SlideShare a Scribd company logo

DOAG Oracle Database Vault

Stefan Oehrli
Stefan Oehrli

Oracle Database Vault has been on the market for a few years now. The product has been constantly improved over the years. But where is it worthwhile to use it? Which security measures can be implemented with it? And from whom does DB Vault protect me at all? In this presentation, the technical possibilities of Database Vault 19c / 21c will be explained in addition to the experiences from two customer projects. We will try to show where the use of Database Vault is worthwhile under certain circumstances and under which conditions it is not. This also includes whether protection against snakes and thieves is ensured. PS: I asked my children what kind of presentation I should submit.The answers were snakes, thieves and cheetahs…

1 of 42
Download to read offline
ORACLE DATABASE VAULT Protection from Thieves, Snakes,...
2 § Together we are 1500 specialists at 34 locations in Switzerland, Germany and Austria with a focus on Data & Applied Intelligence. § Together we support you in the intelligent end-to-end use of your data. § We cover the entire spectrum: from the development and operation of data platforms and solutions, to the refinement of data as well as consulting and training. § We achieve this through the unique combination of Trivadis' technological expertise and Accenture's strategic know-how in the field of data. TRIVADIS & ACCENTURE: #1 FOR DATA & AI
3 OUR RANGE OF SERVICE BUSINESS ANALYTICS BUSINESS AUTOMATION MODERNE DATEN- PLATTFORMEN MODERNE CLOUD- INFRASTRUKTUR
4 VISIT OUR BOOTH IN GATHER.TOWN - STAGE 1 § Find us on stage 1 to the right of the escalator § Play our game «ALPAKA» § Meet our experts at the booth § Attend the interview about the joint future of Trivadis and Accenture on Thursday, 18.11.2021, 11:50h (DOAG Studio)
5 HALLO, GRÜESSECH, HI! § Since 1997 active in various IT areas § More than 24 years of experience in Oracle databases § Focus: Protecting data and operating databases securely o Security assessments and reviews o Database security concepts and their implementation o Oracle Backup & Recovery concepts and troubleshooting o Oracle Enterprise User and Advanced Security, DB Vault, … o Oracle Directory Services § Co-author of the book The Oracle DBA (Hanser, 2016/07) STEFAN OEHRLI PLATFORM ARCHITECT
6 AGENDA § Introduction § Oracle Database Vault in a Nutshell § Latest Database Vault Features § Conceptual Considerations § Good Practice § Further Measures § Alternatives to Database Vault § Conclusion Thief Snake Cheetah
7 INTRODUCTION
8 PROTECT FROM WHOM? § Theft of backups § Disclosure / access to the storage medium § Datafile (modification, access) Thief Snake Cheetah § Privileges escalation § Improper use of rights § Vulnerabilities and misconfiguration § Excessive and unnecessary user authorizations § Denial of Service § Unmonitored sensitive data § Input Injection / SQL Injection
9 THE PROBLEM § Database with classified data o Individual Objects o Schemas or whole database § High privileges users are not allowed to read / modify data o User with ANY privileges o User with administrative privileges e.g., SYSDBA o OS user oracle o OS super user like root § No segregation of duties enforced Highly privileged users can basically read everything or assign themselves the appropriate rights.
10 ORACLE DATABASE VAULT IN A NUTSHELL
11 ORACLE DATABASE VAULT… § …provides advanced controls for sensitive data o Basic security concept is still necessary respectively even mandatory § … integrated with existing security measures and features o Transparent Data Encryption o Oracle Multitenant architecture o Enterprise User Security o Secure Application Roles, Data Redaction, Virtual Private Database and other security features § … implements a few basic security measures by just switching it on. o Update existing database roles o Modify some commands by adding command rules o Change some init.ora parameter
12 DATABASE VAULT BASIC FEATURES § Controls for privileged accounts § Controls for database configuration § Enforce separation of duty out of the box § Operation Control and Manageability o Day to day DB Administration ”as usual” under the premise of separation of duties § Integration through a change of binaries § Database Vault is based on the existing access and protection § Rule sets for four eyes principle possible § Only data in a realm is protected o A realm is a functional group of schemas and roles o A realm must be set up after activation of Database Vault
14 ACCESS WORKFLOW § Verify if object is protected by a REALM § Verify if a ANY or system privilege is used § Check if REALM is mandatory § User must be part of the REALM § Is there a RULE SET defined? § How does the RULE SET evaluate? § Is there a COMMAND RULE defined? § Command is either executed or not
15 DATABASE VAULT REALM EXAMPLE
16 LATEST DATABASE VAULT FEATURES
17 MAJOR ENHANCEMENTS OVER THE PAST RELEASES § Oracle Database 12c Release 1 and 2 o Introduction of the Oracle Database Vault Simulation Mode o Vault Mandatory Realms e.g., to control access to own objects § Oracle Database 19c o Enhanced support for Unified Audit Policies o Database Vault Operations Control for Infrastructure Database Administrators in Oracle Multitenant o Enhancements to Oracle Database Vault Simulation Mode o Ability to Grant Data Pump-Database Vault Authorizations to Roles o Oracle Database Vault Support for Oracle Database Replay § Oracle Database 21c (innovation release) o Operational Improvements e.g., no Need to Disable Oracle Database Vault Before Upgrades o Better support for Oracle Multitenant o Uninstalling and Installing Oracle Label Security and Oracle Database Vault Now Supported
18 CONCEPTUAL CONSIDERATIONS
19 RECOMMENDED PREREQUISITES FOR DATABASE VAULT § Existing Database Security Concept covering Users and Roles § Moderate Database Hardening o Database Vault for a DB with holes like a Swiss Emmental makes no sense § Have an idea about Operation and Administration Use Cases o What has to be done by a DB operator? o What activities are performed by a DBA? o => Get an idea of where additional costs might be generated § Have an idea about Application Use Cases o Who is doing what? § Propre data classification or be sure what requires protection § Review what is available o Pre-Defined Oracle Database Vault configuration / guidelines for SAP, People Soft and more
20 DATABASE VAULT ADMINISTRATION USE CASES Administration Task Oracle Database Vault operational controls required? Comments Starting up and shutting down the database No Managing database initialization parameters Yes Some parameters are protected by the ALTER SYSTEM command rule. Managing users and roles Yes Oracle Data Pump Yes Proper Oracle Database Vault authorization should be granted before doing this task. EXPLAIN PLAN Yes PLAN_TABLE should be accessible to DBA.
21 § Not everything what is possible should be done o REALMS o COMMAND RULES o RULES / RULE SET o FACTORES § Use a simple as possible concept § The more complex the configuration, the more vulnerable to vulnerabilities § Plan enough time to application and functional tests § Database Simulation Mode does help KEEP THE CONFIGURATION SIMPLE
22 OBJECT TYPES § Object types that can be protected by realms. Use them all? CLUSTER LIBRARY ROLE DIMENSION MATERIALIZED VIEW SEQUENCE FUNCTION MATERIALIZED VIEW LOG SYNONYM INDEX OPERATOR TABLE INDEX PARTITION PACKAGE TRIGGER INDEXTYPE PROCEDURE TYPE JOB PROGRAM VIEW
23 PL/SQL API BEGIN DVSYS.DBMS_MACADM.CREATE_REALM( realm_name => 'TVD_SCOTT', description => 'Protect highly sensitive SCOTT schema', enabled => 'Y', audit_options => 3, realm_type =>'0' ); END; / § Database Vault is configured using the PL/SQL API § Not that simple for engineering but easy reproducible (script)
24 ORACLE ENTERPRISE MANAGER THE DATABASE VAULT GUI
25 ORACLE ENTERPRISE MANAGER
26 GOOD PRACTICE
27 GOOD PRACTICE AND WHITE PAPERS § Check the security configuration of your database o Oracle Database Security Assessment Tool (DBSAT) and Support Note 2484219.1 o Oracle Data Safe - unified control center for your Oracle databases o CIS Assessor Tool CIS Cat Pro § Do the security audit initially as well on a regular basis o Configuration may change § Consider the Oracle White Papers regarding Oracle Database Vault o Oracle Database Vault DBA Administrative Best Practices o Does provide information about different administration tasks and the impact o Oracle Database Vault Best Practices o General information and best practices for implementing Oracle Database Vault protections
28 § Verify Database Vault configuration using simulation Mode § Configured when creating REALMS or COMMAND RULES § Protection is enabled but not enforces § Violations are reported in DBA_DV_SIMULATION_LOG § Database Vault use either traditional or unified audit § Traditional Audit use DVSYS.AUDIT_TRAIL$ table § Unified Audit does support policy based auditing § All goes to the unified audit train AUDIT AND SIMULATION
29 MANDATORY REALMS § User with object privileges can always access an object § Consider using Mandatory REALMS Mandatory REALMS … § … can block object owners and object privileged users § … provide more flexible configurations for access control § … add a layer of protection during patch upgrades § ... secure tables during runtime § … freeze security settings by preventing changes to configured roles
30 BACKUP ACCOUNTS § DBA or SYSDBA can no longer do everything o Segregation of duties § DV_OWNER is the schema owner o Configure / control Database Vault § DV_ACCMGR is the account manager o Only user who can maintain accounts Loss of passwords for DV_OWNER / DV_ACCMGR means loss of control over Database Vault § Make sure you do have backup accounts with DV_OWNER and DV_ACCMGR o => Also, a risk for a backdoor
31 FURTHER MEASURES
32 ORACLE TRANSPARENT DATA ENCRYPTION § Database Vault provides advanced controls only within the database o REALMS, RULES, FACTORS, COMMAND RULES § No measures for external access o Theft of backups o Disclosure / access to the storage medium o Datafile manipulations e.g., hexedit, strings etc. § Oracle Advanced Security and Transparent Data Encryption is a mandatory companion o Protect data at REST o Secure Backup Thief
33 USE CENTRAL MANAGED USERS / ROLES § Database Vault enforce segregation of duties o DBA is no longer maintaining accounts o Task is handed over e.g., Service Desk, Sec Operation, IAM etc. § Increased effort for decentralized account management § Consider using o Oracle Centrally Managed Users (CMU) o Oracle Enterprise User Security (EUS) § Account Management is done centrally § Ideally integrated with an IAM solution
34 NETWORK ENCRYPTION § By default SQL*Net Traffic is not encrypted § Everybody on the network can read the TCP packets § Encryption on transportation is recommended § Oracle Native SQL*Net encryption using SQLNET.ENCRYPTION_CLIENT or SQLNET.ENCRYPTION_SERVER o Simple and transparent o Does work for any Oracle Client § SSL Network Encryption using Secure Listener TCPS o Requires Certificate o Can be combined with Authentication
35 BASIC SECURITY – CMU AND IAM INTEGRATION
36 PDB ISOLATION A multitenant container database provides the following features beyond regular security measures: § PATH_PREFIX and CREATE_FILE_DEST clause to limit data files and directory objects to certain paths. § PDB_OS_CREDENTIAL parameter assigning a dedicated user account for OS interactions § Lockdown profiles to restrict certain operations or functionalities in a PDBs
37 ALTERNATIVES TO DATABASE VAULT
38 § Third party tools to “monitor” the database access § McAfee Database Activity Monitoring o Running on the Database Server / SGA § Imperva SecureSphare o Network Appliance; Some kind of an application firewall § IBM Guardian o Database / Application firewall § Oracle Database Firewall and Audit Vault Server o Software Appliance § All tools must learn the access rules / firewall rules o More or less; predefined rules are available § Residual risk that the tools can be bypassed ACTIVITY MONITORING / DATABASE FIREWALL
39 CONCLUSION
40 CONCLUSION § Oracle Database Vault has matured o Shortcomings such as those in Oracle 9i, 10g are pass § Advanced controls for a robust protection of sensitive data o On-premises and especially in cloud environments § A clear security concept is a mandatory prerequisite o E.g., user and role concept, hardening, data classification § Accompanying measures such as TDE, CMU, etc. are required § The additional effort is to be verified o E.g., License costs, operating expenses, etc. The question remains whether data is so important that it is worth the effort
TOGETHER WE ARE #1 PARTNER FOR BUSINESSES TO HARNESS THE POWER OF DATA FOR A SMARTER LIFE
42 GOODBYE… § E-Mail stefan.oehrli@trivadis.com § LinkedIn https://www.linkedin.com/in/stefanoehrli/ § Blog www.oradba.ch § Twitter @stefanoehrli STEFAN OEHRLI PLATFORM ARCHITECT Thief Snake Cheetah
DOAG Oracle Database Vault

