SlideShare a Scribd company logo

SOUG Day Oracle 21c New Security Features

Stefan Oehrli
Stefan Oehrli

With the Innovation Release 21c Oracle has introduced one or the other security feature. These include small improvements that make DB operation more secure and easier. But also completely new concepts like DB Nest, which introduce a new approach for databases, how DB security can be implemented in multitenant.

Technology
1 of 36
Download to read offline
www.oradba.ch @stefanoehrli Oracle Database Security 19c/21c new Feature Enhancements and other improvements Stefan Oehrli
Stefan Oehrli Platform Architect, Trainer and Partner at Trivadis • Since 1997 active in various IT areas • Since 2008 with Trivadis AG • More than 22 years of experience in Oracle databases Focus: Protecting data and operating databases securely • Security assessments and reviews • Database security concepts and their implementation • Oracle Backup & Recovery concepts and troubleshooting • Oracle Enterprise User Security, Advanced Security, Database Vault, … • Oracle Directory Services Co-author of the book The Oracle DBA (Hanser, 2016/07) @stefanoehrli www.oradba.ch
Agenda • Introduction • Authentication and Authorization • Auditing • Confidentiality of Data and Database Hardening • Network • Conclusion 05.05.21 SOUG Day - Oracle Database New Security Features 5
Introduction • Oracle distinguish between • Long Term Release i.e. 19c • Innovation Release i.e. 21c • Chance to see what's coming up • Test new features • Engineer new concepts • Simplifies release planning • Features are evolving over RU • i.e. features will sometimes be backported to a Long Term Release • Clear distinction of features between releases and RU is blurred Source: Oracle Support Doc ID 742060.1 Release Schedule of Current Database Releases 05.05.21 SOUG Day - Oracle Database New Security Features 6
Security Areas and MDSA • New security features are spread across the entire database landscape • Classic areas of the database security • Authentication • Authorization • Auditing • Confidentiality of Data • Network • Features may be assigned to multiple areas 05.05.21 SOUG Day - Oracle Database New Security Features 7
Authentication and Authorization 05.05.21 SOUG Day - Oracle Database New Security Features 8
SQL> CREATE USER scott_data NO AUTHENTICATION; General improvements • Default user accounts now Schema-Only • Schema-Only accounts have been introduced with Oracle 18c • No password is assigned to this accounts • No need to maintain these passwords • Example to create a Schema-Only account SOUG Day - Oracle Database New Security Features 9 05.05.21 • Ability to grant or revoke administrative privileges to and from Schema-Only accounts • It is possible to grant SYSDBA, SYSOPER etc to Schema-Only accounts • Privilege Analysis documentation moved to Oracle Database Security Guide • Privilege Analysis used to be part of Oracle Database Vault • Feature has been moved away from DB Vault and it is now part of Oracle Enterprise Edition • Very useful tool for the implementation of the least privilege principle.
SQL> CREATE OR REPLACE DIRECTORY cmu_dir AS '/u01/app/oracle/network/cmu_wallet’; SQL> ALTER DATABASE PROPERTY SET CMU_WALLET=cmu_dir'; Centrally Managed User (CMU) SOUG Day - Oracle Database New Security Features 10 05.05.21 • Oracle CMU is a promising feature that was introduced with Oracle 18c • So far its configuration depends on sqlnet.ora, WALLET_LOCATION, environment variables etc. • To find the proper wallet location is sometimes cumbersome in particular in container databases • Simplification through new database property CMU_WALLET introduced with Oracle 21c • Backport for 19c available as patch 31404487 • Example for the property • Directory is for the CMU wallet as well the dsi.ora configuration file • Can be set on CDB or PDB level
Authentication • New and Updated Password User Profiles • DoD STIG compliant • CIS Center for Internet Security compliant • Minimum password length enforcement for all PDBs • Common profile in CDB • Only limit PASSWORD_VERIFY_FUNCTION • CREATE MANDATORY PROFILE • Force upgraded password file to be case sensitive • No longer be possible to enable / disable • All passwords in new password files are case sensitive by default SOUG Day - Oracle Database New Security Features 11 05.05.21
• Disable the rollover period SQL> SELECT username,account_status,password_versions, profile FROM dba_users WHERE username='SCOTT'; USERNAME ACCOUNT_STATUS PASSWORD_VERSIONS PROFILE ---------- -------------------- -------------------- ---------- SCOTT OPEN & IN ROLLOVER 11G 12C DEFAULT SQL> ALTER USER scott EXPIRE PASSWORD ROLLOVER PERIOD; Authentication • Gradual database password rollover for applications • Allow to use old an new password for a defined timeframe • Time period used to change all the application passwords • Configured via password profile PASSWORD_ROLLOVER_TIME • Status is visible in ACCOUNT_STATUS of DBA_USERS SOUG Day - Oracle Database New Security Features 12 05.05.21
• Oracle database connections to KDC now default to TCP • Used to be UDP by default scott_krb = (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=db21)(PORT=1521)) (CONNECT_DATA=(SERVICE_NAME= pdb1.trivadislabs.com)) (SECURITY=(KERBEROS5_CC_NAME = /tmp/scott/krb.cc) (KERBEROS5_PRINCIPAL = scott@trivadislabs.com))) king_krb = (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=db21)(PORT=1521)) (CONNECT_DATA=(SERVICE_NAME= pdb1.trivadislabs.com)) (SECURITY=(KERBEROS5_CC_NAME = /tmp/king/krb.cc) (KERBEROS5_PRINCIPAL = king@trivadislabs.com))) Authentication – Kerberos • Multiple Kerberos Principals with a Single Database Client • Specify additional kerberos principals using tnsnames.ora SOUG Day - Oracle Database New Security Features 13 05.05.21
Authorization • New System privilege and initialization parameter for diagnostic events • ENABLE DIAGNOSTICS system privilege • DIAGNOSTICS_CONTROL initialization parameter • Oracle SQL*Loader Support for Object Store Credentials • Allow to access / load data from OCI object store SOUG Day - Oracle Database New Security Features 14 05.05.21
Auditing 05.05.21 SOUG Day - Oracle Database New Security Features 15
Auditing • Desupport of UNIFIED_AUDIT_SGA_QUEUE_SIZE • Audit Data is written immediately to an internal relational table • No data lost in case Instance Crash / SHUTDOWN ABORT • Deprecation of settings to flush audit trail records to disk • Data is written automatically in a new internal relational table • Existing unified audit records have to be transferred • Unified Audit is now enabled by default • Mixed mode and classic Audit is depreciated SOUG Day - Oracle Database New Security Features 16 05.05.21
Auditing – A few odds and ends • As of Oracle 19c it is now possible to audit only top level statements • i.e. just the package and not the 100 sql statements within the package • Improved read performance on the unified audit trail • PDB_GUID has been added as an audit record field name for SYSLOG • Changes to the Unified Audit policy configuration are effective immediately • Uniform audit policies enforced for the current user • Predefined Unified Audit policies for STIG Security Technical Implementation Guides compliance • Auditing for Oracle XML DB HTTP and FTP Services • Unified Auditing on an Editioned Object Now Applies to All Its Editions • SYSLOG Destination for Common Unified Audit Policies SOUG Day - Oracle Database New Security Features 17 05.05.21
Confidentiality of Data Database Hardening 05.05.21 SOUG Day - Oracle Database New Security Features 18
Transparent Data Encryption There was the thing with the online encryption… • Gradual improvement of existing features • More algorithms for offline TDE • Online conversion support for auto-renaming in Non-OMF Mode • Support for operation on closed wallets • Set default TDE algorithm • Extensions specifically for cloud environments • Sharing TDE master keys across Oracle processes • Control hard beats with Oracle Key Vault • Improved performance with large numbers of TDE Keys • Simplification of known pain points • TDE WALLET configuration with WALLET_ROOT 05.05.21 SOUG Day - Oracle Database New Security Features 19
