Beruflich Dokumente
Kultur Dokumente
May 2008
Oracle Database 9i
De-Identifying
Information for
Sharing
Data
Encryption
Data
Classification
Configuration
Management
Secure
Backup
Total
Recall
Label
Security
Audit
Vault
Data
Masking
Database Vault
Advanced
Security
Configuration
Management
Secure
Backup
Total
Recall
Label
Security
Audit
Vault
Data
Masking
DBA
HR Realm
HR
HR App
Eliminates security
risks from server
consolidation
FIN Realm
FIN
FIN App
Connect .
HR
HR Application
User
Unexpected IP
address
CREATE
FIN
FIN Application
DBA
Business hours
Security administration
Database Vault administration is done using a separation
administration account from DBA or SYSDBA
10
PeopleSoft
E-Business Suite
Siebel
Oracle Content DB
Oracle Internet Directory
11
Advanced
Security
Configuration
Management
Secure
Backup
Total
Recall
Label
Security
Audit
Vault
Data
Masking
12
75000
Data
Transparently
Decrypted
^#^ *
Data
Transparently
Encrypted
13
14
15
16
Security DBA
opens wallet
containing master
key
Transparent
Data
Encryption
Application users
FIN application
data encrypted
using column
key
HR application
data encrypted
using column
key
17
Security DBA
opens wallet
containing master
key
Transparent
Data
Encryption
Application users
FIN application
data encrypted
using column
key
HR application
data encrypted
using column
key
18
Oracle Databases
Integration with
RMAN
Windows
Linux
NAS
Improved Performance
No backup (and reads) of committed
undo
Tape
19
Configuration
Management
Secure
Backup
Total
Recall
Audit
Vault
Data
Masking
Label
Security
20
Data
Highly Sensitive
Sensitive
Confidential
Components
Sensitive
Highly Sensitive
21
Sensitivity Level
Highly
Sensitive
Sensitive
Confidential
Sensitive
22
Sensitivity Level
Highly
Sensitive
PII
FIN
LEGAL
Sensitive
Confidential
Sensitive : HR
23
Sensitivity Level
Highly
Sensitive
PII
FIN
LEGAL
Europe
Global
Confidential
Sensitive : HR : US
24
25
Levels
Compartments
Groups
Law
Enforcement
Government
Policy
Level 1
Confidential
Level 2
Sensitive
Highly Sensitive Level 3
Confidential
Secret
Top Secret
PII Data
Investigation
Internal Affairs
Drug
Enforcement
Desert Storm
Border
Protection
HR REP
Senior HR REP
Local
Jurisdiction
FBI
Justice
NATO
Homeland
Security
26
27
Configuration
Management
Secure
Backup
Total
Recall
Label
Security
Audit
Vault
Data
Masking
28
LAST_NAME
SSN
SALARY
AGUILAR
203-33-3234
40,000
BENSON
323-22-2943
60,000
Cloned
Database
Production
Database
LAST_NAME
SSN
SALARY
ANSKEKSL
11123-1111
40,000
BKJHHEIEDK
111-34-1345
60,000
29
licy
Po
D
VP
where account_mgr_id =
sys_context('APP','CURRENT_MGR');
APP
SSN
701-495-2123
25000
121-791-4212
181-095-1232
15000
581-295-7603
12000
431-395-9332
17000
381-395-9223
15000
10000
483-562-0912
461-978-8212
30
Configuration
Management
Secure
Backup
Total
Recall
Audit
Vault
Label
Security
Data
Masking
31
Flexible
Audit table and OS file destinations (OS is most performant)
Supports XML format
Windows event viewer & SYSLOG
32
Oracle Database
9i Release 2
(Future)
Other Sources,
Databases
Oracle Database 10g
Oracle Database
Release 1
11g
Oracle Database
10g Release 2
Custom reports
Published warehouse schema
Use Oracle or 3rd party tools
User-defined reports
What privileged users did
on the financial database?
What user A did across
multiple databases?
Who accessed sensitive
data?
34
Enterprise overview
Alerts on audit events
Drill down reports
Audit Vault administration
Security
Separation of duty
Privileged users can't modify audit data
Data protected in transit from source to
Audit Vault
36
37
38
Host
Database Profile/Configuration
Default Passwords
Disallow access to objects by a fixed user link
Disallow default tablespace set to SYSTEM
Set password_grace_time
Limit or deny access to DBMS_LOB
Set password_reuse_max
Avoid using utl_file_dir parameter
Application Server
39
Learn More
http://search.oracle.com
database security
Technology Overview
Visit: oracle.com/database/security
View Whitepapers and webinars
40
41
Oracle
8i
Oracle
Oracle
Oracle
Oracle
Oracle
Database
Database
Database
Database
Database
9iR1
9iR2
10g R1
10g R2
11gR1
Database Auditing
Network Encryption
Virtual Private Database
Label Security
Privileged User Controls
Enterprise User Security
Fine Grained Auditing
Client Identifier
EM Configuration Scanning
TDE Column Encryption
TDE Tablespace Encryption
EM Data Masking
Data Masking is available starting with EM 10.2.0.4 and works against Oracle Database 9.2 and higher databases.
42
43