Recommended

Oracle 12c and its pluggable databases
Oracle 12c and its pluggable databasesOracle 12c and its pluggable databases
Oracle 12c and its pluggable databases
Gustavo Rene Antunez
 
Oracle GoldenGate 21c New Features and Best Practices
Oracle GoldenGate 21c New Features and Best PracticesOracle GoldenGate 21c New Features and Best Practices
Oracle GoldenGate 21c New Features and Best Practices
Bobby Curtis
 
What’s New in Oracle Database 19c - Part 1
What’s New in Oracle Database 19c - Part 1What’s New in Oracle Database 19c - Part 1
What’s New in Oracle Database 19c - Part 1
Satishbabu Gunukula
 
Migration to Oracle Multitenant
Migration to Oracle MultitenantMigration to Oracle Multitenant
Migration to Oracle Multitenant
Jitendra Singh
 
Oracle GoldenGate Roadmap Oracle OpenWorld 2020
Oracle GoldenGate Roadmap Oracle OpenWorld 2020 Oracle GoldenGate Roadmap Oracle OpenWorld 2020
Oracle GoldenGate Roadmap Oracle OpenWorld 2020
Oracle
 
Maximum Availability Architecture - Best Practices for Oracle Database 19c
Maximum Availability Architecture - Best Practices for Oracle Database 19cMaximum Availability Architecture - Best Practices for Oracle Database 19c
Maximum Availability Architecture - Best Practices for Oracle Database 19c
Glen Hawkins
 
Oracle Database Vault
Oracle Database VaultOracle Database Vault
Oracle Database VaultMarco Alamanni
 
