SlideShare a Scribd company logo

Oracle security 03-implementing oracle database auditing

Zhaoyang Wang
Zhaoyang Wang

Oracle security 03-implementing oracle database auditing

Technology
1 of 25
Download to read offline
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Implementing Oracle Database Auditing
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Objectives After completing this lesson, you should be able to: • Describe DBA responsibilities for security and auditing • Enable standard database auditing • Specify audit options • Review audit information • Maintain the audit trail
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Database Security A secure system ensures the confidentiality of the data that it contains. There are several aspects of security: • Restricting access to data and services • Authenticating users • Monitoring for suspicious activity
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Monitoring for Compliance Monitoring or auditing must be an integral part of your security procedures. Review the following: • Mandatory auditing • Standard database auditing • Value-based auditing • Fine-grained auditing (FGA) • SYSDBA (and SYSOPER) auditing
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Audit Tool Comparisons Fixed set of data, including the SQL statement SQL statements (INSERT, UPDATE, DELETE, and SELECT) based on content Fine-grained auditing (FGA) Administrator defined Data changed by DML statements Value-based auditing Fixed set of dataPrivilege use including object access Standard database auditing What Is in the Audit Trail? What Is Audited?Type of Audit
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Audit trail Parameter file Specify audit options. Generate audit trail. Standard Database Auditing DBA User executes command. Database OS or XML audit trail Audit options Server process 1 2 3 Enable database auditing. Review audit information. Maintain audit trail. 4
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Configuring the Audit Trail Restart database after modifying this static initialization parameter. ALTER SYSTEM SET AUDIT_TRAIL='XML' SCOPE=SPFILE; Audit trail can be set to: • NONE • OS • DB • DB, EXTENDED • XML • XML, EXTENDED Use AUDIT_TRAIL to enable database auditing.
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Uniform Audit Trails DBA_AUDIT_TRAIL DBA_FGA_AUDIT_TRAIL DBA_COMMON_AUDIT_TRAIL EXTENDED_TIMESTAMP, PROXY_SESSIONID, GLOBAL_UID, INSTANCE_NUMBER, OS_PROCESS, TRANSACTIONID, SCN, SQL_BIND, SQL_TEXT STATEMENTID, ENTRYID AUDIT_TRAIL=DB, EXTENDED
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Specifying Audit Options • SQL statement auditing: • System-privilege auditing (nonfocused and focused): • Object-privilege auditing (nonfocused and focused): AUDIT select any table, create any trigger; AUDIT select any table BY hr BY SESSION; AUDIT table; AUDIT ALL on hr.employees; AUDIT UPDATE,DELETE on hr.employees BY ACCESS;
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Default Auditing Privileges Audited by Default ALTER ANY PROCEDURE ALTER ANY TABLE ALTER DATABASE ALTER PROFILE ALTER SYSTEM ALTER USER AUDIT SYSTEM CREATE ANY JOB CREATE ANY LIBRARY CREATE ANY PROCEDURE CREATE ANY TABLE CREATE EXTERNAL JOB CREATE PUBLIC DATABASE LINK CREATE SESSION CREATE USER GRANT ANY OBJECT PRIVILEGE GRANT ANY PRIVILEGE GRANT ANY ROLE DROP ANY PROCEDURE DROP ANY TABLE DROP PROFILE DROP USER EXEMPT ACCESS POLICY Statements Audited by Default SYSTEM AUDIT BY ACCESS ROLE BY ACCESS
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Enterprise Manager Audit Page
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Using and Maintaining Audit Information Disable audit options if you are not using them.
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Value-Based Auditing User’s change is made. The trigger fires. Audit record is created by the trigger. Audit record is inserted into an audit trail table. A user makes a change.
