SlideShare a Scribd company logo

Presentation deploying oracle database 11g securely on oracle solaris

X
xKinAnx

Download & Share Technology Presentations http://goo.gl/k80oY0 Student Guide & Best http://goo.gl/6OkI77

Technology
1 of 38
1Copyright © 2010 Oracle Corporation
<Insert Picture Here> Deploying Oracle Database 11g Securely on Oracle Solaris Glenn Brunette Senior Director, Enterprise Security Solutions
3Copyright © 2010 Oracle Corporation The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
4Copyright © 2010 Oracle Corporation Agenda • Introduction – Why Focus on Operating Systems? – How Can Oracle Solaris Help? • Deploying On A Strong Foundation – Reduced Attack Surface – Separation of Duty and Least Privilege – Strong Isolation and Resource Control – Comprehensive Monitoring • Embracing a Defense in Depth Architecture – Hardware, Operating System and Database Security
5Copyright © 2010 Oracle Corporation Why Focus on the Operating System? • Burglars Don’t Always Use the Front Door – Similar goals can be achieved using different methods
6Copyright © 2010 Oracle Corporation Why Focus on the Operating System? • Burglars Don’t Always Use the Front Door – Similar goals can be achieved using different methods • Attacks Don’t Always Originate in the Database – Operating system access provides unique opportunities
7Copyright © 2010 Oracle Corporation Why Focus on the Operating System? • Burglars Don’t Always Use the Front Door – Similar goals can be achieved using different methods • Attacks Don’t Always Originate in the Database – Operating system access provides unique opportunities • Security Must Be Systemically Applied – A chain is only as strong as its weakest link
8Copyright © 2010 Oracle Corporation How Can Oracle Solaris Help? • Reduced Attack Surface – Package Minimization – (Network) Secure by Default • Separation of Duty and Least Privilege – User Rights Management – Process Rights Management • Strong Isolation and Resource Control – Logical Domains – Containers • Comprehensive Monitoring – Auditing
9Copyright © 2010 Oracle Corporation Reduced Attack Surface Oracle Solaris Package Minimization • Selectively install only what is needed – Reduce the operating system file foot print – 3.6 GB vs. 550M (disk consumed by Entire+OEM vs. Reduced Networking) • Uninstalled software… – can not be executed or exploited – does not need updates or patching – does not need configuration or maintenance • Foundation for specialized deployments and appliances
10Copyright © 2010 Oracle Corporation Reduced Attack Surface Oracle Solaris Secure by Default • Expose only required services to the network – Reduce the operating system network foot print – Most services are disabled; a few are set to “local only” – Secure Shell is the only exposed service by default • Integrated with Service Management Facility – Common administrative model for all service operations – Fully customizable based upon unique site requirements • Foundation for Additional Network Protections – Host-based packet filtering (Solaris IP Filter) – Secure authentication (Solaris Kerberos) – Secure network communications (Solaris IPsec / IKE)
11Copyright © 2010 Oracle Corporation Method for composing collections of administrative rights Rights are specified using hierarchical profiles and authorizations Rights can be assigned to individual users and roles Separation of Duty Oracle Solaris User Rights Management Auditing always tracks the 'real' user – no anonymous admin! Roles can only be assumed by authorized users
12 Separation of Duty Example Oracle Solaris User Rights Management Rights User Rights Management User Roles Internal Auditor System Admin. Oracle DBA System Maintenance, Troubleshooting System Security Review, Audit Trail Review Database Administration
13 Separation of Duty Example Oracle Solaris User Rights Management
14Copyright © 2010 Oracle Corporation Eliminates need for many services to start as ‘root’ Decomposes administrative capabilities into discrete privileges Reduces potential exposure to a variety of security attacks Least Privilege Oracle Solaris Process Rights Management Always enabled and enforced by the Solaris kernel Completely compatible with traditional super-user privilege model
15 Least Privilege Example Oracle Solaris Process Rights Management Privileges Process Rights Management Processes Privilege Collection #1 Privilege Collection #2 Privilege Collection #3
16 Least Privilege Example Oracle Solaris Process Rights Management $ pfexec ppriv -S `pgrep rpcbind` 933: /usr/sbin/rpcbind flags = PRIV_AWARE E: net_bindmlp,net_privaddr,proc_fork,sys_nfs I: none P: net_bindmlp,net_privaddr,proc_fork,sys_nfs L: none $ pfexec ppriv -S `pgrep statd` 5139: /usr/lib/nfs/statd flags = PRIV_AWARE E: net_bindmlp,proc_fork I: none P: net_bindmlp,proc_fork L: none Every process has a unique set of privileges.
17Copyright © 2010 Oracle Corporation Hard Partitions Hypervisor Mediation Kernel Separation Strong Isolation and Resource Control Single OSMultiple OSes SPARC T-Series SPARC M-Series x86/x64 SPARC T-Series x86/x64 SPARC M-Series Oracle Dynamic Domains Oracle VM Server for SPARC Oracle VM Server for x86 Oracle VM VirtualBox Oracle Solaris Containers (Zones + SRM) Oracle Solaris Trusted Extensions Oracle Solaris 8 and 9 Containers
18 Strong Isolation and Resource Control Oracle Solaris Containers (Virtual) Server Operating System ServiceDB Server DB Server DB Server • Multiple, independent services • File, network, user, process, and resource isolation • Security protections • Single operating system instance • Centralized management and monitoring
19 Strong Isolation and Resource Control Oracle Solaris Containers Example (Virtual) Server Operating System ServiceDB Server DB Server DB Server $ pfexec zonecfg –z ozone info zonename: ozone zonepath: /export/zones/ozone […] [max-lwps: 300] [cpu-shares: 100] fs: dir: /etc/security/audit_control type: lofs options: [ro, nosuid, nodevices] […] inherit-pkg-dir: dir: /lib inherit-pkg-dir: dir: /platform inherit-pkg-dir: dir: /sbin inherit-pkg-dir: dir: /usr […] Each Container can have its own defined set of resources, file systems, network interfaces, etc.
20Copyright © 2010 Oracle Corporation Integration with the Solaris kernel enables fine-grained introspection Configurable audit policy at both the system and user level Captured events include administrative actions, commands, syscalls Comprehensive Monitoring Oracle Solaris Auditing Audit logs can be exported as binary, text, or XML files Containers can be audited from within the global zone
21Copyright © 2010 Oracle Corporation Comprehensive Monitoring Oracle Solaris Auditing Example Event: profile command time: 2010-09-08 11:56:11.511 -04:00 vers: 2 mod: host: quasar SUBJECT audit-uid: gbrunett uid: root gid: joe ruid: joe pid: 5015 sid: 685 tid: 0 0 quasar PATH: /usr/sbin/reboot CMD PROCESS: audit-uid: gbrunett uid: root gid: joe ruid: root rgid: joe pid: 5015 sid: 685 tid: 0 0 quasar RETURN errval: success retval: 0 ZONE name: ozone […] Event: reboot(1m) time: 2010-09-08 11:56:11.522 -04:00 vers: 2 mod: host: quasar SUBJECT: audit-uid: gbrunett uid: root gid: joe ruid: root rgid: joe pid: 5015 sid:685 tid: 0 0 quasar RETURN errval: success retval: 0 ZONE name: ozone Activity is captured retaining the ID of the original actor
22Copyright © 2010 Oracle Corporation Assembling the Pieces OracleVMforSPARC HYPERVISOR CONTROL DOMAIN GUEST DOMAIN / GLOBAL ZONE
23Copyright © 2010 Oracle Corporation Assembling the Pieces OracleVMforSPARC HYPERVISOR CONTROL DOMAIN GUEST DOMAIN / GLOBAL ZONE Package Minimization
24Copyright © 2010 Oracle Corporation Assembling the Pieces OracleVMforSPARC HYPERVISOR CONTROL DOMAIN GUEST DOMAIN / GLOBAL ZONE Package Minimization Secure by Default / Network Hardening
25Copyright © 2010 Oracle Corporation Assembling the Pieces OracleVMforSPARC HYPERVISOR CONTROL DOMAIN GUEST DOMAIN / GLOBAL ZONE Package Minimization Secure by Default / Network Hardening Resource Control
26Copyright © 2010 Oracle Corporation Assembling the Pieces OracleVMforSPARC HYPERVISOR CONTROL DOMAIN GUEST DOMAIN / GLOBAL ZONE Package Minimization Secure by Default / Network Hardening Resource Control Auditing
27Copyright © 2010 Oracle Corporation Assembling the Pieces OracleVMforSPARC HYPERVISOR CONTROL DOMAIN GUEST DOMAIN / GLOBAL ZONE Package Minimization Secure by Default / Network Hardening Resource Control Auditing CONTAINER
28Copyright © 2010 Oracle Corporation Assembling the Pieces OracleVMforSPARC HYPERVISOR CONTROL DOMAIN GUEST DOMAIN / GLOBAL ZONE Package Minimization Secure by Default / Network Hardening Resource Control Auditing CONTAINER
29Copyright © 2010 Oracle Corporation Assembling the Pieces OracleVMforSPARC HYPERVISOR CONTROL DOMAIN GUEST DOMAIN / GLOBAL ZONE Package Minimization Secure by Default / Network Hardening Resource Control Auditing CONTAINER Process Rights Management
30Copyright © 2010 Oracle Corporation Assembling the Pieces OracleVMforSPARC HYPERVISOR CONTROL DOMAIN GUEST DOMAIN / GLOBAL ZONE Package Minimization Secure by Default / Network Hardening Resource Control Auditing CONTAINER User Rights Management Process Rights Management
31Copyright © 2010 Oracle Corporation Just the Tip of the Iceberg • ZFS Data Security and Integrity – Ensures end-to-end data integrity by design – Delivers delegated administration, fine-grained access control, and hierarchical enforcement • Unified Cryptographic Framework – Enables hardware acceleration of algorithms – Integrates with PKCS#11, JCE, OpenSSL, etc. • Service Management Facility – Provides unified way to describe, manage and execute services • Trusted Extensions – Enforces multi-level security access control policies
32 Oracle Database Security Defense-in-Depth Access Control • Oracle Database Vault • Oracle Label Security • Oracle Advanced Security • Oracle Secure Backup • Oracle Data Masking Encryption and Masking Auditing and Tracking • Oracle Audit Vault • Oracle Configuration Management • Oracle Total Recall • Oracle Database Firewall Blocking and Monitoring
33Copyright © 2010 Oracle Corporation Transparency, Governance, and Compliance Comprehensive Information Protection and Monitoring Security-Enhanced Service Delivery Platforms Secure Service Oriented Architectures End-to-End Identity and Access Management Flexible and Strong Workload Isolation Integrated High-Performance Cryptography Tamper Resistant Key Storage Transparency, Governance, and Compliance Complete Set of Secure and Proven Solutions
34Copyright © 2010 Oracle Corporation For More Information…
35 Oracle Database Security Hands-on-Labs • Thursday Advanced Security 12:00PM | Marriott Marquis, Salon 10 / 11 Check Availability Audit Vault 1:30PM | Marriott Marquis, Salon 10 / 11 Check Availability
36 The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
37Copyright © 2010 Oracle Corporation
38Copyright © 2010 Oracle Corporation