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdfOracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
SrirakshaSrinivasan2
 

Recommended

Oracle 12c and its pluggable databases
Oracle 12c and its pluggable databasesOracle 12c and its pluggable databases
Oracle 12c and its pluggable databases
Gustavo Rene Antunez
 
Oracle GoldenGate 21c New Features and Best Practices
Oracle GoldenGate 21c New Features and Best PracticesOracle GoldenGate 21c New Features and Best Practices
Oracle GoldenGate 21c New Features and Best Practices
Bobby Curtis
 
What’s New in Oracle Database 19c - Part 1
What’s New in Oracle Database 19c - Part 1What’s New in Oracle Database 19c - Part 1
What’s New in Oracle Database 19c - Part 1
Satishbabu Gunukula
 
Migration to Oracle Multitenant
Migration to Oracle MultitenantMigration to Oracle Multitenant
Migration to Oracle Multitenant
Jitendra Singh
 
Oracle GoldenGate Roadmap Oracle OpenWorld 2020
Oracle GoldenGate Roadmap Oracle OpenWorld 2020 Oracle GoldenGate Roadmap Oracle OpenWorld 2020
Oracle GoldenGate Roadmap Oracle OpenWorld 2020
Oracle
 
Maximum Availability Architecture - Best Practices for Oracle Database 19c
Maximum Availability Architecture - Best Practices for Oracle Database 19cMaximum Availability Architecture - Best Practices for Oracle Database 19c
Maximum Availability Architecture - Best Practices for Oracle Database 19c
Glen Hawkins
 
Oracle Database Vault
Oracle Database VaultOracle Database Vault
Oracle Database VaultMarco Alamanni
 
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdfOracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
SrirakshaSrinivasan2
 
What to Expect From Oracle database 19c
What to Expect From Oracle database 19cWhat to Expect From Oracle database 19c
What to Expect From Oracle database 19c
Maria Colgan
 
Oracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12cOracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12c
Nabeel Yoosuf
 
Understanding oracle rac internals part 1 - slides
Understanding oracle rac internals part 1 - slidesUnderstanding oracle rac internals part 1 - slides
Understanding oracle rac internals part 1 - slides
Mohamed Farouk
 
Oracle GoldenGate Performance Tuning
Oracle GoldenGate Performance TuningOracle GoldenGate Performance Tuning
Oracle GoldenGate Performance Tuning
Bobby Curtis
 
Oracle Active Data Guard: Best Practices and New Features Deep Dive
Oracle Active Data Guard: Best Practices and New Features Deep Dive Oracle Active Data Guard: Best Practices and New Features Deep Dive
Oracle Active Data Guard: Best Practices and New Features Deep Dive
Glen Hawkins
 
Oracle GoldenGate 18c - REST API Examples
Oracle GoldenGate 18c - REST API ExamplesOracle GoldenGate 18c - REST API Examples
Oracle GoldenGate 18c - REST API Examples
Bobby Curtis
 
Automating Your Clone in E-Business Suite R12.2
Automating Your Clone in E-Business Suite R12.2Automating Your Clone in E-Business Suite R12.2
Automating Your Clone in E-Business Suite R12.2
Michael Brown
 
Oracle RAC 12c Practical Performance Management and Tuning OOW13 [CON8825]
Oracle RAC 12c Practical Performance Management and Tuning OOW13 [CON8825]Oracle RAC 12c Practical Performance Management and Tuning OOW13 [CON8825]
Oracle RAC 12c Practical Performance Management and Tuning OOW13 [CON8825]
Markus Michalewicz
 
Oracle Cloud is Best for Oracle Database - High Availability
Oracle Cloud is Best for Oracle Database - High AvailabilityOracle Cloud is Best for Oracle Database - High Availability
Oracle Cloud is Best for Oracle Database - High Availability
Markus Michalewicz
 
One PDB to go, please!
One PDB to go, please!One PDB to go, please!
One PDB to go, please!
Christian Gohmann
 
Oracle 12c New Features
Oracle 12c New FeaturesOracle 12c New Features
Oracle 12c New Features
Guatemala User Group
 
Oracle ZDM KamaleshRamasamy Sangam2020
Oracle ZDM KamaleshRamasamy Sangam2020Oracle ZDM KamaleshRamasamy Sangam2020
Oracle ZDM KamaleshRamasamy Sangam2020
Kamalesh Ramasamy
 
ORACLE 12C DATA GUARD: FAR SYNC, REAL-TIME CASCADE STANDBY AND OTHER GOODIES
ORACLE 12C DATA GUARD: FAR SYNC, REAL-TIME CASCADE STANDBY AND OTHER GOODIESORACLE 12C DATA GUARD: FAR SYNC, REAL-TIME CASCADE STANDBY AND OTHER GOODIES
ORACLE 12C DATA GUARD: FAR SYNC, REAL-TIME CASCADE STANDBY AND OTHER GOODIES
Ludovico Caldara
 
Oracle 12c Multitenant architecture
Oracle 12c Multitenant architectureOracle 12c Multitenant architecture
Oracle 12c Multitenant architecture
naderattia
 
E34 : [JPOUG Presents] Oracle Database の隠されている様々な謎を解くセッション「なーんでだ?」再び @ db tec...
E34 : [JPOUG Presents] Oracle Database の隠されている様々な謎を解くセッション「なーんでだ?」再び @ db tec...E34 : [JPOUG Presents] Oracle Database の隠されている様々な謎を解くセッション「なーんでだ?」再び @ db tec...
E34 : [JPOUG Presents] Oracle Database の隠されている様々な謎を解くセッション「なーんでだ?」再び @ db tec...
Hiroshi Sekiguchi
 
Deep review of LMS process
Deep review of LMS processDeep review of LMS process
Deep review of LMS process
Riyaj Shamsudeen
 
Oracle Real Application Clusters 19c- Best Practices and Internals- EMEA Tour...
Oracle Real Application Clusters 19c- Best Practices and Internals- EMEA Tour...Oracle Real Application Clusters 19c- Best Practices and Internals- EMEA Tour...
Oracle Real Application Clusters 19c- Best Practices and Internals- EMEA Tour...
Sandesh Rao
 
Why oracle data guard new features in oracle 18c, 19c
Why oracle data guard new features in oracle 18c, 19cWhy oracle data guard new features in oracle 18c, 19c
Why oracle data guard new features in oracle 18c, 19c
Satishbabu Gunukula
 
MySQL Shell for Database Engineers
MySQL Shell for Database EngineersMySQL Shell for Database Engineers
MySQL Shell for Database Engineers
Mydbops
 
Oracle RAC 19c and Later - Best Practices #OOWLON
Oracle RAC 19c and Later - Best Practices #OOWLONOracle RAC 19c and Later - Best Practices #OOWLON
Oracle RAC 19c and Later - Best Practices #OOWLON
Markus Michalewicz
 
Vault_KT.pptx
Vault_KT.pptxVault_KT.pptx
Vault_KT.pptx
SDPL Technologies
 
Database security best_practices
Database security best_practicesDatabase security best_practices
Database security best_practicesTarik Essawi
 