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Fine-Grained Auditing • Monitors data access on the basis of content • Audits SELECT, INSERT, UPDATE, DELETE, and MERGE • Can be linked to one or more columns in a table or view • May execute a procedure • Is administered with the DBMS_FGA package employees Policy: AUDIT_EMPS_SALARY SELECT name, salary FROM employees WHERE department_id = 10;
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com FGA Policy • Defines: – Audit criteria – Audit action • Is created with DBMS_FGA .ADD_POLICY dbms_fga.add_policy ( object_schema => 'HR', object_name => 'EMPLOYEES', policy_name => 'audit_emps_salary', audit_condition=> 'department_id=10', audit_column => 'SALARY,COMMISSION_PCT', handler_schema => 'secure', handler_module => 'log_emps_salary', enable => TRUE, statement_types => 'SELECT,UPDATE'); SELECT name, job_id FROM employees WHERE department_id = 20; SELECT name, salary FROM employees WHERE department_id = 10; SECURE.LOG_ EMPS_SALARY employees Not audited
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Audited DML Statement: Considerations • Records are audited if the FGA predicate is satisfied and the relevant columns are referenced. • DELETE statements are audited regardless of columns specified. • MERGE statements are audited with the underlying INSERT, UPDATE, and DELETE generated statements. UPDATE hr.employees SET salary = 1000 WHERE commission_pct = .2; UPDATE hr.employees SET salary = 1000 WHERE employee_id = 200; Not audited because none of the records involved are for department 10.
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com FGA Guidelines • To audit all rows, use a null audit condition. • To audit all columns, use a null audit column. • Policy names must be unique. • The audited table or view must already exist when you create the policy. • If the audit condition syntax is invalid, an ORA-28112 error is raised when the audited object is accessed. • If the audited column does not exist in the table, no rows are audited. • If the event handler does not exist, no error is returned and the audit record is still created.
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Data Dictionary Views All FGA policies for objects in the current user schema USER_AUDIT_POLICIES All FGA policies in the databaseDBA_AUDIT_POLICIES All FGA policies for objects that the current user can access ALL_AUDIT_POLICIES All FGA eventsDBA_FGA_AUDIT_TRAIL DescriptionView Name
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com SYSDBA Auditing Users with SYSDBA or SYSOPER privileges can connect when the database is closed. • Audit trail must be stored outside the database. • Connections as SYSDBA or SYSOPER are always audited. • You can enable additional auditing of SYSDBA or SYSOPER actions with AUDIT_SYS_OPERATIONS. • You can control the audit trail with AUDIT_FILE_DEST.
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Maintaining the Audit Trail The audit trail should be maintained with the following best-practice guidelines: • Review and store old records. • Prevent storage problems. • Avoid loss of records.
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Oracle Audit Vault • Consolidate and secure audit data – Oracle 9i Release 2 and higher – SQL Server 2000, 2005 – IBM DB2 UDB 8.5 & 9.2 – Sybase ASE 12.5 - 15.0 – Secure and scalable – Cleanup of source Oracle audit data • Centralized reporting – Updated reports interface using widely popular Oracle Application Express – Standard reports for compliance – New custom reports • Alert on security threats – Detect and alert on security relevant events Oracle Database IBM DB2 Microsoft SQL Server Sybase ASE
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Quiz Standard database auditing captures the before and after changes of a DML transaction. 1. True 2. False
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Quiz Auditing of SYSDBA and SYSOPER actions is enabled by default. 1. True 2. False
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Summary In this lesson, you should have learned how to: • Describe DBA responsibilities for security and auditing • Enable standard database auditing • Specify audit options • Review audit information • Maintain the audit trail
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Q&A