Recommended

Oracle Solaris 11 platform for ECI Telecom private cloud infrastructure
Oracle Solaris 11 platform for ECI Telecom private cloud infrastructure Oracle Solaris 11 platform for ECI Telecom private cloud infrastructure
Oracle Solaris 11 platform for ECI Telecom private cloud infrastructure Orgad Kimchi
 
Dr3150012012202 1.getting started
Dr3150012012202 1.getting startedDr3150012012202 1.getting started
Dr3150012012202 1.getting startedNamgu Jeong
 
Best Practices with IPS on Oracle Solaris 11
Best Practices with IPS on Oracle Solaris 11Best Practices with IPS on Oracle Solaris 11
Best Practices with IPS on Oracle Solaris 11glynnfoster
 
Oracle Solaris 11.1 New Features
Oracle Solaris 11.1 New FeaturesOracle Solaris 11.1 New Features
Oracle Solaris 11.1 New FeaturesOrgad Kimchi
 
Oracle Solaris 11 - Best for Enterprise Applications
Oracle Solaris 11 - Best for Enterprise ApplicationsOracle Solaris 11 - Best for Enterprise Applications
Oracle Solaris 11 - Best for Enterprise Applicationsglynnfoster
 
Discoverer 11.1.1.7 web logic (10.3.6) & ebs r12 12.1.3) implementation guide...
Discoverer 11.1.1.7 web logic (10.3.6) & ebs r12 12.1.3) implementation guide...Discoverer 11.1.1.7 web logic (10.3.6) & ebs r12 12.1.3) implementation guide...
Discoverer 11.1.1.7 web logic (10.3.6) & ebs r12 12.1.3) implementation guide...ginniapps
 