Transparent Data Encryption – A few odds and ends • More algorithms for offline TDE • Now supports AES128, AES192, AES256, and 3DES168 as well as ARIA and GOST • Online conversion support for auto-renaming in Non-OMF Mode • No need to specify the FILE_NAME_CONVERT clase • Support for operation on closed wallets • Access to encrypted Oracle maintained tablespaces e.g. SYSTEM, SYSAUX etc. is also possible with closed wallet • Init.ora parameter TABLESPACE_ENCRYPTION_DEFAULT_ALGORITHM to set default TDE algorithm • Currently limited to AES128, AES192, AES256, and 3DES168 • TDE WALLET configuration with WALLET_ROOT • Specify the wallet location by the init.ora parameter WALLET_ROOT • Combination with TDE_CONFIGURATION parameter • No dependency on sqlnet.ora 05.05.21 SOUG Day - Oracle Database New Security Features 20
Oracle Blockchain Table • New append-only table type • Only insert operations are allowed • Deleting rows is either • Prohibited • Restricted based on time • Rows in a blockchain table are tamper-proof SOUG Day - Oracle Database New Security Features 21 05.05.21 Source: Oracle® Database Learning Database New Features 21c
Container Database Security • Out of the box no special measures • Security and operational risks • PDB privilege escalation • Excessive use of shared resources • Gain access to CDB or PDBs • Use of critical features like • A few multitenant features • PATH_PREFIX and CREATE_FILE_DEST • PDB_OS_CREDENTIAL parameter • Lockdown profiles to restrict certain operations or functionalities in a PDBs SOUG Day - Oracle Database New Security Features 22 05.05.21
Oracle DB Nest Available in Oracle 20c • Hidden Feature in 19c Control and isolation of • OS resources used by a PDB • File system isolation per PDB • Secure computing Concept analog to Container Technologies like Docker • Use of Linux Namespaces • Use of CGROUPS 05.05.21 SOUG Day - Oracle Database New Security Features 23
Architecture of a CDB Nest 05.05.21 SOUG Day - Oracle Database New Security Features 24 Source: Oracle® Database Security Guide 21c
Kernel Namespaces • Linux kernel function for isolation and virtualization of system resources • When a DB Nest is launched, Oracle creates a set of namespaces for that DB Nest • Processes within a DB Nest see only its namespace SOUG Day - Oracle Database New Security Features 25 05.05.21
Control groups (cgroups) • cgroups is a Linux kernel feature • mainlined into the Linux kernel since 2007 • Allows to limit that limits, accounts for, and isolates the resource usage of a collection of processes • Possibility of limiting and isolating the consumption of resources • Heavely used in Container (runc, Docker etc.) • CPU, memory, maximum number of PIDs, (network, disk I/O) SOUG Day - Oracle Database New Security Features 26 05.05.21 Source: Wikipedia (https://en.wikipedia.org/wiki/Cgroups)
Sneak Preview on DB Nest • Introduction of new init.ora parameter • DBNEST_ENABLE – Enables or disables DB Nest • DBNEST_PDB_FS_CONF – Specifies the location of an optional file system configuration file. Set this parameter in the CDB root. • Use of a dedicated broker configured in listener.ora by DEDICATED_THROUGH_BROKER_LISTENER • Introduction of new commandline tools dbnest and dbnestinit • Allows to create, initialize and test DB Nests • Requires additional OS package • nscd – A Name Service Caching Daemon (nscd) • sssd – System Security Services Daemon SOUG Day - Oracle Database New Security Features 27 05.05.21
• Enable the broker # DB Nest DEDICATED_THROUGH_BROKER_LISTENER=ON ALTER SYSTEM SET use_dedicated_broker=TRUE; Basic DB Nest Configuration • Configure a dedicated broker in listener.ora SOUG Day - Oracle Database New Security Features 28 05.05.21 • Enable DB Nest and restart the database ALTER SYSTEM SET dbnest_enable=cdb_resource_pdb_all SCOPE=SPFILE; • Check the alert.log for DB Nest Instance running inside DB Nest (TDB200C_TDB200C) … PDBHR(3):DB Nest (PDB00003, 2968463207) open successful
oracle@ol7db21:~/ [TDB210C] dbnest list ---------------------------------------------------------------------------- Id : Nest : Parent : : Tag : State ---------------------------------------------------------------------------- 1 : TDB200C_TDB200C : : TDB200C_TDB200C : OPEN Net State : Namespace State : (pid=0,cnid=4026531836,pnid=4026531836,no namespace,type=0x0) Resources : (cpu=0) Property enabled : resources Seccomp status : (level=none) FS Isolation : (disabled) ---------------------------------------------------------------------------- 2 : PDB00001 : TDB200C_TDB200C : PDB00001 : OPEN <REMOVED> --------------------------------------------------------------------------- 3 : PDB00002 : TDB200C_TDB200C : PDB$SEED (uid=2427344711) : OPEN <REMOVED> ---------------------------------------------------------------------------- 4 : PDB00003 : TDB200C_TDB200C : PDBHR (uid=2968463207) : OPEN Net State : Namespace State : (pid=3827,cnid=4026532191,pnid=4026531836,type=0x7) Resources : (cpu=0) Property enabled : namespaces,resources Seccomp status : (level=strict1) FS Isolation : (default-config) ----------------------------------------------------------------------------- Number of active nest namespaces = 4 ---------------------------------------------------------------------------- The DB Nest SOUG Day - Oracle Database New Security Features 29 05.05.21
• Try the PDB nest oracle@ol7db21:~/ [TDB210C] dbnest enter PDB00001 Entering nest namespace : PDB00001 oracle@ol7db20:~/ [TDB210C] exit exit Exiting nest namespace : PDB00001 oracle@ol7db21:~/ [TDB210C] dbnest enter PDB00003 Entering nest namespace : PDB00003 shell not found : errno = 2 Exiting nest namespace : PDB00003 Entering DB Nests • Use dbnest to enter the namespace of a nest e.g. opening a shell in this namespace SOUG Day - Oracle Database New Security Features 30 05.05.21
Outlook to DB Nest • Become production in main release • Enhanced Doc, Conf and Examples • Available information is limited • Introduce more configuration features • Introduce Linux CGROUPS • Control resources e.g. CPU, Memory • Control device access • Become Maturate SOUG Day - Oracle Database New Security Features 31 05.05.21
• Reveals a functionality named DB Nest. And yes it does work J Parameter Instance Description ----------------------- ----------- -------------------------------- _dbnest_enable NONE dbNest enable _dbnest_pdb_fs_conf PDB Filesystem configuration _dbnest_pdb_fs_type DEFAULT PDB FS Type _dbnest_pdb_scm_conf PDB SCM configuration _dbnest_pdb_scm_level STRICT1 PDB SCM Level _dbnest_stage_dir Staging directory configuration _instance_dbnest_name Instance dbNest Name 05.05.21 SOUG Day - Oracle Database New Security Features 32 Side Note – Oracle DB Nest in 19c • A possible hint in Oracle 19c based on a few hidden parameter
Network 05.05.21 SOUG Day - Oracle Database New Security Features 33
Network Security There is no new killer feature in the area of network security • Oracle did its home work i.e. decent improvements to existing features A few examples: • Simplify configuration of CMU by relacing dependency on sqlnet.ora / WALLET_LOCATION • Remove dependency on sqlnet.ora for TDE by introducing WALLET_ROOT • Enhance Kerberos functionality i.e. • Ability to use multiple Kerberos principals with a database client (tnsnames.ora configuration) • Oracle Database connections to KDC now default to TCP rather than UDP • Multiple wallet Support for distinct SSL connections in one process • And a few more… 05.05.21 SOUG Day - Oracle Database New Security Features 34
Summary • There are a few more “small” security improvements • Many of the improvements simplify the use of existing security features in the daily business • The focus on cloud-based solutions (public and private) is clearly evident • A lot of necessary and useful, but not earth-shattering • Block chain table… • …I’m wondering when Oracle starts to use it for the audit trail • The new functionality DB Nest does look promising • Exciting to see that it also works in Oracle 19c J • It is a young feature and requires quite some engineering and maturity SOUG Day - Oracle Database New Security Features 35 05.05.21
SOUG Day Oracle 21c New Security Features