Recommended

1 z0 052
1 z0 0521 z0 052
1 z0 052Wasim Ahmed
 
Secure Technical Implementation Guide for databases by Martin Obst
Secure Technical Implementation Guide for databases by Martin ObstSecure Technical Implementation Guide for databases by Martin Obst
Secure Technical Implementation Guide for databases by Martin ObstCarsten Muetzlitz
 
Oracle security 08-oracle network security
Oracle security 08-oracle network securityOracle security 08-oracle network security
Oracle security 08-oracle network securityZhaoyang Wang
 
Oracle db subprograms
Oracle db subprogramsOracle db subprograms
Oracle db subprogramsSimon Huang
 
Auditing security of Oracle DB (Karel Miko)
Auditing security of Oracle DB (Karel Miko)Auditing security of Oracle DB (Karel Miko)
Auditing security of Oracle DB (Karel Miko)DCIT, a.s.
 
Osobní bezpečnost na internetu
Osobní bezpečnost na internetuOsobní bezpečnost na internetu
Osobní bezpečnost na internetuDCIT, a.s.
 
Oracle security 02-administering user security
Oracle security 02-administering user securityOracle security 02-administering user security
Oracle security 02-administering user securityZhaoyang Wang
 
Oracle Berkeley Db 11g R2
Oracle Berkeley Db 11g R2Oracle Berkeley Db 11g R2
Oracle Berkeley Db 11g R2Prem Kumar
 

Recommended

1 z0 052
1 z0 0521 z0 052
1 z0 052Wasim Ahmed
 
Secure Technical Implementation Guide for databases by Martin Obst
Secure Technical Implementation Guide for databases by Martin ObstSecure Technical Implementation Guide for databases by Martin Obst
Secure Technical Implementation Guide for databases by Martin ObstCarsten Muetzlitz
 
Oracle security 08-oracle network security
Oracle security 08-oracle network securityOracle security 08-oracle network security
Oracle security 08-oracle network securityZhaoyang Wang
 
Oracle db subprograms
Oracle db subprogramsOracle db subprograms
Oracle db subprogramsSimon Huang
 
Auditing security of Oracle DB (Karel Miko)
Auditing security of Oracle DB (Karel Miko)Auditing security of Oracle DB (Karel Miko)
Auditing security of Oracle DB (Karel Miko)DCIT, a.s.
 
Osobní bezpečnost na internetu
Osobní bezpečnost na internetuOsobní bezpečnost na internetu
Osobní bezpečnost na internetuDCIT, a.s.
 
Oracle security 02-administering user security
Oracle security 02-administering user securityOracle security 02-administering user security
Oracle security 02-administering user securityZhaoyang Wang
 
Oracle Berkeley Db 11g R2
Oracle Berkeley Db 11g R2Oracle Berkeley Db 11g R2
Oracle Berkeley Db 11g R2Prem Kumar
 
海通证券金融云思考与实践(数据技术嘉年华2017)
海通证券金融云思考与实践(数据技术嘉年华2017)海通证券金融云思考与实践(数据技术嘉年华2017)
海通证券金融云思考与实践(数据技术嘉年华2017)Zhaoyang Wang
 
云管理平台助力海通金融云建设
云管理平台助力海通金融云建设云管理平台助力海通金融云建设
云管理平台助力海通金融云建设Zhaoyang Wang
 
海通证券数据库备份恢复云平台实践(OTN Tour Shanghai 2017)
海通证券数据库备份恢复云平台实践(OTN Tour Shanghai 2017)海通证券数据库备份恢复云平台实践(OTN Tour Shanghai 2017)
海通证券数据库备份恢复云平台实践(OTN Tour Shanghai 2017)Zhaoyang Wang
 
Oracle Compute Cloud Service快速实践
Oracle Compute Cloud Service快速实践Oracle Compute Cloud Service快速实践
Oracle Compute Cloud Service快速实践Zhaoyang Wang
 
Oracle Compute Cloud Service介绍
Oracle Compute Cloud Service介绍Oracle Compute Cloud Service介绍
Oracle Compute Cloud Service介绍Zhaoyang Wang
 
Oracle cloud 使用云市场快速搭建小型电商网站
Oracle cloud 使用云市场快速搭建小型电商网站Oracle cloud 使用云市场快速搭建小型电商网站
Oracle cloud 使用云市场快速搭建小型电商网站Zhaoyang Wang
 
Oracle cloud ravello介绍及测试账户申请
Oracle cloud ravello介绍及测试账户申请Oracle cloud ravello介绍及测试账户申请
Oracle cloud ravello介绍及测试账户申请Zhaoyang Wang
 
Oracle cloud 云介绍及测试账户申请
Oracle cloud 云介绍及测试账户申请Oracle cloud 云介绍及测试账户申请
Oracle cloud 云介绍及测试账户申请Zhaoyang Wang
 
New awesome features in MySQL 5.7
New awesome features in MySQL 5.7New awesome features in MySQL 5.7
New awesome features in MySQL 5.7Zhaoyang Wang
 
Performance Tuning Tool01-Statspack
Performance Tuning Tool01-StatspackPerformance Tuning Tool01-Statspack
Performance Tuning Tool01-StatspackZhaoyang Wang
 
SQL Tuning02-Intorduction to the CBO Optimizer
SQL Tuning02-Intorduction to the CBO OptimizerSQL Tuning02-Intorduction to the CBO Optimizer
SQL Tuning02-Intorduction to the CBO OptimizerZhaoyang Wang
 
SQL Tuning04-Interpreting Execution Plans
SQL Tuning04-Interpreting Execution PlansSQL Tuning04-Interpreting Execution Plans
SQL Tuning04-Interpreting Execution PlansZhaoyang Wang
 