Oracle Fusion Middleware Infrastructure Best Practices
Oracle Fusion Middleware Infrastructure Best PracticesOracle Fusion Middleware Infrastructure Best Practices
Oracle Fusion Middleware Infrastructure Best PracticesRevelation Technologies
 
IOUG Collaborate 2014 Auditing/Security in EM12c
IOUG Collaborate 2014 Auditing/Security in EM12cIOUG Collaborate 2014 Auditing/Security in EM12c
IOUG Collaborate 2014 Auditing/Security in EM12cKellyn Pot'Vin-Gorman
 

Recommended

Oracle Solaris 11 platform for ECI Telecom private cloud infrastructure
Oracle Solaris 11 platform for ECI Telecom private cloud infrastructure Oracle Solaris 11 platform for ECI Telecom private cloud infrastructure
Oracle Solaris 11 platform for ECI Telecom private cloud infrastructure Orgad Kimchi
 
Dr3150012012202 1.getting started
Dr3150012012202 1.getting startedDr3150012012202 1.getting started
Dr3150012012202 1.getting startedNamgu Jeong
 
Best Practices with IPS on Oracle Solaris 11
Best Practices with IPS on Oracle Solaris 11Best Practices with IPS on Oracle Solaris 11
Best Practices with IPS on Oracle Solaris 11glynnfoster
 
Oracle Solaris 11.1 New Features
Oracle Solaris 11.1 New FeaturesOracle Solaris 11.1 New Features
Oracle Solaris 11.1 New FeaturesOrgad Kimchi
 
Oracle Solaris 11 - Best for Enterprise Applications
Oracle Solaris 11 - Best for Enterprise ApplicationsOracle Solaris 11 - Best for Enterprise Applications
Oracle Solaris 11 - Best for Enterprise Applicationsglynnfoster
 
Discoverer 11.1.1.7 web logic (10.3.6) & ebs r12 12.1.3) implementation guide...
Discoverer 11.1.1.7 web logic (10.3.6) & ebs r12 12.1.3) implementation guide...Discoverer 11.1.1.7 web logic (10.3.6) & ebs r12 12.1.3) implementation guide...
Discoverer 11.1.1.7 web logic (10.3.6) & ebs r12 12.1.3) implementation guide...ginniapps
 
Oracle Fusion Middleware Infrastructure Best Practices
Oracle Fusion Middleware Infrastructure Best PracticesOracle Fusion Middleware Infrastructure Best Practices
Oracle Fusion Middleware Infrastructure Best PracticesRevelation Technologies
 
IOUG Collaborate 2014 Auditing/Security in EM12c
IOUG Collaborate 2014 Auditing/Security in EM12cIOUG Collaborate 2014 Auditing/Security in EM12c
IOUG Collaborate 2014 Auditing/Security in EM12cKellyn Pot'Vin-Gorman
 
Database as a Service, Collaborate 2016
Database as a Service, Collaborate 2016Database as a Service, Collaborate 2016
Database as a Service, Collaborate 2016Kellyn Pot'Vin-Gorman
 
Em13c New Features- One of Two
Em13c New Features- One of TwoEm13c New Features- One of Two
Em13c New Features- One of TwoKellyn Pot'Vin-Gorman
 
Fusion Applications Bare Metal Provisioning - Lessons Learned
Fusion Applications Bare Metal Provisioning - Lessons LearnedFusion Applications Bare Metal Provisioning - Lessons Learned
Fusion Applications Bare Metal Provisioning - Lessons LearnedAndrejs Karpovs
 
EM12C High Availability without SLB and RAC
EM12C High Availability without SLB and RACEM12C High Availability without SLB and RAC
EM12C High Availability without SLB and RACSecure-24
 
Oracle cloud storage and file system
Oracle cloud storage and file systemOracle cloud storage and file system
Oracle cloud storage and file systemAndrejs Karpovs
 
Em13c New Features- Two of Two
Em13c New Features- Two of TwoEm13c New Features- Two of Two
Em13c New Features- Two of TwoKellyn Pot'Vin-Gorman
 
Oracle EM12c Release 4 New Features!
Oracle EM12c Release 4 New Features!Oracle EM12c Release 4 New Features!
Oracle EM12c Release 4 New Features!Kellyn Pot'Vin-Gorman
 
F5 Networks Application Ready Solution for Oracle Database Technologies
F5 Networks Application Ready Solution for Oracle Database TechnologiesF5 Networks Application Ready Solution for Oracle Database Technologies
F5 Networks Application Ready Solution for Oracle Database TechnologiesF5 Networks
 
Configuring Oracle Enterprise Manager Cloud Control 12c for HA White Paper
Configuring Oracle Enterprise Manager Cloud Control 12c for HA White PaperConfiguring Oracle Enterprise Manager Cloud Control 12c for HA White Paper
Configuring Oracle Enterprise Manager Cloud Control 12c for HA White PaperLeighton Nelson
 
Enterprise manager 13c
Enterprise manager 13cEnterprise manager 13c
Enterprise manager 13cMarketingArrowECS_CZ
 
Managing Oracle Enterprise Manager Cloud Control 12c with Oracle Clusterware
Managing Oracle Enterprise Manager Cloud Control 12c with Oracle ClusterwareManaging Oracle Enterprise Manager Cloud Control 12c with Oracle Clusterware
Managing Oracle Enterprise Manager Cloud Control 12c with Oracle ClusterwareLeighton Nelson
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Applicationedavid2685
 
Oracle Audit vault
Oracle Audit vaultOracle Audit vault
Oracle Audit vaultuzzal basak
 
Upgrading Em13c Collaborate 2016
Upgrading Em13c Collaborate 2016Upgrading Em13c Collaborate 2016
Upgrading Em13c Collaborate 2016Kellyn Pot'Vin-Gorman
 
Oracle EBS R12.1.3_Installation_linux(64bit)_Pan_Tian
Oracle EBS R12.1.3_Installation_linux(64bit)_Pan_TianOracle EBS R12.1.3_Installation_linux(64bit)_Pan_Tian
Oracle EBS R12.1.3_Installation_linux(64bit)_Pan_TianPan Tian
 
Before OTD EDU - Introduction
Before OTD EDU - IntroductionBefore OTD EDU - Introduction
Before OTD EDU - IntroductionBeom Lee
 
Oracle Database Firewall - Pierre Leon
Oracle Database Firewall - Pierre LeonOracle Database Firewall - Pierre Leon
Oracle Database Firewall - Pierre LeonOracleVolutionSeries
 
New Not Your Father's Enterprise Manager
New Not Your Father's Enterprise ManagerNew Not Your Father's Enterprise Manager
New Not Your Father's Enterprise ManagerKellyn Pot'Vin-Gorman
 
