interface and API<br />
  • 31. 13<br />Database Vault Administration Page<br />
  • 32. 14<br />Defining a Realm<br />
  • 33. 15<br />Adding Application to Realm<br />
  • 34. 16<br />Oracle Database VaultApplication Certification <br />PeopleSoft<br />E-Business Suite <br />Siebel<br />Oracle Content DB<br />Oracle Internet Directory<br />Partner applications (Underway)<br />
  • 35. 17<br />Oracle Database VaultAvailability<br />Supported Oracle Database releases<br />Oracle Database 11g<br />Oracle Database 10g Release 2 (10.2.0.3, 10.2.0.4, 10.2.0.5)<br />
  • 36. 18<br />Noel Yuhanna<br />Research Analyst, Forrester<br />“Database Vault features will be in demand, especially for databases that contain private data. Oracle is leading the pack of database makers with the new access restriction features. Microsoft, IBM, and Sybase don't have anything like this.”<br />
  • 37. 19<br />Oracle Database VaultKey Benefits Summary<br />Controls on privileged users<br />Restrict privileged users from application data<br />Enforces Separation of Duty<br />Real time access controls<br />Control who, when, where and how data is accessed<br />Make decision based on IP address, time, auth. method,…<br />Transparency<br />No changes to applications required<br />Minimal performance impact<br />

×