More Related Content

What's hot

What to Expect From Oracle database 19c
What to Expect From Oracle database 19cWhat to Expect From Oracle database 19c
What to Expect From Oracle database 19c
Maria Colgan
 
Oracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12cOracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12c
Nabeel Yoosuf
 
Understanding oracle rac internals part 1 - slides
Understanding oracle rac internals part 1 - slidesUnderstanding oracle rac internals part 1 - slides
Understanding oracle rac internals part 1 - slides
Mohamed Farouk
 
Oracle GoldenGate Performance Tuning
Oracle GoldenGate Performance TuningOracle GoldenGate Performance Tuning
Oracle GoldenGate Performance Tuning
Bobby Curtis
 
Oracle Active Data Guard: Best Practices and New Features Deep Dive
Oracle Active Data Guard: Best Practices and New Features Deep Dive Oracle Active Data Guard: Best Practices and New Features Deep Dive
Oracle Active Data Guard: Best Practices and New Features Deep Dive
Glen Hawkins
 
Oracle GoldenGate 18c - REST API Examples
Oracle GoldenGate 18c - REST API ExamplesOracle GoldenGate 18c - REST API Examples
Oracle GoldenGate 18c - REST API Examples
Bobby Curtis
 
Automating Your Clone in E-Business Suite R12.2
Automating Your Clone in E-Business Suite R12.2Automating Your Clone in E-Business Suite R12.2
Automating Your Clone in E-Business Suite R12.2
Michael Brown
 
Oracle RAC 12c Practical Performance Management and Tuning OOW13 [CON8825]
Oracle RAC 12c Practical Performance Management and Tuning OOW13 [CON8825]Oracle RAC 12c Practical Performance Management and Tuning OOW13 [CON8825]
Oracle RAC 12c Practical Performance Management and Tuning OOW13 [CON8825]
Markus Michalewicz
 
Oracle Cloud is Best for Oracle Database - High Availability
Oracle Cloud is Best for Oracle Database - High AvailabilityOracle Cloud is Best for Oracle Database - High Availability
Oracle Cloud is Best for Oracle Database - High Availability
Markus Michalewicz
 
One PDB to go, please!
One PDB to go, please!One PDB to go, please!
One PDB to go, please!
Christian Gohmann
 
Oracle 12c New Features
Oracle 12c New FeaturesOracle 12c New Features
Oracle 12c New Features
Guatemala User Group
 
Oracle ZDM KamaleshRamasamy Sangam2020
Oracle ZDM KamaleshRamasamy Sangam2020Oracle ZDM KamaleshRamasamy Sangam2020
Oracle ZDM KamaleshRamasamy Sangam2020
Kamalesh Ramasamy
 
ORACLE 12C DATA GUARD: FAR SYNC, REAL-TIME CASCADE STANDBY AND OTHER GOODIES
ORACLE 12C DATA GUARD: FAR SYNC, REAL-TIME CASCADE STANDBY AND OTHER GOODIESORACLE 12C DATA GUARD: FAR SYNC, REAL-TIME CASCADE STANDBY AND OTHER GOODIES
ORACLE 12C DATA GUARD: FAR SYNC, REAL-TIME CASCADE STANDBY AND OTHER GOODIES
Ludovico Caldara
 
Oracle 12c Multitenant architecture
Oracle 12c Multitenant architectureOracle 12c Multitenant architecture
Oracle 12c Multitenant architecture
naderattia
 
E34 : [JPOUG Presents] Oracle Database の隠されている様々な謎を解くセッション「なーんでだ?」再び @ db tec...
E34 : [JPOUG Presents] Oracle Database の隠されている様々な謎を解くセッション「なーんでだ?」再び @ db tec...E34 : [JPOUG Presents] Oracle Database の隠されている様々な謎を解くセッション「なーんでだ?」再び @ db tec...
E34 : [JPOUG Presents] Oracle Database の隠されている様々な謎を解くセッション「なーんでだ?」再び @ db tec...
Hiroshi Sekiguchi
 
Deep review of LMS process
Deep review of LMS processDeep review of LMS process
Deep review of LMS process
Riyaj Shamsudeen
 
Oracle Real Application Clusters 19c- Best Practices and Internals- EMEA Tour...
Oracle Real Application Clusters 19c- Best Practices and Internals- EMEA Tour...Oracle Real Application Clusters 19c- Best Practices and Internals- EMEA Tour...
Oracle Real Application Clusters 19c- Best Practices and Internals- EMEA Tour...
Sandesh Rao
 
Why oracle data guard new features in oracle 18c, 19c
Why oracle data guard new features in oracle 18c, 19cWhy oracle data guard new features in oracle 18c, 19c
Why oracle data guard new features in oracle 18c, 19c
Satishbabu Gunukula
 
MySQL Shell for Database Engineers
MySQL Shell for Database EngineersMySQL Shell for Database Engineers
MySQL Shell for Database Engineers
Mydbops
 
Oracle RAC 19c and Later - Best Practices #OOWLON
Oracle RAC 19c and Later - Best Practices #OOWLONOracle RAC 19c and Later - Best Practices #OOWLON
Oracle RAC 19c and Later - Best Practices #OOWLON
Markus Michalewicz
 

What's hot (20)

What to Expect From Oracle database 19c
What to Expect From Oracle database 19cWhat to Expect From Oracle database 19c
What to Expect From Oracle database 19c
 
Oracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12cOracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12c
 
Understanding oracle rac internals part 1 - slides
Understanding oracle rac internals part 1 - slidesUnderstanding oracle rac internals part 1 - slides
Understanding oracle rac internals part 1 - slides
 
Oracle GoldenGate Performance Tuning
Oracle GoldenGate Performance TuningOracle GoldenGate Performance Tuning
Oracle GoldenGate Performance Tuning
 
Oracle Active Data Guard: Best Practices and New Features Deep Dive
Oracle Active Data Guard: Best Practices and New Features Deep Dive Oracle Active Data Guard: Best Practices and New Features Deep Dive
Oracle Active Data Guard: Best Practices and New Features Deep Dive
 
Oracle GoldenGate 18c - REST API Examples
Oracle GoldenGate 18c - REST API ExamplesOracle GoldenGate 18c - REST API Examples
Oracle GoldenGate 18c - REST API Examples
 
Automating Your Clone in E-Business Suite R12.2
Automating Your Clone in E-Business Suite R12.2Automating Your Clone in E-Business Suite R12.2
Automating Your Clone in E-Business Suite R12.2
 
Oracle RAC 12c Practical Performance Management and Tuning OOW13 [CON8825]
Oracle RAC 12c Practical Performance Management and Tuning OOW13 [CON8825]Oracle RAC 12c Practical Performance Management and Tuning OOW13 [CON8825]
Oracle RAC 12c Practical Performance Management and Tuning OOW13 [CON8825]
 
Oracle Cloud is Best for Oracle Database - High Availability
Oracle Cloud is Best for Oracle Database - High AvailabilityOracle Cloud is Best for Oracle Database - High Availability
Oracle Cloud is Best for Oracle Database - High Availability
 
One PDB to go, please!
One PDB to go, please!One PDB to go, please!
One PDB to go, please!
 