Ppt dbsec-oow2013-avdf
Ppt dbsec-oow2013-avdfPpt dbsec-oow2013-avdf
Ppt dbsec-oow2013-avdfMelody Liu
 
EBS in an hour: Build a Vision instance - FAST - in Oracle Virtualbox
EBS in an hour: Build a Vision instance - FAST - in Oracle VirtualboxEBS in an hour: Build a Vision instance - FAST - in Oracle Virtualbox
EBS in an hour: Build a Vision instance - FAST - in Oracle Virtualboxjpiwowar
 
Kscope Not Your Father's Enterprise Manager
Kscope Not Your Father's Enterprise ManagerKscope Not Your Father's Enterprise Manager
Kscope Not Your Father's Enterprise ManagerKellyn Pot'Vin-Gorman
 
Zero to Manageability in 60 Minutes: Building a Solid Foundation for Oracle E...
Zero to Manageability in 60 Minutes: Building a Solid Foundation for Oracle E...Zero to Manageability in 60 Minutes: Building a Solid Foundation for Oracle E...
Zero to Manageability in 60 Minutes: Building a Solid Foundation for Oracle E...Courtney Llamas
 

More Related Content

What's hot

Database as a Service, Collaborate 2016
Database as a Service, Collaborate 2016Database as a Service, Collaborate 2016
Database as a Service, Collaborate 2016Kellyn Pot'Vin-Gorman
 
Fusion Applications Bare Metal Provisioning - Lessons Learned
Fusion Applications Bare Metal Provisioning - Lessons LearnedFusion Applications Bare Metal Provisioning - Lessons Learned
Fusion Applications Bare Metal Provisioning - Lessons LearnedAndrejs Karpovs
 
EM12C High Availability without SLB and RAC
EM12C High Availability without SLB and RACEM12C High Availability without SLB and RAC
EM12C High Availability without SLB and RACSecure-24
 
Oracle cloud storage and file system
Oracle cloud storage and file systemOracle cloud storage and file system
Oracle cloud storage and file systemAndrejs Karpovs
 
Oracle EM12c Release 4 New Features!
Oracle EM12c Release 4 New Features!Oracle EM12c Release 4 New Features!
Oracle EM12c Release 4 New Features!Kellyn Pot'Vin-Gorman
 
F5 Networks Application Ready Solution for Oracle Database Technologies
F5 Networks Application Ready Solution for Oracle Database TechnologiesF5 Networks Application Ready Solution for Oracle Database Technologies
F5 Networks Application Ready Solution for Oracle Database TechnologiesF5 Networks
 
Configuring Oracle Enterprise Manager Cloud Control 12c for HA White Paper
Configuring Oracle Enterprise Manager Cloud Control 12c for HA White PaperConfiguring Oracle Enterprise Manager Cloud Control 12c for HA White Paper
Configuring Oracle Enterprise Manager Cloud Control 12c for HA White PaperLeighton Nelson
 
Managing Oracle Enterprise Manager Cloud Control 12c with Oracle Clusterware
Managing Oracle Enterprise Manager Cloud Control 12c with Oracle ClusterwareManaging Oracle Enterprise Manager Cloud Control 12c with Oracle Clusterware
Managing Oracle Enterprise Manager Cloud Control 12c with Oracle ClusterwareLeighton Nelson
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Applicationedavid2685
 
Oracle Audit vault
Oracle Audit vaultOracle Audit vault
Oracle Audit vaultuzzal basak
 
Oracle EBS R12.1.3_Installation_linux(64bit)_Pan_Tian
Oracle EBS R12.1.3_Installation_linux(64bit)_Pan_TianOracle EBS R12.1.3_Installation_linux(64bit)_Pan_Tian
Oracle EBS R12.1.3_Installation_linux(64bit)_Pan_TianPan Tian
 
Before OTD EDU - Introduction
Before OTD EDU - IntroductionBefore OTD EDU - Introduction
Before OTD EDU - IntroductionBeom Lee
 
Oracle Database Firewall - Pierre Leon
Oracle Database Firewall - Pierre LeonOracle Database Firewall - Pierre Leon
Oracle Database Firewall - Pierre LeonOracleVolutionSeries
 
New Not Your Father's Enterprise Manager
New Not Your Father's Enterprise ManagerNew Not Your Father's Enterprise Manager
New Not Your Father's Enterprise ManagerKellyn Pot'Vin-Gorman
 
Ppt dbsec-oow2013-avdf
Ppt dbsec-oow2013-avdfPpt dbsec-oow2013-avdf
Ppt dbsec-oow2013-avdfMelody Liu
 
EBS in an hour: Build a Vision instance - FAST - in Oracle Virtualbox
EBS in an hour: Build a Vision instance - FAST - in Oracle VirtualboxEBS in an hour: Build a Vision instance - FAST - in Oracle Virtualbox
EBS in an hour: Build a Vision instance - FAST - in Oracle Virtualboxjpiwowar
 

What's hot (20)

Database as a Service, Collaborate 2016
Database as a Service, Collaborate 2016Database as a Service, Collaborate 2016
Database as a Service, Collaborate 2016
 
Em13c New Features- One of Two
Em13c New Features- One of TwoEm13c New Features- One of Two
Em13c New Features- One of Two
 
Fusion Applications Bare Metal Provisioning - Lessons Learned
Fusion Applications Bare Metal Provisioning - Lessons LearnedFusion Applications Bare Metal Provisioning - Lessons Learned
Fusion Applications Bare Metal Provisioning - Lessons Learned
 
EM12C High Availability without SLB and RAC
EM12C High Availability without SLB and RACEM12C High Availability without SLB and RAC
EM12C High Availability without SLB and RAC
 
Oracle cloud storage and file system
Oracle cloud storage and file systemOracle cloud storage and file system
Oracle cloud storage and file system
 
Em13c New Features- Two of Two
Em13c New Features- Two of TwoEm13c New Features- Two of Two
Em13c New Features- Two of Two
 
Oracle EM12c Release 4 New Features!
Oracle EM12c Release 4 New Features!Oracle EM12c Release 4 New Features!
Oracle EM12c Release 4 New Features!
 