SQL Tuning01-Introduction to SQL Tuning
SQL Tuning01-Introduction to SQL TuningSQL Tuning01-Introduction to SQL Tuning
SQL Tuning01-Introduction to SQL TuningZhaoyang Wang
 
MySQL Fulltext Search Tutorial
MySQL Fulltext Search TutorialMySQL Fulltext Search Tutorial
MySQL Fulltext Search TutorialZhaoyang Wang
 
Data Organization in InnoDB
Data Organization in InnoDBData Organization in InnoDB
Data Organization in InnoDBZhaoyang Wang
 
Oracle enterprise manager cloud control 12c release 5 installation on oracle ...
Oracle enterprise manager cloud control 12c release 5 installation on oracle ...Oracle enterprise manager cloud control 12c release 5 installation on oracle ...
Oracle enterprise manager cloud control 12c release 5 installation on oracle ...Zhaoyang Wang
 
Oracle enterprise manager cloud control 12c r5 agent installation
Oracle enterprise manager cloud control 12c r5 agent installationOracle enterprise manager cloud control 12c r5 agent installation
Oracle enterprise manager cloud control 12c r5 agent installationZhaoyang Wang
 
Why use MySQL
Why use MySQLWhy use MySQL
Why use MySQLZhaoyang Wang
 
MYSQLCLONE Introduction
MYSQLCLONE IntroductionMYSQLCLONE Introduction
MYSQLCLONE IntroductionZhaoyang Wang
 
Interpreting execution plans
Interpreting execution plansInterpreting execution plans
Interpreting execution plansZhaoyang Wang
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 

More Related Content

More from Zhaoyang Wang

海通证券金融云思考与实践(数据技术嘉年华2017)
海通证券金融云思考与实践(数据技术嘉年华2017)海通证券金融云思考与实践(数据技术嘉年华2017)
海通证券金融云思考与实践(数据技术嘉年华2017)Zhaoyang Wang
 
云管理平台助力海通金融云建设
云管理平台助力海通金融云建设云管理平台助力海通金融云建设
云管理平台助力海通金融云建设Zhaoyang Wang
 
海通证券数据库备份恢复云平台实践(OTN Tour Shanghai 2017)
海通证券数据库备份恢复云平台实践(OTN Tour Shanghai 2017)海通证券数据库备份恢复云平台实践(OTN Tour Shanghai 2017)
海通证券数据库备份恢复云平台实践(OTN Tour Shanghai 2017)Zhaoyang Wang
 
Oracle Compute Cloud Service快速实践
Oracle Compute Cloud Service快速实践Oracle Compute Cloud Service快速实践
Oracle Compute Cloud Service快速实践Zhaoyang Wang
 
Oracle Compute Cloud Service介绍
Oracle Compute Cloud Service介绍Oracle Compute Cloud Service介绍
Oracle Compute Cloud Service介绍Zhaoyang Wang
 
Oracle cloud 使用云市场快速搭建小型电商网站
Oracle cloud 使用云市场快速搭建小型电商网站Oracle cloud 使用云市场快速搭建小型电商网站
Oracle cloud 使用云市场快速搭建小型电商网站Zhaoyang Wang
 
Oracle cloud ravello介绍及测试账户申请
Oracle cloud ravello介绍及测试账户申请Oracle cloud ravello介绍及测试账户申请
Oracle cloud ravello介绍及测试账户申请Zhaoyang Wang
 
Oracle cloud 云介绍及测试账户申请
Oracle cloud 云介绍及测试账户申请Oracle cloud 云介绍及测试账户申请
Oracle cloud 云介绍及测试账户申请Zhaoyang Wang
 
New awesome features in MySQL 5.7
New awesome features in MySQL 5.7New awesome features in MySQL 5.7
New awesome features in MySQL 5.7Zhaoyang Wang
 
Performance Tuning Tool01-Statspack
Performance Tuning Tool01-StatspackPerformance Tuning Tool01-Statspack
Performance Tuning Tool01-StatspackZhaoyang Wang
 
SQL Tuning02-Intorduction to the CBO Optimizer
SQL Tuning02-Intorduction to the CBO OptimizerSQL Tuning02-Intorduction to the CBO Optimizer
SQL Tuning02-Intorduction to the CBO OptimizerZhaoyang Wang
 
SQL Tuning04-Interpreting Execution Plans
SQL Tuning04-Interpreting Execution PlansSQL Tuning04-Interpreting Execution Plans
SQL Tuning04-Interpreting Execution PlansZhaoyang Wang
 