Recommended

Oracle RAC 12c Best Practices with Appendices DOAG2013
Oracle RAC 12c Best Practices with Appendices DOAG2013Oracle RAC 12c Best Practices with Appendices DOAG2013
Oracle RAC 12c Best Practices with Appendices DOAG2013Markus Michalewicz
 
Oracle RAC 19c - the Basis for the Autonomous Database
Oracle RAC 19c - the Basis for the Autonomous DatabaseOracle RAC 19c - the Basis for the Autonomous Database
Oracle RAC 19c - the Basis for the Autonomous DatabaseMarkus Michalewicz
 
Oracle Real Application Clusters 19c- Best Practices and Internals- EMEA Tour...
Oracle Real Application Clusters 19c- Best Practices and Internals- EMEA Tour...Oracle Real Application Clusters 19c- Best Practices and Internals- EMEA Tour...
Oracle Real Application Clusters 19c- Best Practices and Internals- EMEA Tour...Sandesh Rao
 
Automating Your Clone in E-Business Suite R12.2
Automating Your Clone in E-Business Suite R12.2Automating Your Clone in E-Business Suite R12.2
Automating Your Clone in E-Business Suite R12.2Michael Brown
 
Oracle GoldenGate 21c New Features and Best Practices
Oracle GoldenGate 21c New Features and Best PracticesOracle GoldenGate 21c New Features and Best Practices
Oracle GoldenGate 21c New Features and Best PracticesBobby Curtis
 
Fast Start Failover DataGuard
Fast Start Failover DataGuardFast Start Failover DataGuard
Fast Start Failover DataGuardBorsaniya Vaibhav
 
Oracle Active Data Guard: Best Practices and New Features Deep Dive
Oracle Active Data Guard: Best Practices and New Features Deep Dive Oracle Active Data Guard: Best Practices and New Features Deep Dive
Oracle Active Data Guard: Best Practices and New Features Deep Dive Glen Hawkins
 
Oracle RAC 19c and Later - Best Practices #OOWLON
Oracle RAC 19c and Later - Best Practices #OOWLONOracle RAC 19c and Later - Best Practices #OOWLON
Oracle RAC 19c and Later - Best Practices #OOWLONMarkus Michalewicz
 

Recommended

Oracle RAC 12c Best Practices with Appendices DOAG2013
Oracle RAC 12c Best Practices with Appendices DOAG2013Oracle RAC 12c Best Practices with Appendices DOAG2013
Oracle RAC 12c Best Practices with Appendices DOAG2013Markus Michalewicz
 
Oracle RAC 19c - the Basis for the Autonomous Database
Oracle RAC 19c - the Basis for the Autonomous DatabaseOracle RAC 19c - the Basis for the Autonomous Database
Oracle RAC 19c - the Basis for the Autonomous DatabaseMarkus Michalewicz
 
Oracle Real Application Clusters 19c- Best Practices and Internals- EMEA Tour...
Oracle Real Application Clusters 19c- Best Practices and Internals- EMEA Tour...Oracle Real Application Clusters 19c- Best Practices and Internals- EMEA Tour...
Oracle Real Application Clusters 19c- Best Practices and Internals- EMEA Tour...Sandesh Rao
 
Automating Your Clone in E-Business Suite R12.2
Automating Your Clone in E-Business Suite R12.2Automating Your Clone in E-Business Suite R12.2
Automating Your Clone in E-Business Suite R12.2Michael Brown
 
Oracle GoldenGate 21c New Features and Best Practices
Oracle GoldenGate 21c New Features and Best PracticesOracle GoldenGate 21c New Features and Best Practices
Oracle GoldenGate 21c New Features and Best PracticesBobby Curtis
 
Fast Start Failover DataGuard
Fast Start Failover DataGuardFast Start Failover DataGuard
Fast Start Failover DataGuardBorsaniya Vaibhav
 
Oracle Active Data Guard: Best Practices and New Features Deep Dive
Oracle Active Data Guard: Best Practices and New Features Deep Dive Oracle Active Data Guard: Best Practices and New Features Deep Dive
Oracle Active Data Guard: Best Practices and New Features Deep Dive Glen Hawkins
 
Oracle RAC 19c and Later - Best Practices #OOWLON
Oracle RAC 19c and Later - Best Practices #OOWLONOracle RAC 19c and Later - Best Practices #OOWLON
Oracle RAC 19c and Later - Best Practices #OOWLONMarkus Michalewicz
 
Oracle 21c: New Features and Enhancements of Data Pump & TTS
Oracle 21c: New Features and Enhancements of Data Pump & TTSOracle 21c: New Features and Enhancements of Data Pump & TTS
Oracle 21c: New Features and Enhancements of Data Pump & TTSChristian Gohmann
 
Exadata master series_asm_2020
Exadata master series_asm_2020Exadata master series_asm_2020
Exadata master series_asm_2020Anil Nair
 
Oracle Database Vault
Oracle Database VaultOracle Database Vault
Oracle Database VaultMarco Alamanni
 
Understand oracle real application cluster
Understand oracle real application clusterUnderstand oracle real application cluster
Understand oracle real application clusterSatishbabu Gunukula
 
Active dataguard
Active dataguardActive dataguard
Active dataguardManoj Kumar
 
The Top 5 Reasons to Deploy Your Applications on Oracle RAC
The Top 5 Reasons to Deploy Your Applications on Oracle RACThe Top 5 Reasons to Deploy Your Applications on Oracle RAC
The Top 5 Reasons to Deploy Your Applications on Oracle RACMarkus Michalewicz
 
Enable oracle database vault
Enable oracle database vaultEnable oracle database vault
Enable oracle database vaultOsama Mustafa
 
Oracle Fleet Patching and Provisioning Deep Dive Webcast Slides
Oracle Fleet Patching and Provisioning Deep Dive Webcast SlidesOracle Fleet Patching and Provisioning Deep Dive Webcast Slides
Oracle Fleet Patching and Provisioning Deep Dive Webcast SlidesLudovico Caldara
 
Oracle Data Guard
Oracle Data GuardOracle Data Guard
Oracle Data GuardMartin Meyer
 
New Generation Oracle RAC Performance
New Generation Oracle RAC PerformanceNew Generation Oracle RAC Performance
New Generation Oracle RAC PerformanceAnil Nair
 
Best Practices for the Most Impactful Oracle Database 18c and 19c Features
Best Practices for the Most Impactful Oracle Database 18c and 19c FeaturesBest Practices for the Most Impactful Oracle Database 18c and 19c Features
Best Practices for the Most Impactful Oracle Database 18c and 19c FeaturesMarkus Michalewicz
 
Understanding oracle rac internals part 1 - slides
Understanding oracle rac internals part 1 - slidesUnderstanding oracle rac internals part 1 - slides
Understanding oracle rac internals part 1 - slidesMohamed Farouk
 
Part3 Explain the Explain Plan
Part3 Explain the Explain PlanPart3 Explain the Explain Plan
Part3 Explain the Explain PlanMaria Colgan
 
Oracle RAC on Extended Distance Clusters - Presentation
Oracle RAC on Extended Distance Clusters - PresentationOracle RAC on Extended Distance Clusters - Presentation
Oracle RAC on Extended Distance Clusters - PresentationMarkus Michalewicz
 