F5 Networks Application Ready Solution for Oracle Database Technologies
F5 Networks Application Ready Solution for Oracle Database TechnologiesF5 Networks Application Ready Solution for Oracle Database Technologies
F5 Networks Application Ready Solution for Oracle Database Technologies
 
Configuring Oracle Enterprise Manager Cloud Control 12c for HA White Paper
Configuring Oracle Enterprise Manager Cloud Control 12c for HA White PaperConfiguring Oracle Enterprise Manager Cloud Control 12c for HA White Paper
Configuring Oracle Enterprise Manager Cloud Control 12c for HA White Paper
 
Enterprise manager 13c
Enterprise manager 13cEnterprise manager 13c
Enterprise manager 13c
 
Managing Oracle Enterprise Manager Cloud Control 12c with Oracle Clusterware
Managing Oracle Enterprise Manager Cloud Control 12c with Oracle ClusterwareManaging Oracle Enterprise Manager Cloud Control 12c with Oracle Clusterware
Managing Oracle Enterprise Manager Cloud Control 12c with Oracle Clusterware
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Application
 
Oracle Audit vault
Oracle Audit vaultOracle Audit vault
Oracle Audit vault
 
Upgrading Em13c Collaborate 2016
Upgrading Em13c Collaborate 2016Upgrading Em13c Collaborate 2016
Upgrading Em13c Collaborate 2016
 
Oracle EBS R12.1.3_Installation_linux(64bit)_Pan_Tian
Oracle EBS R12.1.3_Installation_linux(64bit)_Pan_TianOracle EBS R12.1.3_Installation_linux(64bit)_Pan_Tian
Oracle EBS R12.1.3_Installation_linux(64bit)_Pan_Tian
 
Before OTD EDU - Introduction
Before OTD EDU - IntroductionBefore OTD EDU - Introduction
Before OTD EDU - Introduction
 
Oracle Database Firewall - Pierre Leon
Oracle Database Firewall - Pierre LeonOracle Database Firewall - Pierre Leon
Oracle Database Firewall - Pierre Leon
 
New Not Your Father's Enterprise Manager
New Not Your Father's Enterprise ManagerNew Not Your Father's Enterprise Manager
New Not Your Father's Enterprise Manager
 
Ppt dbsec-oow2013-avdf
Ppt dbsec-oow2013-avdfPpt dbsec-oow2013-avdf
Ppt dbsec-oow2013-avdf
 
EBS in an hour: Build a Vision instance - FAST - in Oracle Virtualbox
EBS in an hour: Build a Vision instance - FAST - in Oracle VirtualboxEBS in an hour: Build a Vision instance - FAST - in Oracle Virtualbox
EBS in an hour: Build a Vision instance - FAST - in Oracle Virtualbox
 

Similar to Presentation deploying oracle database 11g securely on oracle solaris

Kscope Not Your Father's Enterprise Manager
Kscope Not Your Father's Enterprise ManagerKscope Not Your Father's Enterprise Manager
Kscope Not Your Father's Enterprise ManagerKellyn Pot'Vin-Gorman
 
Zero to Manageability in 60 Minutes: Building a Solid Foundation for Oracle E...
Zero to Manageability in 60 Minutes: Building a Solid Foundation for Oracle E...Zero to Manageability in 60 Minutes: Building a Solid Foundation for Oracle E...
Zero to Manageability in 60 Minutes: Building a Solid Foundation for Oracle E...Courtney Llamas
 
Solaris11 Desayunos Tecnicos Oracle (Solaris)
Solaris11 Desayunos Tecnicos Oracle (Solaris)Solaris11 Desayunos Tecnicos Oracle (Solaris)
Solaris11 Desayunos Tecnicos Oracle (Solaris)Fran Navarro
 
Securing data in Oracle Database 12c - 2015
Securing data in Oracle Database 12c - 2015Securing data in Oracle Database 12c - 2015
Securing data in Oracle Database 12c - 2015Connor McDonald
 
Oracle_DB_sobre_Oracle
Oracle_DB_sobre_OracleOracle_DB_sobre_Oracle
Oracle_DB_sobre_OracleFran Navarro
 
Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)
Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)
Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)Ramesh Nagappan
 
Best Practices for Building an Enterprise SOA Infrastructure on Oracle SOA Suite
Best Practices for Building an Enterprise SOA Infrastructure on Oracle SOA SuiteBest Practices for Building an Enterprise SOA Infrastructure on Oracle SOA Suite
Best Practices for Building an Enterprise SOA Infrastructure on Oracle SOA SuiteMatt Wright
 
2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL ServerGeorgi Kodinov
 
OSDC 2012 | Introduction to Eucalyptus by Olivier Renault
OSDC 2012 | Introduction to Eucalyptus by Olivier RenaultOSDC 2012 | Introduction to Eucalyptus by Olivier Renault
OSDC 2012 | Introduction to Eucalyptus by Olivier RenaultNETWAYS
 
Oracle storage best of-breed, best for oracle
Oracle storage best of-breed, best for oracleOracle storage best of-breed, best for oracle
Oracle storage best of-breed, best for oraclesolarisyougood
 
Security Inside Out: Latest Innovations in Oracle Database 12c
Security Inside Out: Latest Innovations in Oracle Database 12cSecurity Inside Out: Latest Innovations in Oracle Database 12c
Security Inside Out: Latest Innovations in Oracle Database 12cTroy Kitch
 
High Performance Security With SPARC T4 Hardware Assisted Cryptography
High Performance Security With SPARC T4 Hardware Assisted CryptographyHigh Performance Security With SPARC T4 Hardware Assisted Cryptography
High Performance Security With SPARC T4 Hardware Assisted CryptographyRamesh Nagappan
 
C6 deploying applications to your private cloud 7 to 10 times faster
C6 deploying applications to your private cloud 7 to 10 times fasterC6 deploying applications to your private cloud 7 to 10 times faster
C6 deploying applications to your private cloud 7 to 10 times fasterDr. Wilfred Lin (Ph.D.)
 
Maa in database12c
Maa in database12cMaa in database12c
Maa in database12cLaban Ndwaru
 
Modern Data Security with MySQL
Modern Data Security with MySQLModern Data Security with MySQL
Modern Data Security with MySQLVittorio Cioe
 
MySQL Cloud Service Deep Dive
MySQL Cloud Service Deep DiveMySQL Cloud Service Deep Dive
MySQL Cloud Service Deep DiveMorgan Tocker
 
Con8833 access at scale for hundreds of millions of users final
Con8833 access at scale for hundreds of millions of users finalCon8833 access at scale for hundreds of millions of users final
Con8833 access at scale for hundreds of millions of users finalOracleIDM
 

Similar to Presentation deploying oracle database 11g securely on oracle solaris (20)

Kscope Not Your Father's Enterprise Manager
Kscope Not Your Father's Enterprise ManagerKscope Not Your Father's Enterprise Manager
Kscope Not Your Father's Enterprise Manager
 
Zero to Manageability in 60 Minutes: Building a Solid Foundation for Oracle E...
Zero to Manageability in 60 Minutes: Building a Solid Foundation for Oracle E...Zero to Manageability in 60 Minutes: Building a Solid Foundation for Oracle E...
Zero to Manageability in 60 Minutes: Building a Solid Foundation for Oracle E...
 