Oracle 12c New Features
Oracle 12c New FeaturesOracle 12c New Features
Oracle 12c New Features
 
Oracle ZDM KamaleshRamasamy Sangam2020
Oracle ZDM KamaleshRamasamy Sangam2020Oracle ZDM KamaleshRamasamy Sangam2020
Oracle ZDM KamaleshRamasamy Sangam2020
 
ORACLE 12C DATA GUARD: FAR SYNC, REAL-TIME CASCADE STANDBY AND OTHER GOODIES
ORACLE 12C DATA GUARD: FAR SYNC, REAL-TIME CASCADE STANDBY AND OTHER GOODIESORACLE 12C DATA GUARD: FAR SYNC, REAL-TIME CASCADE STANDBY AND OTHER GOODIES
ORACLE 12C DATA GUARD: FAR SYNC, REAL-TIME CASCADE STANDBY AND OTHER GOODIES
 
Oracle 12c Multitenant architecture
Oracle 12c Multitenant architectureOracle 12c Multitenant architecture
Oracle 12c Multitenant architecture
 
E34 : [JPOUG Presents] Oracle Database の隠されている様々な謎を解くセッション「なーんでだ?」再び @ db tec...
E34 : [JPOUG Presents] Oracle Database の隠されている様々な謎を解くセッション「なーんでだ?」再び @ db tec...E34 : [JPOUG Presents] Oracle Database の隠されている様々な謎を解くセッション「なーんでだ?」再び @ db tec...
E34 : [JPOUG Presents] Oracle Database の隠されている様々な謎を解くセッション「なーんでだ?」再び @ db tec...
 
Deep review of LMS process
Deep review of LMS processDeep review of LMS process
Deep review of LMS process
 
Oracle Real Application Clusters 19c- Best Practices and Internals- EMEA Tour...
Oracle Real Application Clusters 19c- Best Practices and Internals- EMEA Tour...Oracle Real Application Clusters 19c- Best Practices and Internals- EMEA Tour...
Oracle Real Application Clusters 19c- Best Practices and Internals- EMEA Tour...
 
Why oracle data guard new features in oracle 18c, 19c
Why oracle data guard new features in oracle 18c, 19cWhy oracle data guard new features in oracle 18c, 19c
Why oracle data guard new features in oracle 18c, 19c
 
MySQL Shell for Database Engineers
MySQL Shell for Database EngineersMySQL Shell for Database Engineers
MySQL Shell for Database Engineers
 
Oracle RAC 19c and Later - Best Practices #OOWLON
Oracle RAC 19c and Later - Best Practices #OOWLONOracle RAC 19c and Later - Best Practices #OOWLON
Oracle RAC 19c and Later - Best Practices #OOWLON
 

Similar to DOAG Oracle Database Vault

Vault_KT.pptx
Vault_KT.pptxVault_KT.pptx
Vault_KT.pptx
SDPL Technologies
 
Database security best_practices
Database security best_practicesDatabase security best_practices
Database security best_practicesTarik Essawi
 
2008 Collaborate IOUG Presentation
2008 Collaborate IOUG Presentation2008 Collaborate IOUG Presentation
2008 Collaborate IOUG Presentation
Biju Thomas
 
MySQL Webinar 2/4 Performance tuning, hardware, optimisation
MySQL Webinar 2/4 Performance tuning, hardware, optimisationMySQL Webinar 2/4 Performance tuning, hardware, optimisation
MySQL Webinar 2/4 Performance tuning, hardware, optimisation
Mark Swarbrick
 
Securing data in Oracle Database 12c - 2015
Securing data in Oracle Database 12c - 2015Securing data in Oracle Database 12c - 2015
Securing data in Oracle Database 12c - 2015
Connor McDonald
 
Oracle Security Presentation
Oracle Security PresentationOracle Security Presentation
Oracle Security Presentation
Francisco Alvarez
 
Databse & Technology 2 _ Francisco Munoz Alvarez _ Oracle Security Tips - Som...
Databse & Technology 2 _ Francisco Munoz Alvarez _ Oracle Security Tips - Som...Databse & Technology 2 _ Francisco Munoz Alvarez _ Oracle Security Tips - Som...
Databse & Technology 2 _ Francisco Munoz Alvarez _ Oracle Security Tips - Som...InSync2011
 
Oracle data guard for beginners
Oracle data guard for beginnersOracle data guard for beginners
Oracle data guard for beginners
Pini Dibask
 
Oracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and MaskingOracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and Masking
DLT Solutions
 
DBA Tasks in Oracle Autonomous Database
DBA Tasks in Oracle Autonomous DatabaseDBA Tasks in Oracle Autonomous Database
DBA Tasks in Oracle Autonomous Database
SinanPetrusToma
 
SOUG Day Oracle 21c New Security Features
SOUG Day Oracle 21c New Security FeaturesSOUG Day Oracle 21c New Security Features
SOUG Day Oracle 21c New Security Features
Stefan Oehrli
 
Flashback in OCI
Flashback in OCIFlashback in OCI
Flashback in OCI
Tércio Costa
 
IOUG Collaborate 18 - Data Guard for Beginners
IOUG Collaborate 18 - Data Guard for BeginnersIOUG Collaborate 18 - Data Guard for Beginners
IOUG Collaborate 18 - Data Guard for Beginners
Pini Dibask
 
Oracle Data Guard for Beginners
Oracle Data Guard for BeginnersOracle Data Guard for Beginners
Oracle Data Guard for Beginners
Pini Dibask
 
[db tech showcase Tokyo 2018] #dbts2018 #B31 『1,2,3 and Done! 3 easy ways to ...
[db tech showcase Tokyo 2018] #dbts2018 #B31 『1,2,3 and Done! 3 easy ways to ...[db tech showcase Tokyo 2018] #dbts2018 #B31 『1,2,3 and Done! 3 easy ways to ...
[db tech showcase Tokyo 2018] #dbts2018 #B31 『1,2,3 and Done! 3 easy ways to ...
Insight Technology, Inc.
 
Ingres For Oracle Users
Ingres For Oracle UsersIngres For Oracle Users
Ingres For Oracle Users
Michael Sale
 
Improve oracle 12c security
Improve oracle 12c securityImprove oracle 12c security
Improve oracle 12c security
Laurent Leturgez
 
Improving oracle12c security
Improving oracle12c securityImproving oracle12c security
Improving oracle12c security
Laurent Leturgez
 
IaC MeetUp Active Directory Setup for Oracle Security LAB
IaC MeetUp Active Directory Setup for Oracle Security LABIaC MeetUp Active Directory Setup for Oracle Security LAB
IaC MeetUp Active Directory Setup for Oracle Security LAB
Stefan Oehrli
 
Security in oracle
Security in oracleSecurity in oracle
Security in oracle
ssuser40bb47
 

Similar to DOAG Oracle Database Vault (20)

Vault_KT.pptx
Vault_KT.pptxVault_KT.pptx
Vault_KT.pptx
 
Database security best_practices
Database security best_practicesDatabase security best_practices
Database security best_practices
 