Oracle E-Business Suite R12.2.5 on Database 12c: Install, Patch and Administer
Oracle E-Business Suite R12.2.5 on Database 12c: Install, Patch and AdministerOracle E-Business Suite R12.2.5 on Database 12c: Install, Patch and Administer
Oracle E-Business Suite R12.2.5 on Database 12c: Install, Patch and AdministerAndrejs Karpovs
 
Oracle 12c PDB insights
Oracle 12c PDB insightsOracle 12c PDB insights
Oracle 12c PDB insightsKirill Loifman
 
Oracle database high availability solutions
Oracle database high availability solutionsOracle database high availability solutions
Oracle database high availability solutionsKirill Loifman
 
What to Expect From Oracle database 19c
What to Expect From Oracle database 19cWhat to Expect From Oracle database 19c
What to Expect From Oracle database 19cMaria Colgan
 
Oracle Multitenant meets Oracle RAC - IOUG 2014 Version
Oracle Multitenant meets Oracle RAC - IOUG 2014 VersionOracle Multitenant meets Oracle RAC - IOUG 2014 Version
Oracle Multitenant meets Oracle RAC - IOUG 2014 VersionMarkus Michalewicz
 
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdfOracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdfSrirakshaSrinivasan2
 
Oracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxOracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxSatishbabu Gunukula
 
Oracle Enterprise Manager 12c: updates and upgrades.
Oracle Enterprise Manager 12c: updates and upgrades.Oracle Enterprise Manager 12c: updates and upgrades.
Oracle Enterprise Manager 12c: updates and upgrades.Rolta
 

More Related Content

What's hot

Oracle 21c: New Features and Enhancements of Data Pump & TTS
Oracle 21c: New Features and Enhancements of Data Pump & TTSOracle 21c: New Features and Enhancements of Data Pump & TTS
Oracle 21c: New Features and Enhancements of Data Pump & TTSChristian Gohmann
 
Exadata master series_asm_2020
Exadata master series_asm_2020Exadata master series_asm_2020
Exadata master series_asm_2020Anil Nair
 
Understand oracle real application cluster
Understand oracle real application clusterUnderstand oracle real application cluster
Understand oracle real application clusterSatishbabu Gunukula
 
Active dataguard
Active dataguardActive dataguard
Active dataguardManoj Kumar
 
The Top 5 Reasons to Deploy Your Applications on Oracle RAC
The Top 5 Reasons to Deploy Your Applications on Oracle RACThe Top 5 Reasons to Deploy Your Applications on Oracle RAC
The Top 5 Reasons to Deploy Your Applications on Oracle RACMarkus Michalewicz
 
Enable oracle database vault
Enable oracle database vaultEnable oracle database vault
Enable oracle database vaultOsama Mustafa
 
Oracle Fleet Patching and Provisioning Deep Dive Webcast Slides
Oracle Fleet Patching and Provisioning Deep Dive Webcast SlidesOracle Fleet Patching and Provisioning Deep Dive Webcast Slides
Oracle Fleet Patching and Provisioning Deep Dive Webcast SlidesLudovico Caldara
 
New Generation Oracle RAC Performance
New Generation Oracle RAC PerformanceNew Generation Oracle RAC Performance
New Generation Oracle RAC PerformanceAnil Nair
 
Best Practices for the Most Impactful Oracle Database 18c and 19c Features
Best Practices for the Most Impactful Oracle Database 18c and 19c FeaturesBest Practices for the Most Impactful Oracle Database 18c and 19c Features
Best Practices for the Most Impactful Oracle Database 18c and 19c FeaturesMarkus Michalewicz
 
Understanding oracle rac internals part 1 - slides
Understanding oracle rac internals part 1 - slidesUnderstanding oracle rac internals part 1 - slides
Understanding oracle rac internals part 1 - slidesMohamed Farouk
 
Part3 Explain the Explain Plan
Part3 Explain the Explain PlanPart3 Explain the Explain Plan
Part3 Explain the Explain PlanMaria Colgan
 
Oracle RAC on Extended Distance Clusters - Presentation
Oracle RAC on Extended Distance Clusters - PresentationOracle RAC on Extended Distance Clusters - Presentation
Oracle RAC on Extended Distance Clusters - PresentationMarkus Michalewicz
 
Oracle E-Business Suite R12.2.5 on Database 12c: Install, Patch and Administer
Oracle E-Business Suite R12.2.5 on Database 12c: Install, Patch and AdministerOracle E-Business Suite R12.2.5 on Database 12c: Install, Patch and Administer
Oracle E-Business Suite R12.2.5 on Database 12c: Install, Patch and AdministerAndrejs Karpovs
 
Oracle 12c PDB insights
Oracle 12c PDB insightsOracle 12c PDB insights
Oracle 12c PDB insightsKirill Loifman
 
Oracle database high availability solutions
Oracle database high availability solutionsOracle database high availability solutions
Oracle database high availability solutionsKirill Loifman
 
What to Expect From Oracle database 19c
What to Expect From Oracle database 19cWhat to Expect From Oracle database 19c
What to Expect From Oracle database 19cMaria Colgan
 
Oracle Multitenant meets Oracle RAC - IOUG 2014 Version
Oracle Multitenant meets Oracle RAC - IOUG 2014 VersionOracle Multitenant meets Oracle RAC - IOUG 2014 Version
Oracle Multitenant meets Oracle RAC - IOUG 2014 VersionMarkus Michalewicz
 
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdfOracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdfSrirakshaSrinivasan2
 

What's hot (20)

Oracle 21c: New Features and Enhancements of Data Pump & TTS
Oracle 21c: New Features and Enhancements of Data Pump & TTSOracle 21c: New Features and Enhancements of Data Pump & TTS
Oracle 21c: New Features and Enhancements of Data Pump & TTS
 
Exadata master series_asm_2020
Exadata master series_asm_2020Exadata master series_asm_2020
Exadata master series_asm_2020
 
Oracle Database Vault
Oracle Database VaultOracle Database Vault
Oracle Database Vault
 
Understand oracle real application cluster
Understand oracle real application clusterUnderstand oracle real application cluster
Understand oracle real application cluster
 
Active dataguard
Active dataguardActive dataguard
Active dataguard
 
The Top 5 Reasons to Deploy Your Applications on Oracle RAC
The Top 5 Reasons to Deploy Your Applications on Oracle RACThe Top 5 Reasons to Deploy Your Applications on Oracle RAC
The Top 5 Reasons to Deploy Your Applications on Oracle RAC
 
Enable oracle database vault
Enable oracle database vaultEnable oracle database vault
Enable oracle database vault
 
Oracle Fleet Patching and Provisioning Deep Dive Webcast Slides
Oracle Fleet Patching and Provisioning Deep Dive Webcast SlidesOracle Fleet Patching and Provisioning Deep Dive Webcast Slides
Oracle Fleet Patching and Provisioning Deep Dive Webcast Slides
 
Oracle Data Guard
Oracle Data GuardOracle Data Guard
Oracle Data Guard
 
New Generation Oracle RAC Performance
New Generation Oracle RAC PerformanceNew Generation Oracle RAC Performance
New Generation Oracle RAC Performance
 
Best Practices for the Most Impactful Oracle Database 18c and 19c Features
Best Practices for the Most Impactful Oracle Database 18c and 19c FeaturesBest Practices for the Most Impactful Oracle Database 18c and 19c Features
Best Practices for the Most Impactful Oracle Database 18c and 19c Features
 
Understanding oracle rac internals part 1 - slides
Understanding oracle rac internals part 1 - slidesUnderstanding oracle rac internals part 1 - slides
Understanding oracle rac internals part 1 - slides
 
Part3 Explain the Explain Plan
Part3 Explain the Explain PlanPart3 Explain the Explain Plan
Part3 Explain the Explain Plan
 