Solaris11 Desayunos Tecnicos Oracle (Solaris)
Solaris11 Desayunos Tecnicos Oracle (Solaris)Solaris11 Desayunos Tecnicos Oracle (Solaris)
Solaris11 Desayunos Tecnicos Oracle (Solaris)
 
Eci sparc
Eci sparcEci sparc
Eci sparc
 
Securing data in Oracle Database 12c - 2015
Securing data in Oracle Database 12c - 2015Securing data in Oracle Database 12c - 2015
Securing data in Oracle Database 12c - 2015
 
Oracle_DB_sobre_Oracle
Oracle_DB_sobre_OracleOracle_DB_sobre_Oracle
Oracle_DB_sobre_Oracle
 
con8832-cloudha-2811114.pdf
con8832-cloudha-2811114.pdfcon8832-cloudha-2811114.pdf
con8832-cloudha-2811114.pdf
 
Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)
Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)
Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)
 
Best Practices for Building an Enterprise SOA Infrastructure on Oracle SOA Suite
Best Practices for Building an Enterprise SOA Infrastructure on Oracle SOA SuiteBest Practices for Building an Enterprise SOA Infrastructure on Oracle SOA Suite
Best Practices for Building an Enterprise SOA Infrastructure on Oracle SOA Suite
 
2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server
 
OSDC 2012 | Introduction to Eucalyptus by Olivier Renault
OSDC 2012 | Introduction to Eucalyptus by Olivier RenaultOSDC 2012 | Introduction to Eucalyptus by Olivier Renault
OSDC 2012 | Introduction to Eucalyptus by Olivier Renault
 
Oracle storage best of-breed, best for oracle
Oracle storage best of-breed, best for oracleOracle storage best of-breed, best for oracle
Oracle storage best of-breed, best for oracle
 
Security Inside Out: Latest Innovations in Oracle Database 12c
Security Inside Out: Latest Innovations in Oracle Database 12cSecurity Inside Out: Latest Innovations in Oracle Database 12c
Security Inside Out: Latest Innovations in Oracle Database 12c
 
High Performance Security With SPARC T4 Hardware Assisted Cryptography
High Performance Security With SPARC T4 Hardware Assisted CryptographyHigh Performance Security With SPARC T4 Hardware Assisted Cryptography
High Performance Security With SPARC T4 Hardware Assisted Cryptography
 
C6 deploying applications to your private cloud 7 to 10 times faster
C6 deploying applications to your private cloud 7 to 10 times fasterC6 deploying applications to your private cloud 7 to 10 times faster
C6 deploying applications to your private cloud 7 to 10 times faster
 
Maa in database12c
Maa in database12cMaa in database12c
Maa in database12c
 
ZFS appliance
ZFS applianceZFS appliance
ZFS appliance
 
Modern Data Security with MySQL
Modern Data Security with MySQLModern Data Security with MySQL
Modern Data Security with MySQL
 
MySQL Cloud Service Deep Dive
MySQL Cloud Service Deep DiveMySQL Cloud Service Deep Dive
MySQL Cloud Service Deep Dive
 
Con8833 access at scale for hundreds of millions of users final
Con8833 access at scale for hundreds of millions of users finalCon8833 access at scale for hundreds of millions of users final
Con8833 access at scale for hundreds of millions of users final
 

More from xKinAnx

Engage for success ibm spectrum accelerate 2
Engage for success ibm spectrum accelerate 2Engage for success ibm spectrum accelerate 2
Engage for success ibm spectrum accelerate 2xKinAnx
 
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep diveAccelerate with ibm storage ibm spectrum virtualize hyper swap deep dive
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep divexKinAnx
 
Software defined storage provisioning using ibm smart cloud
Software defined storage provisioning using ibm smart cloudSoftware defined storage provisioning using ibm smart cloud
Software defined storage provisioning using ibm smart cloudxKinAnx
 
Ibm spectrum virtualize 101
Ibm spectrum virtualize 101 Ibm spectrum virtualize 101
Ibm spectrum virtualize 101 xKinAnx
 
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...xKinAnx
 
04 empalis -ibm_spectrum_protect_-_strategy_and_directions
04 empalis -ibm_spectrum_protect_-_strategy_and_directions04 empalis -ibm_spectrum_protect_-_strategy_and_directions
04 empalis -ibm_spectrum_protect_-_strategy_and_directionsxKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...
Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...
Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...
Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...
Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...
Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...
Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...
Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...
Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...xKinAnx
 
Presentation disaster recovery in virtualization and cloud
Presentation disaster recovery in virtualization and cloudPresentation disaster recovery in virtualization and cloud
Presentation disaster recovery in virtualization and cloudxKinAnx
 
Presentation disaster recovery for oracle fusion middleware with the zfs st...
Presentation disaster recovery for oracle fusion middleware with the zfs st...Presentation disaster recovery for oracle fusion middleware with the zfs st...
Presentation disaster recovery for oracle fusion middleware with the zfs st...xKinAnx
 
Presentation differentiated virtualization for enterprise clouds, large and...
Presentation differentiated virtualization for enterprise clouds, large and...Presentation differentiated virtualization for enterprise clouds, large and...
Presentation differentiated virtualization for enterprise clouds, large and...xKinAnx
 
Presentation desktops for the cloud the view rollout
Presentation desktops for the cloud the view rolloutPresentation desktops for the cloud the view rollout
Presentation desktops for the cloud the view rolloutxKinAnx
 

More from xKinAnx (20)

Engage for success ibm spectrum accelerate 2
Engage for success ibm spectrum accelerate 2Engage for success ibm spectrum accelerate 2
Engage for success ibm spectrum accelerate 2
 
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep diveAccelerate with ibm storage ibm spectrum virtualize hyper swap deep dive
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive
 
Software defined storage provisioning using ibm smart cloud
Software defined storage provisioning using ibm smart cloudSoftware defined storage provisioning using ibm smart cloud
Software defined storage provisioning using ibm smart cloud
 
Ibm spectrum virtualize 101
Ibm spectrum virtualize 101 Ibm spectrum virtualize 101
Ibm spectrum virtualize 101
 
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...
 