2008 Collaborate IOUG Presentation
2008 Collaborate IOUG Presentation2008 Collaborate IOUG Presentation
2008 Collaborate IOUG Presentation
 
MySQL Webinar 2/4 Performance tuning, hardware, optimisation
MySQL Webinar 2/4 Performance tuning, hardware, optimisationMySQL Webinar 2/4 Performance tuning, hardware, optimisation
MySQL Webinar 2/4 Performance tuning, hardware, optimisation
 
Securing data in Oracle Database 12c - 2015
Securing data in Oracle Database 12c - 2015Securing data in Oracle Database 12c - 2015
Securing data in Oracle Database 12c - 2015
 
Oracle Security Presentation
Oracle Security PresentationOracle Security Presentation
Oracle Security Presentation
 
Databse & Technology 2 _ Francisco Munoz Alvarez _ Oracle Security Tips - Som...
Databse & Technology 2 _ Francisco Munoz Alvarez _ Oracle Security Tips - Som...Databse & Technology 2 _ Francisco Munoz Alvarez _ Oracle Security Tips - Som...
Databse & Technology 2 _ Francisco Munoz Alvarez _ Oracle Security Tips - Som...
 
Oracle data guard for beginners
Oracle data guard for beginnersOracle data guard for beginners
Oracle data guard for beginners
 
Oracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and MaskingOracle Key Vault Data Subsetting and Masking
Oracle Key Vault Data Subsetting and Masking
 
DBA Tasks in Oracle Autonomous Database
DBA Tasks in Oracle Autonomous DatabaseDBA Tasks in Oracle Autonomous Database
DBA Tasks in Oracle Autonomous Database
 
SOUG Day Oracle 21c New Security Features
SOUG Day Oracle 21c New Security FeaturesSOUG Day Oracle 21c New Security Features
SOUG Day Oracle 21c New Security Features
 
Flashback in OCI
Flashback in OCIFlashback in OCI
Flashback in OCI
 
IOUG Collaborate 18 - Data Guard for Beginners
IOUG Collaborate 18 - Data Guard for BeginnersIOUG Collaborate 18 - Data Guard for Beginners
IOUG Collaborate 18 - Data Guard for Beginners
 
Oracle Data Guard for Beginners
Oracle Data Guard for BeginnersOracle Data Guard for Beginners
Oracle Data Guard for Beginners
 
[db tech showcase Tokyo 2018] #dbts2018 #B31 『1,2,3 and Done! 3 easy ways to ...
[db tech showcase Tokyo 2018] #dbts2018 #B31 『1,2,3 and Done! 3 easy ways to ...[db tech showcase Tokyo 2018] #dbts2018 #B31 『1,2,3 and Done! 3 easy ways to ...
[db tech showcase Tokyo 2018] #dbts2018 #B31 『1,2,3 and Done! 3 easy ways to ...
 
Ingres For Oracle Users
Ingres For Oracle UsersIngres For Oracle Users
Ingres For Oracle Users
 
Improve oracle 12c security
Improve oracle 12c securityImprove oracle 12c security
Improve oracle 12c security
 
Improving oracle12c security
Improving oracle12c securityImproving oracle12c security
Improving oracle12c security
 
IaC MeetUp Active Directory Setup for Oracle Security LAB
IaC MeetUp Active Directory Setup for Oracle Security LABIaC MeetUp Active Directory Setup for Oracle Security LAB
IaC MeetUp Active Directory Setup for Oracle Security LAB
 
Security in oracle
Security in oracleSecurity in oracle
Security in oracle
 

More from Stefan Oehrli

OracleBeer_Terraform_soe.pdf
OracleBeer_Terraform_soe.pdfOracleBeer_Terraform_soe.pdf
OracleBeer_Terraform_soe.pdf
Stefan Oehrli
 
AUSOUG Oracle Password Security
AUSOUG Oracle Password SecurityAUSOUG Oracle Password Security
AUSOUG Oracle Password Security
Stefan Oehrli
 
Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!
Stefan Oehrli
 
SOUG PDB Security, Isolation and DB Nest 20c
SOUG PDB Security, Isolation and DB Nest 20cSOUG PDB Security, Isolation and DB Nest 20c
SOUG PDB Security, Isolation and DB Nest 20c
Stefan Oehrli
 
Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!
Stefan Oehrli
 
Oracle Cloud deployment with Terraform
Oracle Cloud deployment with TerraformOracle Cloud deployment with Terraform
Oracle Cloud deployment with Terraform
Stefan Oehrli
 
DOAG Oracle Unified Audit in Multitenant Environments
DOAG Oracle Unified Audit in Multitenant EnvironmentsDOAG Oracle Unified Audit in Multitenant Environments
DOAG Oracle Unified Audit in Multitenant Environments
Stefan Oehrli
 
SOUG Oracle Unified Audit for Multitenant Databases
SOUG Oracle Unified Audit for Multitenant DatabasesSOUG Oracle Unified Audit for Multitenant Databases
SOUG Oracle Unified Audit for Multitenant Databases
Stefan Oehrli
 
UKOUG Techfest 2019 Central user Administration of Oracle Databases
UKOUG Techfest 2019 Central user Administration of Oracle DatabasesUKOUG Techfest 2019 Central user Administration of Oracle Databases
UKOUG Techfest 2019 Central user Administration of Oracle Databases
Stefan Oehrli
 
UKOUG TechFest PDB Isolation and Security
UKOUG TechFest PDB Isolation and SecurityUKOUG TechFest PDB Isolation and Security
UKOUG TechFest PDB Isolation and Security
Stefan Oehrli
 
Trivadis triCast Oracle Centrally Managed Users 18/19c
Trivadis triCast Oracle Centrally Managed Users 18/19cTrivadis triCast Oracle Centrally Managed Users 18/19c
Trivadis triCast Oracle Centrally Managed Users 18/19c
Stefan Oehrli
 
Oracle und Docker
Oracle und DockerOracle und Docker
Oracle und Docker
Stefan Oehrli
 
Oracle and Docker
Oracle and DockerOracle and Docker
Oracle and Docker
Stefan Oehrli
 
AOUG 2019 Oracle Centrally Managed Users 18c / 19c
AOUG 2019 Oracle Centrally Managed Users 18c / 19cAOUG 2019 Oracle Centrally Managed Users 18c / 19c
AOUG 2019 Oracle Centrally Managed Users 18c / 19c
Stefan Oehrli
 
DOAG Webinar Oracle und Docker
DOAG Webinar Oracle und DockerDOAG Webinar Oracle und Docker
DOAG Webinar Oracle und Docker
Stefan Oehrli
 

More from Stefan Oehrli (15)

OracleBeer_Terraform_soe.pdf
OracleBeer_Terraform_soe.pdfOracleBeer_Terraform_soe.pdf
OracleBeer_Terraform_soe.pdf
 
AUSOUG Oracle Password Security
AUSOUG Oracle Password SecurityAUSOUG Oracle Password Security
AUSOUG Oracle Password Security
 
Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!
 
SOUG PDB Security, Isolation and DB Nest 20c
SOUG PDB Security, Isolation and DB Nest 20cSOUG PDB Security, Isolation and DB Nest 20c
SOUG PDB Security, Isolation and DB Nest 20c
 
Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!
 
