Your SlideShare is downloading. ×
Database Vault
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Database Vault

680
views

Published on

Oracle Security Summit 2011

Oracle Security Summit 2011

Published in: Technology

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
680
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. DatabaseVault
    Jarosław Jóźwiak
  • 2. 2
    What we hear from our customers…Protecting Access to Application Data
    “Legal says our DBA should not be able to read financial records, but the DBA needs to access the database to do her job. What do we do?”
    “Our SOX auditors require that we separate account creation from granting privileges to accounts.”
    “No user should be able to by-pass our application to access information in the database directly.”
    “New DBAs should not be able to make database changes without a senior DBA being present.”
  • 3. 3
    Privacy and Regulatory ComplianceData Security Challenges
    Protecting Access to Application Data
    Data Encryption
    Database Monitoring
    De-Identifying Information for Sharing
    Data Classification
  • 4. 4
    Oracle Database Security Solutions for Privacy and Compliance
    Database Vault
    Advanced Security
    Configuration Management
    Secure
    Backup
    Total
    Recall
    Label
    Security
    Audit
    Vault
    Data Masking
  • 5. 5
    Oracle Database VaultFeature Overview
    Controls on privileged users
    Restrict privileged users from accessing application data
    Enforces separation of duty
    Real time access controls
    Controls access based on IP address, authentication method, time of day,….
    Transparency
    No changes to applications required
    Protection Realms
    Multi-Factor
    Authorization
    Realm Violation
    Reports
    Separation
    of Duty
    Command
    Rules
    Existing Oracle Database
  • 6. 6
    Oracle Database Vault Protection Realms
    Security firewalls
    Block select any, update any, delete any, insert any, execute privileges
    Protect single object or entire application schema
    Include tables, views, roles, functions, stored procedures,….
    Audit blocked access attempts
    Easily applied
    Define using web interface or API
    Protected objects can be by schema, object type and wildcard
    Low performance overhead
    1-5%
  • 7. 7
    select * from HR.emp
    DBA
    HR
    Fin
    Oracle Database Vault Protection Realms
    • Database DBA views HR data
    Compliance and protection from insiders
    • HR APP views Fin. data
    HR App
    HR Realm
    Eliminates security risks from server consolidation
    FIN Realm
    FIN App
  • 8. 8
    Oracle Database VaultCommand Rules
    Provide extensible controls
    Assign security rules to database commands
    Enforce a "trusted" path by checking Database Vault built-in factors such as program names, IP addresses, host names
    Enforce 2 man rule for specific DBA activities
    Customize Separation of Duty
    Easily applied
    Rule sets associates multiple rules with a single command
    Define using web interface or API
  • 9. 9
    HR
    FIN
    Oracle Database VaultCommand Rules and Multi-factor Authorization
    CONNECT ….
    Unexpected IP address
    HR account
    CREATE …
    Business hours
    FIN DBA
  • 10. 10
    Oracle Database VaultBuilt-In Factors Overview
  • 11
    Oracle Database VaultSeparation of Duty
    Account Management
    Account administrator creates new database accounts
    Security administration
    Management of Database Vault Realms, Command rules, Rule Sets,……
    Database Administration
    Traditional DBA tasks such as space management, tuning
  • 30. 12
    Oracle Database VaultReports
    Built-in Auditing and Reporting
    Realm violation audit report built-in
    Privileges reports such as Who has the DBA Role?
    Other reports
    2 dozen other Database Vault and security reports
    Easy to administer
    Web interface and API
  • 31. 13
    Database Vault Administration Page
  • 32. 14
    Defining a Realm
  • 33. 15
    Adding Application to Realm
  • 34. 16
    Oracle Database VaultApplication Certification
    PeopleSoft
    E-Business Suite
    Siebel
    Oracle Content DB
    Oracle Internet Directory
    Partner applications (Underway)
  • 35. 17
    Oracle Database VaultAvailability
    Supported Oracle Database releases
    Oracle Database 11g
    Oracle Database 10g Release 2 (10.2.0.3, 10.2.0.4, 10.2.0.5)
  • 36. 18
    Noel Yuhanna
    Research Analyst, Forrester
    “Database Vault features will be in demand, especially for databases that contain private data. Oracle is leading the pack of database makers with the new access restriction features. Microsoft, IBM, and Sybase don't have anything like this.”
  • 37. 19
    Oracle Database VaultKey Benefits Summary
    Controls on privileged users
    Restrict privileged users from application data
    Enforces Separation of Duty
    Real time access controls
    Control who, when, where and how data is accessed
    Make decision based on IP address, time, auth. method,…
    Transparency
    No changes to applications required
    Minimal performance impact