04 empalis -ibm_spectrum_protect_-_strategy_and_directions
04 empalis -ibm_spectrum_protect_-_strategy_and_directions04 empalis -ibm_spectrum_protect_-_strategy_and_directions
04 empalis -ibm_spectrum_protect_-_strategy_and_directions
 
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
 
Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...
Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...
Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...
 
Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...
Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...
Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...
 
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
 
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
 
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...
 
Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...
 
Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...
 
Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...
Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...
Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...
 
Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...
Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...
Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...
 
Presentation disaster recovery in virtualization and cloud
Presentation disaster recovery in virtualization and cloudPresentation disaster recovery in virtualization and cloud
Presentation disaster recovery in virtualization and cloud
 
Presentation disaster recovery for oracle fusion middleware with the zfs st...
Presentation disaster recovery for oracle fusion middleware with the zfs st...Presentation disaster recovery for oracle fusion middleware with the zfs st...
Presentation disaster recovery for oracle fusion middleware with the zfs st...
 
Presentation differentiated virtualization for enterprise clouds, large and...
Presentation differentiated virtualization for enterprise clouds, large and...Presentation differentiated virtualization for enterprise clouds, large and...
Presentation differentiated virtualization for enterprise clouds, large and...
 
Presentation desktops for the cloud the view rollout
Presentation desktops for the cloud the view rolloutPresentation desktops for the cloud the view rollout
Presentation desktops for the cloud the view rollout
 

