Weitere ähnliche Inhalte Ähnlich wie Ppt dbsec-oow2013-avdf (20) Kürzlich hochgeladen (20) Ppt dbsec-oow2013-avdf1. Oracle Audit Vault and
Database Firewall :
First Line of Defense In Data Security
Melody Liu
Senior Principal Product Manager
Oracle Database Security
2. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.2
Program Agenda
Introduction
Overview of Oracle Audit Vault and Database Firewall
Key Features
Demo
Q&A
3. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.3
The following is intended to outline our general product direction. It is intended
for information purposes only, and may not be incorporated into any contract.
It is not a commitment to deliver any material, code, or functionality, and should
not be relied upon in making purchasing decisions. The development, release,
and timing of any features or functionality described for Oracle’s products
remains at the sole discretion of Oracle.
4. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.4
Oracle Audit Vault and
Database Firewall
Overview
5. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.5
Oracle Database Security Solutions
Defense-in-Depth for Maximum Security
Activity Monitoring
Database Firewall
Auditing and Reporting
DETECTIVE
Redaction and Masking
Privileged User Controls
Encryption
PREVENTIVE ADMINISTRATIVE
Sensitive Data Discovery
Configuration Management
Privilege Analysis
6. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.6
Oracle Audit Vault and Database Firewall
APPS
Users
AUDIT VAULT
Firewall
Events
Database Firewall
AUDIT
DATA
Operating Systems
File Systems
Directories
Custom Audit Data
Reports
!Alerts
Policies
Auditor
Security
Manager
7. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.7
Heterogeneous Enterprise Auditing Collection with
Audit Vault Server
8. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.8
Heterogeneous Enterprise Auditing Collection with
Audit Vault Server
AUDIT VAULT
9. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.9
Audit Vault Server
Central Repository of Audit Event Data
Extensive and Customizable Reporting
Powerful Alerting
Enterprise Scale Deployment
Heterogeneous Enterprise Audit Collection
10. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.10
Audit Vault Server
Central Repository of Audit Event Data
Extensive and Customizable Reporting
Powerful Alerting
Enterprise Scale Deployment
Heterogeneous Enterprise Audit Collection
11. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.11
Audit Vault Server
Central Repository of Audit Event Data
12. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.12
Audit Vault Server
Central Repository of Audit Event Data
13. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.13
Audit Vault Server
Central Repository of Audit Event Data
14. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.14
Audit Vault Server
Central Repository of Audit Event Data
Extensive and Customizable Reporting
Powerful Alerting
Enterprise Scale Deployment
Heterogeneous Enterprise Audit Collection
15. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.15
Audit Vault Server
Extensive and Customizable Reporting
Dozens of predefined reports
Flexible interactive browsing
Customizable reporting
Scheduling, notification & attestation
16. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.16
Audit Vault Server
Extensive and Customizable Reporting – Entitlement Report
Create meaningful users.
Remove snapshot time, tablespace
17. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.17
Audit Vault Server
Central Repository of Audit Event Data
Extensive and Customizable Reporting
Powerful Alerting
Enterprise Scale Deployment
Heterogeneous Enterprise Audit Collection
18. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.18
Audit Vault Server
Powerful Alerting
20. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.20
Audit Vault Server
Central Repository of Audit Event Data
Extensive and Customizable Reporting
Powerful Alerting
Enterprise Scale Deployment
Heterogeneous Enterprise Audit Collection
21. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.21
Audit Vault Server
Built on Proven Oracle Technology
Secure
– Fine-grained security groups
– Strict separation of Duty
Life Cycle Management for Audit Event Data
3rd Party Integration & Custom Collection plug-in
Enterprise Scale Deployment
22. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.22
Audit Vault Server Summary
Heterogeneous Enterprise Audit Collection
AUDIT VAULT
23. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.23
Central Repository of Audit Event Data
Extensive and Customizable Reporting
Powerful Alerting
Enterprise Scale Deployment
Audit Vault Server Summary
Heterogeneous Enterprise Audit Collection
24. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.24
Database Monitoring with
Database Firewall
25. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.25
SQL Injection
