5. About Oracle Database security
Oracle Label Security
secures database tables at the
row level, allowing you to
filter user access to row data
based on privileges.
Real Application Security
Administration Console (RASADM)
lets you create Real Application
Security data security policies
using a graphical user interface.
Enterprise User Security
addresses user, administrative, and
security challenges by relying on the
identity management services
supplied by Oracle Internet Directory,
an LDAP-compliant directory service.
5
Transparent Data Encryption
enables you to encrypt data so
that only an authorized recipient
can read it.
Oracle Data Redaction
enables you to redact (mask)
column data using several
redaction types.
Data Masking and Subsetting
process of replacing sensitive
data with fictitious yet realistic
looking data and process of
downsizing either by discarding
or extracting data
6. continue
Key Vault
enables you to accelerate security
and encryption deployments by
centrally managing encryption
keys, Oracle wallets, Java
keystores, and credential files.
Oracle Audit Vault and Database
Firewall
provides a comprehensive Database
Activity Monitoring (DAM) solution
that combines database audit logs
with SQL traffic capture.
6
Database Assessment Tools
Identify database configuration,
operation, or implementation
introduces risk.
Database Vault
restrict access to application data by
privileged database users.
Reducing the risk of insider and
outside threats.
8. About Oracle Label Security
◉ controls the display of individual table rows using labels
◉ works by comparing the row label with a user's label
authorizations to enable you to easily restrict sensitive information
to only authorized users
◉ based on multi-level security (MLS) requirements
◉ installed by default, but not automatically enabled
8
9. Benefits of Oracle Label Security
◉ It enables row level data classification and provides out-of-the box
access mediation based on the data classification and the user label
authorization or security clearance.
◉ It enables you to assign label authorizations or security clearances
to both database users and application users.
◉ It provides both APIs and a graphical user interface for defining
and storing data classification labels and user label authorizations.
◉ It integrates with Oracle Database Vault and Oracle Advanced
Security Data Redaction, enabling security clearances to be use in
both Database Vault command rules and Data Redaction policy
definitions.
9
10. Components of Oracle Label Security
◉ Labels: authorizations for users and program units, govern access
to specified protected objects
• Levels: indicate the type of sensitivity that you want to assign to the row
• Compartments: represent the projects in this example that help define more
precise access controls
• Groups: identify organizations owning or accessing the data
◉ Policy: name associated with these labels, rules, authorizations,
and protected tables
10
13. The Need to Mask and Subset data
◉ Limit sensitive data proliferation
◉ Share what is necessary
◉ Comply with data privacy laws and standards
◉ Minimize storage costs
13
14. Major Components of Oracle Data
Masking and Subsetting
◉ Application Data Modeling
◉ Data Masking Format Library
◉ Data Masking Transformations
◉ Data Subsetting
◉ Application Templates
14
19. What is Auditing
◉ the monitoring and recording of selected user database actions,
from both database users and nondatabase users
◉ The actions that you audit are recorded in either data dictionary
tables or in operating system files
19
20. Why is Auditing Used
◉ Enable accountability for actions
◉ Investigate suspicious activity
◉ Notify an auditor of the actions of an unauthorized user
◉ Monitor and gather data about specific database activities
◉ Detect problems with an authorization or access control
implementation
20
21. Types of Auditing
Unified and Conditional Auditing
➢ Audit data managed using the built-
in audit data management package
within the database
➢ The AUDIT_ADMIN and
AUDIT_VIEWER roles provides
separation of duty
➢ Oracle audit vault and database
firewall is integrated with this
Traditional Database Auditing
➢ Prevent overhead on the source
database system
➢ Be written to the operating system
files as this configuration
21