Recently uploaded

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 

Presentation deploying oracle database 11g securely on oracle solaris

  • 1. 1Copyright © 2010 Oracle Corporation
  • 2. <Insert Picture Here> Deploying Oracle Database 11g Securely on Oracle Solaris Glenn Brunette Senior Director, Enterprise Security Solutions
  • 3. 3Copyright © 2010 Oracle Corporation The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
  • 4. 4Copyright © 2010 Oracle Corporation Agenda • Introduction – Why Focus on Operating Systems? – How Can Oracle Solaris Help? • Deploying On A Strong Foundation – Reduced Attack Surface – Separation of Duty and Least Privilege – Strong Isolation and Resource Control – Comprehensive Monitoring • Embracing a Defense in Depth Architecture – Hardware, Operating System and Database Security
  • 5. 5Copyright © 2010 Oracle Corporation Why Focus on the Operating System? • Burglars Don’t Always Use the Front Door – Similar goals can be achieved using different methods
  • 6. 6Copyright © 2010 Oracle Corporation Why Focus on the Operating System? • Burglars Don’t Always Use the Front Door – Similar goals can be achieved using different methods • Attacks Don’t Always Originate in the Database – Operating system access provides unique opportunities
  • 7. 7Copyright © 2010 Oracle Corporation Why Focus on the Operating System? • Burglars Don’t Always Use the Front Door – Similar goals can be achieved using different methods • Attacks Don’t Always Originate in the Database – Operating system access provides unique opportunities • Security Must Be Systemically Applied – A chain is only as strong as its weakest link
  • 8. 8Copyright © 2010 Oracle Corporation How Can Oracle Solaris Help? • Reduced Attack Surface – Package Minimization – (Network) Secure by Default • Separation of Duty and Least Privilege – User Rights Management – Process Rights Management • Strong Isolation and Resource Control – Logical Domains – Containers • Comprehensive Monitoring – Auditing
  • 9. 9Copyright © 2010 Oracle Corporation Reduced Attack Surface Oracle Solaris Package Minimization • Selectively install only what is needed – Reduce the operating system file foot print – 3.6 GB vs. 550M (disk consumed by Entire+OEM vs. Reduced Networking) • Uninstalled software… – can not be executed or exploited – does not need updates or patching – does not need configuration or maintenance • Foundation for specialized deployments and appliances
  • 10. 10Copyright © 2010 Oracle Corporation Reduced Attack Surface Oracle Solaris Secure by Default • Expose only required services to the network – Reduce the operating system network foot print – Most services are disabled; a few are set to “local only” – Secure Shell is the only exposed service by default • Integrated with Service Management Facility – Common administrative model for all service operations – Fully customizable based upon unique site requirements • Foundation for Additional Network Protections – Host-based packet filtering (Solaris IP Filter) – Secure authentication (Solaris Kerberos) – Secure network communications (Solaris IPsec / IKE)
  • 11. 11Copyright © 2010 Oracle Corporation Method for composing collections of administrative rights Rights are specified using hierarchical profiles and authorizations Rights can be assigned to individual users and roles Separation of Duty Oracle Solaris User Rights Management Auditing always tracks the 'real' user – no anonymous admin! Roles can only be assumed by authorized users
  • 12. 12 Separation of Duty Example Oracle Solaris User Rights Management Rights User Rights Management User Roles Internal Auditor System Admin. Oracle DBA System Maintenance, Troubleshooting System Security Review, Audit Trail Review Database Administration
  • 13. 13 Separation of Duty Example Oracle Solaris User Rights Management
  • 14. 14Copyright © 2010 Oracle Corporation Eliminates need for many services to start as ‘root’ Decomposes administrative capabilities into discrete privileges Reduces potential exposure to a variety of security attacks Least Privilege Oracle Solaris Process Rights Management Always enabled and enforced by the Solaris kernel Completely compatible with traditional super-user privilege model
  • 15. 15 Least Privilege Example Oracle Solaris Process Rights Management Privileges Process Rights Management Processes Privilege Collection #1 Privilege Collection #2 Privilege Collection #3
  • 16. 16 Least Privilege Example Oracle Solaris Process Rights Management $ pfexec ppriv -S `pgrep rpcbind` 933: /usr/sbin/rpcbind flags = PRIV_AWARE E: net_bindmlp,net_privaddr,proc_fork,sys_nfs I: none P: net_bindmlp,net_privaddr,proc_fork,sys_nfs L: none $ pfexec ppriv -S `pgrep statd` 5139: /usr/lib/nfs/statd flags = PRIV_AWARE E: net_bindmlp,proc_fork I: none P: net_bindmlp,proc_fork L: none Every process has a unique set of privileges.
  • 17. 17Copyright © 2010 Oracle Corporation Hard Partitions Hypervisor Mediation Kernel Separation Strong Isolation and Resource Control Single OSMultiple OSes SPARC T-Series SPARC M-Series x86/x64 SPARC T-Series x86/x64 SPARC M-Series Oracle Dynamic Domains Oracle VM Server for SPARC Oracle VM Server for x86 Oracle VM VirtualBox Oracle Solaris Containers (Zones + SRM) Oracle Solaris Trusted Extensions Oracle Solaris 8 and 9 Containers
  • 18. 18 Strong Isolation and Resource Control Oracle Solaris Containers (Virtual) Server Operating System ServiceDB Server DB Server DB Server • Multiple, independent services • File, network, user, process, and resource isolation • Security protections • Single operating system instance • Centralized management and monitoring
  • 19. 19 Strong Isolation and Resource Control Oracle Solaris Containers Example (Virtual) Server Operating System ServiceDB Server DB Server DB Server $ pfexec zonecfg –z ozone info zonename: ozone zonepath: /export/zones/ozone […] [max-lwps: 300] [cpu-shares: 100] fs: dir: /etc/security/audit_control type: lofs options: [ro, nosuid, nodevices] […] inherit-pkg-dir: dir: /lib inherit-pkg-dir: dir: /platform inherit-pkg-dir: dir: /sbin inherit-pkg-dir: dir: /usr […] Each Container can have its own defined set of resources, file systems, network interfaces, etc.
  • 20. 20Copyright © 2010 Oracle Corporation Integration with the Solaris kernel enables fine-grained introspection Configurable audit policy at both the system and user level Captured events include administrative actions, commands, syscalls Comprehensive Monitoring Oracle Solaris Auditing Audit logs can be exported as binary, text, or XML files Containers can be audited from within the global zone
  • 21. 21Copyright © 2010 Oracle Corporation Comprehensive Monitoring Oracle Solaris Auditing Example Event: profile command time: 2010-09-08 11:56:11.511 -04:00 vers: 2 mod: host: quasar SUBJECT audit-uid: gbrunett uid: root gid: joe ruid: joe pid: 5015 sid: 685 tid: 0 0 quasar PATH: /usr/sbin/reboot CMD PROCESS: audit-uid: gbrunett uid: root gid: joe ruid: root rgid: joe pid: 5015 sid: 685 tid: 0 0 quasar RETURN errval: success retval: 0 ZONE name: ozone […] Event: reboot(1m) time: 2010-09-08 11:56:11.522 -04:00 vers: 2 mod: host: quasar SUBJECT: audit-uid: gbrunett uid: root gid: joe ruid: root rgid: joe pid: 5015 sid:685 tid: 0 0 quasar RETURN errval: success retval: 0 ZONE name: ozone Activity is captured retaining the ID of the original actor
  • 22. 22Copyright © 2010 Oracle Corporation Assembling the Pieces OracleVMforSPARC HYPERVISOR CONTROL DOMAIN GUEST DOMAIN / GLOBAL ZONE
  • 23. 23Copyright © 2010 Oracle Corporation Assembling the Pieces OracleVMforSPARC HYPERVISOR CONTROL DOMAIN GUEST DOMAIN / GLOBAL ZONE Package Minimization
  • 24. 24Copyright © 2010 Oracle Corporation Assembling the Pieces OracleVMforSPARC HYPERVISOR CONTROL DOMAIN GUEST DOMAIN / GLOBAL ZONE Package Minimization Secure by Default / Network Hardening
  • 25. 25Copyright © 2010 Oracle Corporation Assembling the Pieces OracleVMforSPARC HYPERVISOR CONTROL DOMAIN GUEST DOMAIN / GLOBAL ZONE Package Minimization Secure by Default / Network Hardening Resource Control
  • 26. 26Copyright © 2010 Oracle Corporation Assembling the Pieces OracleVMforSPARC HYPERVISOR CONTROL DOMAIN GUEST DOMAIN / GLOBAL ZONE Package Minimization Secure by Default / Network Hardening Resource Control Auditing
  • 27. 27Copyright © 2010 Oracle Corporation Assembling the Pieces OracleVMforSPARC HYPERVISOR CONTROL DOMAIN GUEST DOMAIN / GLOBAL ZONE Package Minimization Secure by Default / Network Hardening Resource Control Auditing CONTAINER
  • 28. 28Copyright © 2010 Oracle Corporation Assembling the Pieces OracleVMforSPARC HYPERVISOR CONTROL DOMAIN GUEST DOMAIN / GLOBAL ZONE Package Minimization Secure by Default / Network Hardening Resource Control Auditing CONTAINER
  • 29. 29Copyright © 2010 Oracle Corporation Assembling the Pieces OracleVMforSPARC HYPERVISOR CONTROL DOMAIN GUEST DOMAIN / GLOBAL ZONE Package Minimization Secure by Default / Network Hardening Resource Control Auditing CONTAINER Process Rights Management
  • 30. 30Copyright © 2010 Oracle Corporation Assembling the Pieces OracleVMforSPARC HYPERVISOR CONTROL DOMAIN GUEST DOMAIN / GLOBAL ZONE Package Minimization Secure by Default / Network Hardening Resource Control Auditing CONTAINER User Rights Management Process Rights Management
  • 31. 31Copyright © 2010 Oracle Corporation Just the Tip of the Iceberg • ZFS Data Security and Integrity – Ensures end-to-end data integrity by design – Delivers delegated administration, fine-grained access control, and hierarchical enforcement • Unified Cryptographic Framework – Enables hardware acceleration of algorithms – Integrates with PKCS#11, JCE, OpenSSL, etc. • Service Management Facility – Provides unified way to describe, manage and execute services • Trusted Extensions – Enforces multi-level security access control policies
  • 32. 32 Oracle Database Security Defense-in-Depth Access Control • Oracle Database Vault • Oracle Label Security • Oracle Advanced Security • Oracle Secure Backup • Oracle Data Masking Encryption and Masking Auditing and Tracking • Oracle Audit Vault • Oracle Configuration Management • Oracle Total Recall • Oracle Database Firewall Blocking and Monitoring
  • 33. 33Copyright © 2010 Oracle Corporation Transparency, Governance, and Compliance Comprehensive Information Protection and Monitoring Security-Enhanced Service Delivery Platforms Secure Service Oriented Architectures End-to-End Identity and Access Management Flexible and Strong Workload Isolation Integrated High-Performance Cryptography Tamper Resistant Key Storage Transparency, Governance, and Compliance Complete Set of Secure and Proven Solutions
  • 34. 34Copyright © 2010 Oracle Corporation For More Information…
  • 35. 35 Oracle Database Security Hands-on-Labs • Thursday Advanced Security 12:00PM | Marriott Marquis, Salon 10 / 11 Check Availability Audit Vault 1:30PM | Marriott Marquis, Salon 10 / 11 Check Availability
  • 36. 36 The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
  • 37. 37Copyright © 2010 Oracle Corporation
  • 38. 38Copyright © 2010 Oracle Corporation