Oracle RAC on Extended Distance Clusters - Presentation
Oracle RAC on Extended Distance Clusters - PresentationOracle RAC on Extended Distance Clusters - Presentation
Oracle RAC on Extended Distance Clusters - Presentation
 
Oracle E-Business Suite R12.2.5 on Database 12c: Install, Patch and Administer
Oracle E-Business Suite R12.2.5 on Database 12c: Install, Patch and AdministerOracle E-Business Suite R12.2.5 on Database 12c: Install, Patch and Administer
Oracle E-Business Suite R12.2.5 on Database 12c: Install, Patch and Administer
 
Oracle 12c PDB insights
Oracle 12c PDB insightsOracle 12c PDB insights
Oracle 12c PDB insights
 
Oracle database high availability solutions
Oracle database high availability solutionsOracle database high availability solutions
Oracle database high availability solutions
 
What to Expect From Oracle database 19c
What to Expect From Oracle database 19cWhat to Expect From Oracle database 19c
What to Expect From Oracle database 19c
 
Oracle Multitenant meets Oracle RAC - IOUG 2014 Version
Oracle Multitenant meets Oracle RAC - IOUG 2014 VersionOracle Multitenant meets Oracle RAC - IOUG 2014 Version
Oracle Multitenant meets Oracle RAC - IOUG 2014 Version
 
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdfOracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
 

Similar to SOUG Day Oracle 21c New Security Features

Oracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxOracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxSatishbabu Gunukula
 
Oracle Enterprise Manager 12c: updates and upgrades.
Oracle Enterprise Manager 12c: updates and upgrades.Oracle Enterprise Manager 12c: updates and upgrades.
Oracle Enterprise Manager 12c: updates and upgrades.Rolta
 
Improving oracle12c security
Improving oracle12c securityImproving oracle12c security
Improving oracle12c securityLaurent Leturgez
 
Improve oracle 12c security
Improve oracle 12c securityImprove oracle 12c security
Improve oracle 12c securityLaurent Leturgez
 
Privilege Analysis with the Oracle Database
Privilege Analysis with the Oracle DatabasePrivilege Analysis with the Oracle Database
Privilege Analysis with the Oracle DatabaseMarkus Flechtner
 
Presentation database security audit vault & database firewall
Presentation database security audit vault & database firewallPresentation database security audit vault & database firewall
Presentation database security audit vault & database firewallxKinAnx
 
Oracle database 12c intro
Oracle database 12c introOracle database 12c intro
Oracle database 12c intropasalapudi
 
Presentation database security enhancements with oracle
Presentation database security enhancements with oraclePresentation database security enhancements with oracle
Presentation database security enhancements with oraclexKinAnx
 
MySQL 5.6 Replication Webinar
MySQL 5.6 Replication WebinarMySQL 5.6 Replication Webinar
MySQL 5.6 Replication WebinarMark Swarbrick
 
Oracle golden gate 12c New Features
Oracle golden gate 12c New FeaturesOracle golden gate 12c New Features
Oracle golden gate 12c New FeaturesSatishbabu Gunukula
 
2019 - GUOB Tech Day / Groundbreakers LAD Tour - Database Migration Methods t...
2019 - GUOB Tech Day / Groundbreakers LAD Tour - Database Migration Methods t...2019 - GUOB Tech Day / Groundbreakers LAD Tour - Database Migration Methods t...
2019 - GUOB Tech Day / Groundbreakers LAD Tour - Database Migration Methods t...Marcus Vinicius Miguel Pedro
 
SOUG PDB Security, Isolation and DB Nest 20c
SOUG PDB Security, Isolation and DB Nest 20cSOUG PDB Security, Isolation and DB Nest 20c
SOUG PDB Security, Isolation and DB Nest 20cStefan Oehrli
 
COUG_AAbate_Oracle_Database_12c_New_Features
COUG_AAbate_Oracle_Database_12c_New_FeaturesCOUG_AAbate_Oracle_Database_12c_New_Features
COUG_AAbate_Oracle_Database_12c_New_FeaturesAlfredo Abate
 
Magento performance feat. core Hacks
Magento performance feat. core HacksMagento performance feat. core Hacks
Magento performance feat. core HacksDaniel Niedergesäß
 
TechEvent 2019: DB, CMU and EUS engineering with vagrant; Stefan Oehrli - Tri...
TechEvent 2019: DB, CMU and EUS engineering with vagrant; Stefan Oehrli - Tri...TechEvent 2019: DB, CMU and EUS engineering with vagrant; Stefan Oehrli - Tri...
TechEvent 2019: DB, CMU and EUS engineering with vagrant; Stefan Oehrli - Tri...Trivadis
 
2019 - OOW - Database Migration Methods from On-Premise to Cloud
2019 - OOW - Database Migration Methods from On-Premise to Cloud2019 - OOW - Database Migration Methods from On-Premise to Cloud
2019 - OOW - Database Migration Methods from On-Premise to CloudMarcus Vinicius Miguel Pedro
 
Geek Sync I Need for Speed: In-Memory Databases in Oracle and SQL Server
Geek Sync I Need for Speed: In-Memory Databases in Oracle and SQL ServerGeek Sync I Need for Speed: In-Memory Databases in Oracle and SQL Server
Geek Sync I Need for Speed: In-Memory Databases in Oracle and SQL ServerIDERA Software
 

Similar to SOUG Day Oracle 21c New Security Features (20)

Oracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxOracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptx
 
Oracle Enterprise Manager 12c: updates and upgrades.
Oracle Enterprise Manager 12c: updates and upgrades.Oracle Enterprise Manager 12c: updates and upgrades.
Oracle Enterprise Manager 12c: updates and upgrades.
 
Improving oracle12c security
Improving oracle12c securityImproving oracle12c security
Improving oracle12c security
 
Improve oracle 12c security
Improve oracle 12c securityImprove oracle 12c security
Improve oracle 12c security
 
Privilege Analysis with the Oracle Database
Privilege Analysis with the Oracle DatabasePrivilege Analysis with the Oracle Database
Privilege Analysis with the Oracle Database
 
Presentation database security audit vault & database firewall
Presentation database security audit vault & database firewallPresentation database security audit vault & database firewall
Presentation database security audit vault & database firewall
 
Oracle database 12c intro
Oracle database 12c introOracle database 12c intro
Oracle database 12c intro
 
Presentation database security enhancements with oracle
Presentation database security enhancements with oraclePresentation database security enhancements with oracle
Presentation database security enhancements with oracle
 
MySQL 5.6 Replication Webinar
MySQL 5.6 Replication WebinarMySQL 5.6 Replication Webinar
MySQL 5.6 Replication Webinar
 
Oracle golden gate 12c New Features
Oracle golden gate 12c New FeaturesOracle golden gate 12c New Features
Oracle golden gate 12c New Features
 
2019 - GUOB Tech Day / Groundbreakers LAD Tour - Database Migration Methods t...
2019 - GUOB Tech Day / Groundbreakers LAD Tour - Database Migration Methods t...2019 - GUOB Tech Day / Groundbreakers LAD Tour - Database Migration Methods t...
2019 - GUOB Tech Day / Groundbreakers LAD Tour - Database Migration Methods t...
 
SOUG PDB Security, Isolation and DB Nest 20c
SOUG PDB Security, Isolation and DB Nest 20cSOUG PDB Security, Isolation and DB Nest 20c
SOUG PDB Security, Isolation and DB Nest 20c
 
COUG_AAbate_Oracle_Database_12c_New_Features
COUG_AAbate_Oracle_Database_12c_New_FeaturesCOUG_AAbate_Oracle_Database_12c_New_Features
COUG_AAbate_Oracle_Database_12c_New_Features
 
Magento performance feat. core Hacks
Magento performance feat. core HacksMagento performance feat. core Hacks
Magento performance feat. core Hacks
 
TechEvent 2019: DB, CMU and EUS engineering with vagrant; Stefan Oehrli - Tri...
TechEvent 2019: DB, CMU and EUS engineering with vagrant; Stefan Oehrli - Tri...TechEvent 2019: DB, CMU and EUS engineering with vagrant; Stefan Oehrli - Tri...
TechEvent 2019: DB, CMU and EUS engineering with vagrant; Stefan Oehrli - Tri...
 