Oracle Cloud deployment with Terraform
Oracle Cloud deployment with TerraformOracle Cloud deployment with Terraform
Oracle Cloud deployment with Terraform
 
DOAG Oracle Unified Audit in Multitenant Environments
DOAG Oracle Unified Audit in Multitenant EnvironmentsDOAG Oracle Unified Audit in Multitenant Environments
DOAG Oracle Unified Audit in Multitenant Environments
 
SOUG Oracle Unified Audit for Multitenant Databases
SOUG Oracle Unified Audit for Multitenant DatabasesSOUG Oracle Unified Audit for Multitenant Databases
SOUG Oracle Unified Audit for Multitenant Databases
 
UKOUG Techfest 2019 Central user Administration of Oracle Databases
UKOUG Techfest 2019 Central user Administration of Oracle DatabasesUKOUG Techfest 2019 Central user Administration of Oracle Databases
UKOUG Techfest 2019 Central user Administration of Oracle Databases
 
UKOUG TechFest PDB Isolation and Security
UKOUG TechFest PDB Isolation and SecurityUKOUG TechFest PDB Isolation and Security
UKOUG TechFest PDB Isolation and Security
 
Trivadis triCast Oracle Centrally Managed Users 18/19c
Trivadis triCast Oracle Centrally Managed Users 18/19cTrivadis triCast Oracle Centrally Managed Users 18/19c
Trivadis triCast Oracle Centrally Managed Users 18/19c
 
Oracle und Docker
Oracle und DockerOracle und Docker
Oracle und Docker
 
Oracle and Docker
Oracle and DockerOracle and Docker
Oracle and Docker
 
AOUG 2019 Oracle Centrally Managed Users 18c / 19c
AOUG 2019 Oracle Centrally Managed Users 18c / 19cAOUG 2019 Oracle Centrally Managed Users 18c / 19c
AOUG 2019 Oracle Centrally Managed Users 18c / 19c
 
DOAG Webinar Oracle und Docker
DOAG Webinar Oracle und DockerDOAG Webinar Oracle und Docker
DOAG Webinar Oracle und Docker
 

Recently uploaded

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 

Recently uploaded (20)