#1 Risks on OWASP Most Critical Application Security Risks - 2013
• Anyone who can sent untrusted data to the
database including external users, internal users,
and administrators
Threat
Agent
• EASY
• Attacker sends text based attacks that exploit
the uncleansed syntax
Attack
Vector
• SEVERE
• Injection can result in data loss or corruption,
lack of accountability or complete host takeover
Impact
26. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.26
Database Firewall
Real-time Database Activity Monitoring on the Network
Capture Events for Analysis and Compliance Reporting
Flexible Deployment Models
SQL Injections Protection with Positive Policy Model
Constraining Activities with Negative Policy Model
First Line of Defence
27. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.27
Database Firewall
Real-time Database Activity Monitoring on the Network
Capture Events for Analysis and Compliance Reporting
Flexible Deployment Models
SQL Injections Protection with Positive Policy Model
Constraining Activities with Negative Policy Model
First Line of Defence
28. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.28
Database Firewall
Real-time Database Activity Monitoring on the Network
Capture Events for Analysis and Compliance Reporting
Flexible Deployment Models
SQL Injections Protection with Positive Policy Model
Constraining Activities with Negative Policy Model
First Line of Defence
29. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.29
Database Firewall
Flexible Deployment Models
30. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.30
Database Firewall
Real-time Database Activity Monitoring on the Network
Capture Events for Analysis and Compliance Reporting
Flexible Deployment Models
SQL Injections Protection with Positive Policy Model
Constraining Activities with Negative Policy Model
First Line of Defence
31. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.31
Database Firewall
SQL Injection Protection with Positive Policing Model
White List
Applications
Block
Allow
SELECT * from stock
where catalog-no='PHE8131'
SELECT * from stock
where catalog-no=‘
' union select cardNo,0,0
from Orders --’
• Define “allowed” behavior for any user or application
• Automated whitelist generation for any application
• Out-of-policy Database network interactions instantly blocked
Databases
32. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.32
Database Firewall
Real-time Database Activity Monitoring on the Network
Capture Events for Analysis and Compliance Reporting
Flexible Deployment Models
SQL Injections Protection with Positive Policy Model
Constraining Activities with Negative Policy Model
First Line of Defence
33. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.33
Database Firewall
Constraining Activity with Negative Policing Model
• Stop specific “non-authorized” SQL interactions, user or schema access
• Blacklisting can be done on IP address, application, DB user, OS user
• Provide flexibility to authorized users while still monitoring activity
Black List
Block
Allow
LogSELECT * from stock
SELECT * from stock
Databases
Non-authorized
user activity
Legitimate
data access
34. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.34
Other Key AVDF Features
Distributed as Soft Appliance
One Web UI Management Console for Admin and Auditor
Fine-Grained Security Groups
Strict Separation of Duty
Command Line Client for Automation and Scripting
Easy Installation & Administration
35. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.35
Enterprise Manager Cloud Control 12c Integration
EM integration
Database plugin 12.1.0.5
36. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.36
Summary in 1 Slide
37. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.37
Oracle Audit Vault and Database Firewall
APPS
Users
AUDIT VAULT
Firewall
Events
Database Firewall
Reports
!Alerts
Policies
Auditor
Security
Manager
AUDIT
DATA
Operating Systems
File Systems
Directories
Custom Audit Data
38. Copyright © 2013, Oracle and/or its affiliates. All rights reserved.38
Oracle Database Security Sessions
Time Session Title
Monday 12:15 - 1:15 pm Security Inside-Out with Oracle Database 12c
Monday 1:45 - 2:45 pm Oracle Database 12c Real Application Security for Oracle Application Express
Monday 1:45 - 2:45 pm Oracle Audit Vault and Database Firewall: First Line of Defense in Data Security
Monday 4:45 – 5:45 pm Introducing Oracle Key Vault: Enterprise Database Encryption Key Management
Tuesday 3:45 – 4:45 New security capabilities in Oracle Database 12c
Tuesday 5:15 – 6:15 pm Oracle Audit Vault and Database Firewall: Deployment Best Practices
Wednesday 11:45 – 12:45 pm Oracle Database Security Solutions Customer Panel: Real-World Case Studies
Wednesday 3:30 – 4:30 pm DBA Best Practices for Protecting Data Privacy with Oracle’s Data Masking
Wednesday 5:00 – 6:00 pm Sensitive Data Redaction with Oracle Database 12c