2020 - OCI Key Concepts for Oracle DBAs
2020 - OCI Key Concepts for Oracle DBAs2020 - OCI Key Concepts for Oracle DBAs
2020 - OCI Key Concepts for Oracle DBAs
 
2019 - OOW - Database Migration Methods from On-Premise to Cloud
2019 - OOW - Database Migration Methods from On-Premise to Cloud2019 - OOW - Database Migration Methods from On-Premise to Cloud
2019 - OOW - Database Migration Methods from On-Premise to Cloud
 
Flashback in OCI
Flashback in OCIFlashback in OCI
Flashback in OCI
 
Geek Sync I Need for Speed: In-Memory Databases in Oracle and SQL Server
Geek Sync I Need for Speed: In-Memory Databases in Oracle and SQL ServerGeek Sync I Need for Speed: In-Memory Databases in Oracle and SQL Server
Geek Sync I Need for Speed: In-Memory Databases in Oracle and SQL Server
 
ow.ppt
ow.pptow.ppt
ow.ppt
 

More from Stefan Oehrli

OracleBeer_Terraform_soe.pdf
OracleBeer_Terraform_soe.pdfOracleBeer_Terraform_soe.pdf
OracleBeer_Terraform_soe.pdfStefan Oehrli
 
DOAG Oracle Database Vault
DOAG Oracle Database VaultDOAG Oracle Database Vault
DOAG Oracle Database VaultStefan Oehrli
 
AUSOUG Oracle Password Security
AUSOUG Oracle Password SecurityAUSOUG Oracle Password Security
AUSOUG Oracle Password SecurityStefan Oehrli
 
IaC MeetUp Active Directory Setup for Oracle Security LAB
IaC MeetUp Active Directory Setup for Oracle Security LABIaC MeetUp Active Directory Setup for Oracle Security LAB
IaC MeetUp Active Directory Setup for Oracle Security LABStefan Oehrli
 
Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Stefan Oehrli
 
Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Stefan Oehrli
 
Oracle Cloud deployment with Terraform
Oracle Cloud deployment with TerraformOracle Cloud deployment with Terraform
Oracle Cloud deployment with TerraformStefan Oehrli
 
DOAG Oracle Unified Audit in Multitenant Environments
DOAG Oracle Unified Audit in Multitenant EnvironmentsDOAG Oracle Unified Audit in Multitenant Environments
DOAG Oracle Unified Audit in Multitenant EnvironmentsStefan Oehrli
 
SOUG Oracle Unified Audit for Multitenant Databases
SOUG Oracle Unified Audit for Multitenant DatabasesSOUG Oracle Unified Audit for Multitenant Databases
SOUG Oracle Unified Audit for Multitenant DatabasesStefan Oehrli
 
UKOUG Techfest 2019 Central user Administration of Oracle Databases
UKOUG Techfest 2019 Central user Administration of Oracle DatabasesUKOUG Techfest 2019 Central user Administration of Oracle Databases
UKOUG Techfest 2019 Central user Administration of Oracle DatabasesStefan Oehrli
 
UKOUG TechFest PDB Isolation and Security
UKOUG TechFest PDB Isolation and SecurityUKOUG TechFest PDB Isolation and Security
UKOUG TechFest PDB Isolation and SecurityStefan Oehrli
 
Trivadis triCast Oracle Centrally Managed Users 18/19c
Trivadis triCast Oracle Centrally Managed Users 18/19cTrivadis triCast Oracle Centrally Managed Users 18/19c
Trivadis triCast Oracle Centrally Managed Users 18/19cStefan Oehrli
 
AOUG 2019 Oracle Centrally Managed Users 18c / 19c
AOUG 2019 Oracle Centrally Managed Users 18c / 19cAOUG 2019 Oracle Centrally Managed Users 18c / 19c
AOUG 2019 Oracle Centrally Managed Users 18c / 19cStefan Oehrli
 
DOAG Webinar Oracle und Docker
DOAG Webinar Oracle und DockerDOAG Webinar Oracle und Docker
DOAG Webinar Oracle und DockerStefan Oehrli
 

More from Stefan Oehrli (16)

OracleBeer_Terraform_soe.pdf
OracleBeer_Terraform_soe.pdfOracleBeer_Terraform_soe.pdf
OracleBeer_Terraform_soe.pdf
 
DOAG Oracle Database Vault
DOAG Oracle Database VaultDOAG Oracle Database Vault
DOAG Oracle Database Vault
 
AUSOUG Oracle Password Security
AUSOUG Oracle Password SecurityAUSOUG Oracle Password Security
AUSOUG Oracle Password Security
 
IaC MeetUp Active Directory Setup for Oracle Security LAB
IaC MeetUp Active Directory Setup for Oracle Security LABIaC MeetUp Active Directory Setup for Oracle Security LAB
IaC MeetUp Active Directory Setup for Oracle Security LAB
 
Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!
 
Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!
 
Oracle Cloud deployment with Terraform
Oracle Cloud deployment with TerraformOracle Cloud deployment with Terraform
Oracle Cloud deployment with Terraform
 
DOAG Oracle Unified Audit in Multitenant Environments
DOAG Oracle Unified Audit in Multitenant EnvironmentsDOAG Oracle Unified Audit in Multitenant Environments
DOAG Oracle Unified Audit in Multitenant Environments
 
SOUG Oracle Unified Audit for Multitenant Databases
SOUG Oracle Unified Audit for Multitenant DatabasesSOUG Oracle Unified Audit for Multitenant Databases
SOUG Oracle Unified Audit for Multitenant Databases
 
UKOUG Techfest 2019 Central user Administration of Oracle Databases
UKOUG Techfest 2019 Central user Administration of Oracle DatabasesUKOUG Techfest 2019 Central user Administration of Oracle Databases
UKOUG Techfest 2019 Central user Administration of Oracle Databases
 
UKOUG TechFest PDB Isolation and Security
UKOUG TechFest PDB Isolation and SecurityUKOUG TechFest PDB Isolation and Security
UKOUG TechFest PDB Isolation and Security
 
Trivadis triCast Oracle Centrally Managed Users 18/19c
Trivadis triCast Oracle Centrally Managed Users 18/19cTrivadis triCast Oracle Centrally Managed Users 18/19c
Trivadis triCast Oracle Centrally Managed Users 18/19c
 
Oracle und Docker
Oracle und DockerOracle und Docker
Oracle und Docker
 
Oracle and Docker
Oracle and DockerOracle and Docker
Oracle and Docker
 
AOUG 2019 Oracle Centrally Managed Users 18c / 19c
AOUG 2019 Oracle Centrally Managed Users 18c / 19cAOUG 2019 Oracle Centrally Managed Users 18c / 19c
AOUG 2019 Oracle Centrally Managed Users 18c / 19c
 
DOAG Webinar Oracle und Docker
DOAG Webinar Oracle und DockerDOAG Webinar Oracle und Docker
DOAG Webinar Oracle und Docker
 

Recently uploaded

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 

Recently uploaded (20)