SQL Tuning01-Introduction to SQL Tuning
SQL Tuning01-Introduction to SQL TuningSQL Tuning01-Introduction to SQL Tuning
SQL Tuning01-Introduction to SQL TuningZhaoyang Wang
 
MySQL Fulltext Search Tutorial
MySQL Fulltext Search TutorialMySQL Fulltext Search Tutorial
MySQL Fulltext Search TutorialZhaoyang Wang
 
Data Organization in InnoDB
Data Organization in InnoDBData Organization in InnoDB
Data Organization in InnoDBZhaoyang Wang
 
Oracle enterprise manager cloud control 12c release 5 installation on oracle ...
Oracle enterprise manager cloud control 12c release 5 installation on oracle ...Oracle enterprise manager cloud control 12c release 5 installation on oracle ...
Oracle enterprise manager cloud control 12c release 5 installation on oracle ...Zhaoyang Wang
 
Oracle enterprise manager cloud control 12c r5 agent installation
Oracle enterprise manager cloud control 12c r5 agent installationOracle enterprise manager cloud control 12c r5 agent installation
Oracle enterprise manager cloud control 12c r5 agent installationZhaoyang Wang
 
MYSQLCLONE Introduction
MYSQLCLONE IntroductionMYSQLCLONE Introduction
MYSQLCLONE IntroductionZhaoyang Wang
 
Interpreting execution plans
Interpreting execution plansInterpreting execution plans
Interpreting execution plansZhaoyang Wang
 

More from Zhaoyang Wang (20)

海通证券金融云思考与实践(数据技术嘉年华2017)
海通证券金融云思考与实践(数据技术嘉年华2017)海通证券金融云思考与实践(数据技术嘉年华2017)
海通证券金融云思考与实践(数据技术嘉年华2017)
 
云管理平台助力海通金融云建设
云管理平台助力海通金融云建设云管理平台助力海通金融云建设
云管理平台助力海通金融云建设
 
海通证券数据库备份恢复云平台实践(OTN Tour Shanghai 2017)
海通证券数据库备份恢复云平台实践(OTN Tour Shanghai 2017)海通证券数据库备份恢复云平台实践(OTN Tour Shanghai 2017)
海通证券数据库备份恢复云平台实践(OTN Tour Shanghai 2017)
 
Oracle Compute Cloud Service快速实践
Oracle Compute Cloud Service快速实践Oracle Compute Cloud Service快速实践
Oracle Compute Cloud Service快速实践
 
Oracle Compute Cloud Service介绍
Oracle Compute Cloud Service介绍Oracle Compute Cloud Service介绍
Oracle Compute Cloud Service介绍
 
Oracle cloud 使用云市场快速搭建小型电商网站
Oracle cloud 使用云市场快速搭建小型电商网站Oracle cloud 使用云市场快速搭建小型电商网站
Oracle cloud 使用云市场快速搭建小型电商网站
 
Oracle cloud ravello介绍及测试账户申请
Oracle cloud ravello介绍及测试账户申请Oracle cloud ravello介绍及测试账户申请
Oracle cloud ravello介绍及测试账户申请
 
Oracle cloud 云介绍及测试账户申请
Oracle cloud 云介绍及测试账户申请Oracle cloud 云介绍及测试账户申请
Oracle cloud 云介绍及测试账户申请
 
New awesome features in MySQL 5.7
New awesome features in MySQL 5.7New awesome features in MySQL 5.7
New awesome features in MySQL 5.7
 
Performance Tuning Tool01-Statspack
Performance Tuning Tool01-StatspackPerformance Tuning Tool01-Statspack
Performance Tuning Tool01-Statspack
 
SQL Tuning02-Intorduction to the CBO Optimizer
SQL Tuning02-Intorduction to the CBO OptimizerSQL Tuning02-Intorduction to the CBO Optimizer
SQL Tuning02-Intorduction to the CBO Optimizer
 
SQL Tuning04-Interpreting Execution Plans
SQL Tuning04-Interpreting Execution PlansSQL Tuning04-Interpreting Execution Plans
SQL Tuning04-Interpreting Execution Plans
 
SQL Tuning01-Introduction to SQL Tuning
SQL Tuning01-Introduction to SQL TuningSQL Tuning01-Introduction to SQL Tuning
SQL Tuning01-Introduction to SQL Tuning
 
MySQL Fulltext Search Tutorial
MySQL Fulltext Search TutorialMySQL Fulltext Search Tutorial
MySQL Fulltext Search Tutorial
 
Data Organization in InnoDB
Data Organization in InnoDBData Organization in InnoDB
Data Organization in InnoDB
 
Oracle enterprise manager cloud control 12c release 5 installation on oracle ...
Oracle enterprise manager cloud control 12c release 5 installation on oracle ...Oracle enterprise manager cloud control 12c release 5 installation on oracle ...
Oracle enterprise manager cloud control 12c release 5 installation on oracle ...
 