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 

DOAG Oracle Database Vault

  • 1. ORACLE DATABASE VAULT Protection from Thieves, Snakes,...
  • 2. 2 § Together we are 1500 specialists at 34 locations in Switzerland, Germany and Austria with a focus on Data & Applied Intelligence. § Together we support you in the intelligent end-to-end use of your data. § We cover the entire spectrum: from the development and operation of data platforms and solutions, to the refinement of data as well as consulting and training. § We achieve this through the unique combination of Trivadis' technological expertise and Accenture's strategic know-how in the field of data. TRIVADIS & ACCENTURE: #1 FOR DATA & AI
  • 3. 3 OUR RANGE OF SERVICE BUSINESS ANALYTICS BUSINESS AUTOMATION MODERNE DATEN- PLATTFORMEN MODERNE CLOUD- INFRASTRUKTUR
  • 4. 4 VISIT OUR BOOTH IN GATHER.TOWN - STAGE 1 § Find us on stage 1 to the right of the escalator § Play our game «ALPAKA» § Meet our experts at the booth § Attend the interview about the joint future of Trivadis and Accenture on Thursday, 18.11.2021, 11:50h (DOAG Studio)
  • 5. 5 HALLO, GRÜESSECH, HI! § Since 1997 active in various IT areas § More than 24 years of experience in Oracle databases § Focus: Protecting data and operating databases securely o Security assessments and reviews o Database security concepts and their implementation o Oracle Backup & Recovery concepts and troubleshooting o Oracle Enterprise User and Advanced Security, DB Vault, … o Oracle Directory Services § Co-author of the book The Oracle DBA (Hanser, 2016/07) STEFAN OEHRLI PLATFORM ARCHITECT
  • 6. 6 AGENDA § Introduction § Oracle Database Vault in a Nutshell § Latest Database Vault Features § Conceptual Considerations § Good Practice § Further Measures § Alternatives to Database Vault § Conclusion Thief Snake Cheetah
  • 8. 8 PROTECT FROM WHOM? § Theft of backups § Disclosure / access to the storage medium § Datafile (modification, access) Thief Snake Cheetah § Privileges escalation § Improper use of rights § Vulnerabilities and misconfiguration § Excessive and unnecessary user authorizations § Denial of Service § Unmonitored sensitive data § Input Injection / SQL Injection
  • 9. 9 THE PROBLEM § Database with classified data o Individual Objects o Schemas or whole database § High privileges users are not allowed to read / modify data o User with ANY privileges o User with administrative privileges e.g., SYSDBA o OS user oracle o OS super user like root § No segregation of duties enforced Highly privileged users can basically read everything or assign themselves the appropriate rights.
  • 11. 11 ORACLE DATABASE VAULT… § …provides advanced controls for sensitive data o Basic security concept is still necessary respectively even mandatory § … integrated with existing security measures and features o Transparent Data Encryption o Oracle Multitenant architecture o Enterprise User Security o Secure Application Roles, Data Redaction, Virtual Private Database and other security features § … implements a few basic security measures by just switching it on. o Update existing database roles o Modify some commands by adding command rules o Change some init.ora parameter
  • 12. 12 DATABASE VAULT BASIC FEATURES § Controls for privileged accounts § Controls for database configuration § Enforce separation of duty out of the box § Operation Control and Manageability o Day to day DB Administration ”as usual” under the premise of separation of duties § Integration through a change of binaries § Database Vault is based on the existing access and protection § Rule sets for four eyes principle possible § Only data in a realm is protected o A realm is a functional group of schemas and roles o A realm must be set up after activation of Database Vault
  • 13. 14 ACCESS WORKFLOW § Verify if object is protected by a REALM § Verify if a ANY or system privilege is used § Check if REALM is mandatory § User must be part of the REALM § Is there a RULE SET defined? § How does the RULE SET evaluate? § Is there a COMMAND RULE defined? § Command is either executed or not
  • 14. 15 DATABASE VAULT REALM EXAMPLE
  • 16. 17 MAJOR ENHANCEMENTS OVER THE PAST RELEASES § Oracle Database 12c Release 1 and 2 o Introduction of the Oracle Database Vault Simulation Mode o Vault Mandatory Realms e.g., to control access to own objects § Oracle Database 19c o Enhanced support for Unified Audit Policies o Database Vault Operations Control for Infrastructure Database Administrators in Oracle Multitenant o Enhancements to Oracle Database Vault Simulation Mode o Ability to Grant Data Pump-Database Vault Authorizations to Roles o Oracle Database Vault Support for Oracle Database Replay § Oracle Database 21c (innovation release) o Operational Improvements e.g., no Need to Disable Oracle Database Vault Before Upgrades o Better support for Oracle Multitenant o Uninstalling and Installing Oracle Label Security and Oracle Database Vault Now Supported
  • 18. 19 RECOMMENDED PREREQUISITES FOR DATABASE VAULT § Existing Database Security Concept covering Users and Roles § Moderate Database Hardening o Database Vault for a DB with holes like a Swiss Emmental makes no sense § Have an idea about Operation and Administration Use Cases o What has to be done by a DB operator? o What activities are performed by a DBA? o => Get an idea of where additional costs might be generated § Have an idea about Application Use Cases o Who is doing what? § Propre data classification or be sure what requires protection § Review what is available o Pre-Defined Oracle Database Vault configuration / guidelines for SAP, People Soft and more
  • 19. 20 DATABASE VAULT ADMINISTRATION USE CASES Administration Task Oracle Database Vault operational controls required? Comments Starting up and shutting down the database No Managing database initialization parameters Yes Some parameters are protected by the ALTER SYSTEM command rule. Managing users and roles Yes Oracle Data Pump Yes Proper Oracle Database Vault authorization should be granted before doing this task. EXPLAIN PLAN Yes PLAN_TABLE should be accessible to DBA.
  • 20. 21 § Not everything what is possible should be done o REALMS o COMMAND RULES o RULES / RULE SET o FACTORES § Use a simple as possible concept § The more complex the configuration, the more vulnerable to vulnerabilities § Plan enough time to application and functional tests § Database Simulation Mode does help KEEP THE CONFIGURATION SIMPLE
  • 21. 22 OBJECT TYPES § Object types that can be protected by realms. Use them all? CLUSTER LIBRARY ROLE DIMENSION MATERIALIZED VIEW SEQUENCE FUNCTION MATERIALIZED VIEW LOG SYNONYM INDEX OPERATOR TABLE INDEX PARTITION PACKAGE TRIGGER INDEXTYPE PROCEDURE TYPE JOB PROGRAM VIEW
  • 22. 23 PL/SQL API BEGIN DVSYS.DBMS_MACADM.CREATE_REALM( realm_name => 'TVD_SCOTT', description => 'Protect highly sensitive SCOTT schema', enabled => 'Y', audit_options => 3, realm_type =>'0' ); END; / § Database Vault is configured using the PL/SQL API § Not that simple for engineering but easy reproducible (script)
  • 23. 24 ORACLE ENTERPRISE MANAGER THE DATABASE VAULT GUI
  • 26. 27 GOOD PRACTICE AND WHITE PAPERS § Check the security configuration of your database o Oracle Database Security Assessment Tool (DBSAT) and Support Note 2484219.1 o Oracle Data Safe - unified control center for your Oracle databases o CIS Assessor Tool CIS Cat Pro § Do the security audit initially as well on a regular basis o Configuration may change § Consider the Oracle White Papers regarding Oracle Database Vault o Oracle Database Vault DBA Administrative Best Practices o Does provide information about different administration tasks and the impact o Oracle Database Vault Best Practices o General information and best practices for implementing Oracle Database Vault protections
  • 27. 28 § Verify Database Vault configuration using simulation Mode § Configured when creating REALMS or COMMAND RULES § Protection is enabled but not enforces § Violations are reported in DBA_DV_SIMULATION_LOG § Database Vault use either traditional or unified audit § Traditional Audit use DVSYS.AUDIT_TRAIL$ table § Unified Audit does support policy based auditing § All goes to the unified audit train AUDIT AND SIMULATION
  • 28. 29 MANDATORY REALMS § User with object privileges can always access an object § Consider using Mandatory REALMS Mandatory REALMS … § … can block object owners and object privileged users § … provide more flexible configurations for access control § … add a layer of protection during patch upgrades § ... secure tables during runtime § … freeze security settings by preventing changes to configured roles
  • 29. 30 BACKUP ACCOUNTS § DBA or SYSDBA can no longer do everything o Segregation of duties § DV_OWNER is the schema owner o Configure / control Database Vault § DV_ACCMGR is the account manager o Only user who can maintain accounts Loss of passwords for DV_OWNER / DV_ACCMGR means loss of control over Database Vault § Make sure you do have backup accounts with DV_OWNER and DV_ACCMGR o => Also, a risk for a backdoor
  • 31. 32 ORACLE TRANSPARENT DATA ENCRYPTION § Database Vault provides advanced controls only within the database o REALMS, RULES, FACTORS, COMMAND RULES § No measures for external access o Theft of backups o Disclosure / access to the storage medium o Datafile manipulations e.g., hexedit, strings etc. § Oracle Advanced Security and Transparent Data Encryption is a mandatory companion o Protect data at REST o Secure Backup Thief
  • 32. 33 USE CENTRAL MANAGED USERS / ROLES § Database Vault enforce segregation of duties o DBA is no longer maintaining accounts o Task is handed over e.g., Service Desk, Sec Operation, IAM etc. § Increased effort for decentralized account management § Consider using o Oracle Centrally Managed Users (CMU) o Oracle Enterprise User Security (EUS) § Account Management is done centrally § Ideally integrated with an IAM solution
  • 33. 34 NETWORK ENCRYPTION § By default SQL*Net Traffic is not encrypted § Everybody on the network can read the TCP packets § Encryption on transportation is recommended § Oracle Native SQL*Net encryption using SQLNET.ENCRYPTION_CLIENT or SQLNET.ENCRYPTION_SERVER o Simple and transparent o Does work for any Oracle Client § SSL Network Encryption using Secure Listener TCPS o Requires Certificate o Can be combined with Authentication
  • 34. 35 BASIC SECURITY – CMU AND IAM INTEGRATION
  • 35. 36 PDB ISOLATION A multitenant container database provides the following features beyond regular security measures: § PATH_PREFIX and CREATE_FILE_DEST clause to limit data files and directory objects to certain paths. § PDB_OS_CREDENTIAL parameter assigning a dedicated user account for OS interactions § Lockdown profiles to restrict certain operations or functionalities in a PDBs
  • 37. 38 § Third party tools to “monitor” the database access § McAfee Database Activity Monitoring o Running on the Database Server / SGA § Imperva SecureSphare o Network Appliance; Some kind of an application firewall § IBM Guardian o Database / Application firewall § Oracle Database Firewall and Audit Vault Server o Software Appliance § All tools must learn the access rules / firewall rules o More or less; predefined rules are available § Residual risk that the tools can be bypassed ACTIVITY MONITORING / DATABASE FIREWALL
  • 39. 40 CONCLUSION § Oracle Database Vault has matured o Shortcomings such as those in Oracle 9i, 10g are pass § Advanced controls for a robust protection of sensitive data o On-premises and especially in cloud environments § A clear security concept is a mandatory prerequisite o E.g., user and role concept, hardening, data classification § Accompanying measures such as TDE, CMU, etc. are required § The additional effort is to be verified o E.g., License costs, operating expenses, etc. The question remains whether data is so important that it is worth the effort
  • 40. TOGETHER WE ARE #1 PARTNER FOR BUSINESSES TO HARNESS THE POWER OF DATA FOR A SMARTER LIFE
  • 41. 42 GOODBYE… § E-Mail stefan.oehrli@trivadis.com § LinkedIn https://www.linkedin.com/in/stefanoehrli/ § Blog www.oradba.ch § Twitter @stefanoehrli STEFAN OEHRLI PLATFORM ARCHITECT Thief Snake Cheetah