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 

SOUG Day Oracle 21c New Security Features

  • 1. www.oradba.ch @stefanoehrli Oracle Database Security 19c/21c new Feature Enhancements and other improvements Stefan Oehrli
  • 2. Stefan Oehrli Platform Architect, Trainer and Partner at Trivadis • Since 1997 active in various IT areas • Since 2008 with Trivadis AG • More than 22 years of experience in Oracle databases Focus: Protecting data and operating databases securely • Security assessments and reviews • Database security concepts and their implementation • Oracle Backup & Recovery concepts and troubleshooting • Oracle Enterprise User Security, Advanced Security, Database Vault, … • Oracle Directory Services Co-author of the book The Oracle DBA (Hanser, 2016/07) @stefanoehrli www.oradba.ch
  • 3.
  • 4.
  • 5. Agenda • Introduction • Authentication and Authorization • Auditing • Confidentiality of Data and Database Hardening • Network • Conclusion 05.05.21 SOUG Day - Oracle Database New Security Features 5
  • 6. Introduction • Oracle distinguish between • Long Term Release i.e. 19c • Innovation Release i.e. 21c • Chance to see what's coming up • Test new features • Engineer new concepts • Simplifies release planning • Features are evolving over RU • i.e. features will sometimes be backported to a Long Term Release • Clear distinction of features between releases and RU is blurred Source: Oracle Support Doc ID 742060.1 Release Schedule of Current Database Releases 05.05.21 SOUG Day - Oracle Database New Security Features 6
  • 7. Security Areas and MDSA • New security features are spread across the entire database landscape • Classic areas of the database security • Authentication • Authorization • Auditing • Confidentiality of Data • Network • Features may be assigned to multiple areas 05.05.21 SOUG Day - Oracle Database New Security Features 7
  • 8. Authentication and Authorization 05.05.21 SOUG Day - Oracle Database New Security Features 8
  • 9. SQL> CREATE USER scott_data NO AUTHENTICATION; General improvements • Default user accounts now Schema-Only • Schema-Only accounts have been introduced with Oracle 18c • No password is assigned to this accounts • No need to maintain these passwords • Example to create a Schema-Only account SOUG Day - Oracle Database New Security Features 9 05.05.21 • Ability to grant or revoke administrative privileges to and from Schema-Only accounts • It is possible to grant SYSDBA, SYSOPER etc to Schema-Only accounts • Privilege Analysis documentation moved to Oracle Database Security Guide • Privilege Analysis used to be part of Oracle Database Vault • Feature has been moved away from DB Vault and it is now part of Oracle Enterprise Edition • Very useful tool for the implementation of the least privilege principle.
  • 10. SQL> CREATE OR REPLACE DIRECTORY cmu_dir AS '/u01/app/oracle/network/cmu_wallet’; SQL> ALTER DATABASE PROPERTY SET CMU_WALLET=cmu_dir'; Centrally Managed User (CMU) SOUG Day - Oracle Database New Security Features 10 05.05.21 • Oracle CMU is a promising feature that was introduced with Oracle 18c • So far its configuration depends on sqlnet.ora, WALLET_LOCATION, environment variables etc. • To find the proper wallet location is sometimes cumbersome in particular in container databases • Simplification through new database property CMU_WALLET introduced with Oracle 21c • Backport for 19c available as patch 31404487 • Example for the property • Directory is for the CMU wallet as well the dsi.ora configuration file • Can be set on CDB or PDB level
  • 11. Authentication • New and Updated Password User Profiles • DoD STIG compliant • CIS Center for Internet Security compliant • Minimum password length enforcement for all PDBs • Common profile in CDB • Only limit PASSWORD_VERIFY_FUNCTION • CREATE MANDATORY PROFILE • Force upgraded password file to be case sensitive • No longer be possible to enable / disable • All passwords in new password files are case sensitive by default SOUG Day - Oracle Database New Security Features 11 05.05.21
  • 12. • Disable the rollover period SQL> SELECT username,account_status,password_versions, profile FROM dba_users WHERE username='SCOTT'; USERNAME ACCOUNT_STATUS PASSWORD_VERSIONS PROFILE ---------- -------------------- -------------------- ---------- SCOTT OPEN & IN ROLLOVER 11G 12C DEFAULT SQL> ALTER USER scott EXPIRE PASSWORD ROLLOVER PERIOD; Authentication • Gradual database password rollover for applications • Allow to use old an new password for a defined timeframe • Time period used to change all the application passwords • Configured via password profile PASSWORD_ROLLOVER_TIME • Status is visible in ACCOUNT_STATUS of DBA_USERS SOUG Day - Oracle Database New Security Features 12 05.05.21
  • 13. • Oracle database connections to KDC now default to TCP • Used to be UDP by default scott_krb = (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=db21)(PORT=1521)) (CONNECT_DATA=(SERVICE_NAME= pdb1.trivadislabs.com)) (SECURITY=(KERBEROS5_CC_NAME = /tmp/scott/krb.cc) (KERBEROS5_PRINCIPAL = scott@trivadislabs.com))) king_krb = (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=db21)(PORT=1521)) (CONNECT_DATA=(SERVICE_NAME= pdb1.trivadislabs.com)) (SECURITY=(KERBEROS5_CC_NAME = /tmp/king/krb.cc) (KERBEROS5_PRINCIPAL = king@trivadislabs.com))) Authentication – Kerberos • Multiple Kerberos Principals with a Single Database Client • Specify additional kerberos principals using tnsnames.ora SOUG Day - Oracle Database New Security Features 13 05.05.21
  • 14. Authorization • New System privilege and initialization parameter for diagnostic events • ENABLE DIAGNOSTICS system privilege • DIAGNOSTICS_CONTROL initialization parameter • Oracle SQL*Loader Support for Object Store Credentials • Allow to access / load data from OCI object store SOUG Day - Oracle Database New Security Features 14 05.05.21
  • 15. Auditing 05.05.21 SOUG Day - Oracle Database New Security Features 15
  • 16. Auditing • Desupport of UNIFIED_AUDIT_SGA_QUEUE_SIZE • Audit Data is written immediately to an internal relational table • No data lost in case Instance Crash / SHUTDOWN ABORT • Deprecation of settings to flush audit trail records to disk • Data is written automatically in a new internal relational table • Existing unified audit records have to be transferred • Unified Audit is now enabled by default • Mixed mode and classic Audit is depreciated SOUG Day - Oracle Database New Security Features 16 05.05.21
  • 17. Auditing – A few odds and ends • As of Oracle 19c it is now possible to audit only top level statements • i.e. just the package and not the 100 sql statements within the package • Improved read performance on the unified audit trail • PDB_GUID has been added as an audit record field name for SYSLOG • Changes to the Unified Audit policy configuration are effective immediately • Uniform audit policies enforced for the current user • Predefined Unified Audit policies for STIG Security Technical Implementation Guides compliance • Auditing for Oracle XML DB HTTP and FTP Services • Unified Auditing on an Editioned Object Now Applies to All Its Editions • SYSLOG Destination for Common Unified Audit Policies SOUG Day - Oracle Database New Security Features 17 05.05.21
  • 18. Confidentiality of Data Database Hardening 05.05.21 SOUG Day - Oracle Database New Security Features 18
  • 19. Transparent Data Encryption There was the thing with the online encryption… • Gradual improvement of existing features • More algorithms for offline TDE • Online conversion support for auto-renaming in Non-OMF Mode • Support for operation on closed wallets • Set default TDE algorithm • Extensions specifically for cloud environments • Sharing TDE master keys across Oracle processes • Control hard beats with Oracle Key Vault • Improved performance with large numbers of TDE Keys • Simplification of known pain points • TDE WALLET configuration with WALLET_ROOT 05.05.21 SOUG Day - Oracle Database New Security Features 19