Oracle enterprise manager cloud control 12c r5 agent installation
Oracle enterprise manager cloud control 12c r5 agent installationOracle enterprise manager cloud control 12c r5 agent installation
Oracle enterprise manager cloud control 12c r5 agent installation
 
Why use MySQL
Why use MySQLWhy use MySQL
Why use MySQL
 
MYSQLCLONE Introduction
MYSQLCLONE IntroductionMYSQLCLONE Introduction
MYSQLCLONE Introduction
 
Interpreting execution plans
Interpreting execution plansInterpreting execution plans
Interpreting execution plans
 

Recently uploaded

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 

Recently uploaded (20)

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 

Oracle security 03-implementing oracle database auditing

  • 1. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Implementing Oracle Database Auditing
  • 2. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Objectives After completing this lesson, you should be able to: • Describe DBA responsibilities for security and auditing • Enable standard database auditing • Specify audit options • Review audit information • Maintain the audit trail
  • 3. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Database Security A secure system ensures the confidentiality of the data that it contains. There are several aspects of security: • Restricting access to data and services • Authenticating users • Monitoring for suspicious activity
  • 4. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Monitoring for Compliance Monitoring or auditing must be an integral part of your security procedures. Review the following: • Mandatory auditing • Standard database auditing • Value-based auditing • Fine-grained auditing (FGA) • SYSDBA (and SYSOPER) auditing
  • 5. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Audit Tool Comparisons Fixed set of data, including the SQL statement SQL statements (INSERT, UPDATE, DELETE, and SELECT) based on content Fine-grained auditing (FGA) Administrator defined Data changed by DML statements Value-based auditing Fixed set of dataPrivilege use including object access Standard database auditing What Is in the Audit Trail? What Is Audited?Type of Audit
  • 6. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Audit trail Parameter file Specify audit options. Generate audit trail. Standard Database Auditing DBA User executes command. Database OS or XML audit trail Audit options Server process 1 2 3 Enable database auditing. Review audit information. Maintain audit trail. 4
  • 7. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Configuring the Audit Trail Restart database after modifying this static initialization parameter. ALTER SYSTEM SET AUDIT_TRAIL='XML' SCOPE=SPFILE; Audit trail can be set to: • NONE • OS • DB • DB, EXTENDED • XML • XML, EXTENDED Use AUDIT_TRAIL to enable database auditing.
  • 8. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Uniform Audit Trails DBA_AUDIT_TRAIL DBA_FGA_AUDIT_TRAIL DBA_COMMON_AUDIT_TRAIL EXTENDED_TIMESTAMP, PROXY_SESSIONID, GLOBAL_UID, INSTANCE_NUMBER, OS_PROCESS, TRANSACTIONID, SCN, SQL_BIND, SQL_TEXT STATEMENTID, ENTRYID AUDIT_TRAIL=DB, EXTENDED
  • 9. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Specifying Audit Options • SQL statement auditing: • System-privilege auditing (nonfocused and focused): • Object-privilege auditing (nonfocused and focused): AUDIT select any table, create any trigger; AUDIT select any table BY hr BY SESSION; AUDIT table; AUDIT ALL on hr.employees; AUDIT UPDATE,DELETE on hr.employees BY ACCESS;
  • 10. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Default Auditing Privileges Audited by Default ALTER ANY PROCEDURE ALTER ANY TABLE ALTER DATABASE ALTER PROFILE ALTER SYSTEM ALTER USER AUDIT SYSTEM CREATE ANY JOB CREATE ANY LIBRARY CREATE ANY PROCEDURE CREATE ANY TABLE CREATE EXTERNAL JOB CREATE PUBLIC DATABASE LINK CREATE SESSION CREATE USER GRANT ANY OBJECT PRIVILEGE GRANT ANY PRIVILEGE GRANT ANY ROLE DROP ANY PROCEDURE DROP ANY TABLE DROP PROFILE DROP USER EXEMPT ACCESS POLICY Statements Audited by Default SYSTEM AUDIT BY ACCESS ROLE BY ACCESS
  • 11. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Enterprise Manager Audit Page
  • 12. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Using and Maintaining Audit Information Disable audit options if you are not using them.
  • 13. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Value-Based Auditing User’s change is made. The trigger fires. Audit record is created by the trigger. Audit record is inserted into an audit trail table. A user makes a change.
  • 14. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Fine-Grained Auditing • Monitors data access on the basis of content • Audits SELECT, INSERT, UPDATE, DELETE, and MERGE • Can be linked to one or more columns in a table or view • May execute a procedure • Is administered with the DBMS_FGA package employees Policy: AUDIT_EMPS_SALARY SELECT name, salary FROM employees WHERE department_id = 10;
  • 15. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com FGA Policy • Defines: – Audit criteria – Audit action • Is created with DBMS_FGA .ADD_POLICY dbms_fga.add_policy ( object_schema => 'HR', object_name => 'EMPLOYEES', policy_name => 'audit_emps_salary', audit_condition=> 'department_id=10', audit_column => 'SALARY,COMMISSION_PCT', handler_schema => 'secure', handler_module => 'log_emps_salary', enable => TRUE, statement_types => 'SELECT,UPDATE'); SELECT name, job_id FROM employees WHERE department_id = 20; SELECT name, salary FROM employees WHERE department_id = 10; SECURE.LOG_ EMPS_SALARY employees Not audited
  • 16. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Audited DML Statement: Considerations • Records are audited if the FGA predicate is satisfied and the relevant columns are referenced. • DELETE statements are audited regardless of columns specified. • MERGE statements are audited with the underlying INSERT, UPDATE, and DELETE generated statements. UPDATE hr.employees SET salary = 1000 WHERE commission_pct = .2; UPDATE hr.employees SET salary = 1000 WHERE employee_id = 200; Not audited because none of the records involved are for department 10.
  • 17. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com FGA Guidelines • To audit all rows, use a null audit condition. • To audit all columns, use a null audit column. • Policy names must be unique. • The audited table or view must already exist when you create the policy. • If the audit condition syntax is invalid, an ORA-28112 error is raised when the audited object is accessed. • If the audited column does not exist in the table, no rows are audited. • If the event handler does not exist, no error is returned and the audit record is still created.
  • 18. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Data Dictionary Views All FGA policies for objects in the current user schema USER_AUDIT_POLICIES All FGA policies in the databaseDBA_AUDIT_POLICIES All FGA policies for objects that the current user can access ALL_AUDIT_POLICIES All FGA eventsDBA_FGA_AUDIT_TRAIL DescriptionView Name
  • 19. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com SYSDBA Auditing Users with SYSDBA or SYSOPER privileges can connect when the database is closed. • Audit trail must be stored outside the database. • Connections as SYSDBA or SYSOPER are always audited. • You can enable additional auditing of SYSDBA or SYSOPER actions with AUDIT_SYS_OPERATIONS. • You can control the audit trail with AUDIT_FILE_DEST.
  • 20. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Maintaining the Audit Trail The audit trail should be maintained with the following best-practice guidelines: • Review and store old records. • Prevent storage problems. • Avoid loss of records.
  • 21. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Oracle Audit Vault • Consolidate and secure audit data – Oracle 9i Release 2 and higher – SQL Server 2000, 2005 – IBM DB2 UDB 8.5 & 9.2 – Sybase ASE 12.5 - 15.0 – Secure and scalable – Cleanup of source Oracle audit data • Centralized reporting – Updated reports interface using widely popular Oracle Application Express – Standard reports for compliance – New custom reports • Alert on security threats – Detect and alert on security relevant events Oracle Database IBM DB2 Microsoft SQL Server Sybase ASE
  • 22. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Quiz Standard database auditing captures the before and after changes of a DML transaction. 1. True 2. False
  • 23. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Quiz Auditing of SYSDBA and SYSOPER actions is enabled by default. 1. True 2. False
  • 24. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Summary In this lesson, you should have learned how to: • Describe DBA responsibilities for security and auditing • Enable standard database auditing • Specify audit options • Review audit information • Maintain the audit trail
  • 25. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Q&A