  • 20. Transparent Data Encryption – A few odds and ends • More algorithms for offline TDE • Now supports AES128, AES192, AES256, and 3DES168 as well as ARIA and GOST • Online conversion support for auto-renaming in Non-OMF Mode • No need to specify the FILE_NAME_CONVERT clase • Support for operation on closed wallets • Access to encrypted Oracle maintained tablespaces e.g. SYSTEM, SYSAUX etc. is also possible with closed wallet • Init.ora parameter TABLESPACE_ENCRYPTION_DEFAULT_ALGORITHM to set default TDE algorithm • Currently limited to AES128, AES192, AES256, and 3DES168 • TDE WALLET configuration with WALLET_ROOT • Specify the wallet location by the init.ora parameter WALLET_ROOT • Combination with TDE_CONFIGURATION parameter • No dependency on sqlnet.ora 05.05.21 SOUG Day - Oracle Database New Security Features 20
  • 21. Oracle Blockchain Table • New append-only table type • Only insert operations are allowed • Deleting rows is either • Prohibited • Restricted based on time • Rows in a blockchain table are tamper-proof SOUG Day - Oracle Database New Security Features 21 05.05.21 Source: Oracle® Database Learning Database New Features 21c
  • 22. Container Database Security • Out of the box no special measures • Security and operational risks • PDB privilege escalation • Excessive use of shared resources • Gain access to CDB or PDBs • Use of critical features like • A few multitenant features • PATH_PREFIX and CREATE_FILE_DEST • PDB_OS_CREDENTIAL parameter • Lockdown profiles to restrict certain operations or functionalities in a PDBs SOUG Day - Oracle Database New Security Features 22 05.05.21
  • 23. Oracle DB Nest Available in Oracle 20c • Hidden Feature in 19c Control and isolation of • OS resources used by a PDB • File system isolation per PDB • Secure computing Concept analog to Container Technologies like Docker • Use of Linux Namespaces • Use of CGROUPS 05.05.21 SOUG Day - Oracle Database New Security Features 23
  • 24. Architecture of a CDB Nest 05.05.21 SOUG Day - Oracle Database New Security Features 24 Source: Oracle® Database Security Guide 21c
  • 25. Kernel Namespaces • Linux kernel function for isolation and virtualization of system resources • When a DB Nest is launched, Oracle creates a set of namespaces for that DB Nest • Processes within a DB Nest see only its namespace SOUG Day - Oracle Database New Security Features 25 05.05.21
  • 26. Control groups (cgroups) • cgroups is a Linux kernel feature • mainlined into the Linux kernel since 2007 • Allows to limit that limits, accounts for, and isolates the resource usage of a collection of processes • Possibility of limiting and isolating the consumption of resources • Heavely used in Container (runc, Docker etc.) • CPU, memory, maximum number of PIDs, (network, disk I/O) SOUG Day - Oracle Database New Security Features 26 05.05.21 Source: Wikipedia (https://en.wikipedia.org/wiki/Cgroups)
  • 27. Sneak Preview on DB Nest • Introduction of new init.ora parameter • DBNEST_ENABLE – Enables or disables DB Nest • DBNEST_PDB_FS_CONF – Specifies the location of an optional file system configuration file. Set this parameter in the CDB root. • Use of a dedicated broker configured in listener.ora by DEDICATED_THROUGH_BROKER_LISTENER • Introduction of new commandline tools dbnest and dbnestinit • Allows to create, initialize and test DB Nests • Requires additional OS package • nscd – A Name Service Caching Daemon (nscd) • sssd – System Security Services Daemon SOUG Day - Oracle Database New Security Features 27 05.05.21
  • 28. • Enable the broker # DB Nest DEDICATED_THROUGH_BROKER_LISTENER=ON ALTER SYSTEM SET use_dedicated_broker=TRUE; Basic DB Nest Configuration • Configure a dedicated broker in listener.ora SOUG Day - Oracle Database New Security Features 28 05.05.21 • Enable DB Nest and restart the database ALTER SYSTEM SET dbnest_enable=cdb_resource_pdb_all SCOPE=SPFILE; • Check the alert.log for DB Nest Instance running inside DB Nest (TDB200C_TDB200C) … PDBHR(3):DB Nest (PDB00003, 2968463207) open successful
  • 29. oracle@ol7db21:~/ [TDB210C] dbnest list ---------------------------------------------------------------------------- Id : Nest : Parent : : Tag : State ---------------------------------------------------------------------------- 1 : TDB200C_TDB200C : : TDB200C_TDB200C : OPEN Net State : Namespace State : (pid=0,cnid=4026531836,pnid=4026531836,no namespace,type=0x0) Resources : (cpu=0) Property enabled : resources Seccomp status : (level=none) FS Isolation : (disabled) ---------------------------------------------------------------------------- 2 : PDB00001 : TDB200C_TDB200C : PDB00001 : OPEN <REMOVED> --------------------------------------------------------------------------- 3 : PDB00002 : TDB200C_TDB200C : PDB$SEED (uid=2427344711) : OPEN <REMOVED> ---------------------------------------------------------------------------- 4 : PDB00003 : TDB200C_TDB200C : PDBHR (uid=2968463207) : OPEN Net State : Namespace State : (pid=3827,cnid=4026532191,pnid=4026531836,type=0x7) Resources : (cpu=0) Property enabled : namespaces,resources Seccomp status : (level=strict1) FS Isolation : (default-config) ----------------------------------------------------------------------------- Number of active nest namespaces = 4 ---------------------------------------------------------------------------- The DB Nest SOUG Day - Oracle Database New Security Features 29 05.05.21
  • 30. • Try the PDB nest oracle@ol7db21:~/ [TDB210C] dbnest enter PDB00001 Entering nest namespace : PDB00001 oracle@ol7db20:~/ [TDB210C] exit exit Exiting nest namespace : PDB00001 oracle@ol7db21:~/ [TDB210C] dbnest enter PDB00003 Entering nest namespace : PDB00003 shell not found : errno = 2 Exiting nest namespace : PDB00003 Entering DB Nests • Use dbnest to enter the namespace of a nest e.g. opening a shell in this namespace SOUG Day - Oracle Database New Security Features 30 05.05.21
  • 31. Outlook to DB Nest • Become production in main release • Enhanced Doc, Conf and Examples • Available information is limited • Introduce more configuration features • Introduce Linux CGROUPS • Control resources e.g. CPU, Memory • Control device access • Become Maturate SOUG Day - Oracle Database New Security Features 31 05.05.21
  • 32. • Reveals a functionality named DB Nest. And yes it does work J Parameter Instance Description ----------------------- ----------- -------------------------------- _dbnest_enable NONE dbNest enable _dbnest_pdb_fs_conf PDB Filesystem configuration _dbnest_pdb_fs_type DEFAULT PDB FS Type _dbnest_pdb_scm_conf PDB SCM configuration _dbnest_pdb_scm_level STRICT1 PDB SCM Level _dbnest_stage_dir Staging directory configuration _instance_dbnest_name Instance dbNest Name 05.05.21 SOUG Day - Oracle Database New Security Features 32 Side Note – Oracle DB Nest in 19c • A possible hint in Oracle 19c based on a few hidden parameter
  • 33. Network 05.05.21 SOUG Day - Oracle Database New Security Features 33
  • 34. Network Security There is no new killer feature in the area of network security • Oracle did its home work i.e. decent improvements to existing features A few examples: • Simplify configuration of CMU by relacing dependency on sqlnet.ora / WALLET_LOCATION • Remove dependency on sqlnet.ora for TDE by introducing WALLET_ROOT • Enhance Kerberos functionality i.e. • Ability to use multiple Kerberos principals with a database client (tnsnames.ora configuration) • Oracle Database connections to KDC now default to TCP rather than UDP • Multiple wallet Support for distinct SSL connections in one process • And a few more… 05.05.21 SOUG Day - Oracle Database New Security Features 34
  • 35. Summary • There are a few more “small” security improvements • Many of the improvements simplify the use of existing security features in the daily business • The focus on cloud-based solutions (public and private) is clearly evident • A lot of necessary and useful, but not earth-shattering • Block chain table… • …I’m wondering when Oracle starts to use it for the audit trail • The new functionality DB Nest does look promising • Exciting to see that it also works in Oracle 19c J • It is a young feature and requires quite some engineering and maturity SOUG Day - Oracle Database New Security Features 35 05.05.21