Oracle Audit Vault and Database Firewall

Slides:



Advertisements
Similar presentations
1.
Advertisements

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Your customer as a segment of one That changes every second! Hein Van Der Merwe Chief.
Internet of Things Security Architecture
1. Real-World Deployment and Best Practices with Oracle Database Vault at Customers: Ross Stores Covidien Kamal Tbeileh Sr. Principal Product Manager,
Miss Scarlet with a lead pipe, in the library Players: 3 to 6 Contents: Clue game board, six suspect tokens, six murder weapons, 21 cards, secret envelope,
Oracle Universal Content Management and Storage Systems
Virtualization of Fixed Network Functions on the Oracle Fabric Krishna Srinivasan Director, Product Management Oracle Networking Savi Venkatachalapathy.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Database Vault with Oracle Database 12c Chi Ching Chui Senior Development.
AVG Internet Security 7.5 Product presentation.
A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.
Oracle Cloud Marketplace Neelesh Gurnani Director, Product Development Arif Khan Director, Product Management September 29, 2014 Copyright © 2014, Oracle.
Oracle Enterprise Manager – Cloud Control 12c Simon Keys, The Small Ronnie Martin Lambert, The Large Ronnie.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle SQL Developer What’s New in Version 4.1 Jeff Smith
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Advanced Metadata Modeling Modeling for the Oracle Business Intelligence Cloud.
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Introduction and Update: Oracle Hyperion Financial Close Management CON8536 Richard.
CON Software-Defined Networking in a Hybrid, Open Data Center Krishna Srinivasan Senior Principal Product Strategy Manager Oracle Virtual Networking.
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle SQL Developer For the DBA Jeff Smith
The Safe Harbor The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated.
HOL9396: Oracle Event Processing 12c
Best Practices for Supporting Oracle Hyperion EPM and Business Intelligence Solutions Mitra Veluri Senior Principal Technical Support Engineer David Valociek.
Best Practices for Upgrading Oracle PeopleSoft Environments
Oracle Database 12c Data Protection and Multitenancy on Oracle Solaris 11 Xiaosong Zhu Senior Software Engineer Copyright © 2014, Oracle and/or its affiliates.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Title Slide without Picture Subtitle Presenter’s Name Presenter’s Title Organization,
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Department Of Computer Engineering
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. JD Edwards Summit The Newest JDE Module – Rental Management Joel Sandberg Sales Consultant.
Getting Started with Oracle Compute Cloud
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. JD Edwards Summit PaaS from an Applications Perspective Charles McGuinness Director,
Oracle Confidential – Internal/Restricted/Highly RestrictedCopyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Identity Management.
©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 12 1.
1Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 8 Reporting from Contract.
A New IMS-Like Architecture for Enterprise Applications Reid Stidolph Master Principle Solutions Architect Communications Global Business Unit October.
Oracle E-Business Suite Order Management: Presenting the HTML and Mobile User Experience Durgaprasad Bodapati Director, Product Management Bhavana Sharma.
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Improving Agility in Product Development and Pricing to Gain a Competitive Edge.
Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. An Auto-Join Network of Things Wong, H. and Wesson, B. Oracle Confidential – Internal/Restricted/Highly.
Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
1Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 8 Contract Management.
Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation.
CON Software-Defined Networking in a Hybrid, Open Data Center Krishna Srinivasan Senior Principal Product Strategy Manager Oracle Virtual Networking.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. JD Edwards Summit Preview the Plans for JD Edwards World A9.4 Release David Greiner,
 Chapter 14 – Security Engineering 1 Chapter 12 Dependability and Security Specification 1.
1. S318417: OAUG SysAdmin SIG Angelo Rosado, Oracle Senior Product Manager Kenneth Baxter, Oracle Strategy Product Manager Biju Mohan, Oracle Principal.
Section 11: Implementing Software Restriction Policies and AppLocker What Is a Software Restriction Policy? Creating a Software Restriction Policy Using.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Using Edition-based redefinition with PL/SQL How to deploy database code changes.
1Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
Workforce Scheduling Release 5.0 for Windows Implementation Overview OWS Development Team.
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Planning & Budgeting Cloud Service (PBCS) Overview Business Analytics Product Group.
WebCenter in Education & Research A Transformation in Digital Business Session: CON7709 Golden Gate C3 Room, Marriott Marquis Moderator: Kevin Roebuck,
Getting to Know Oracle Business Intelligence Oracle BI Enterprise Edition 11g Installation, Upgrade, Monitoring Limor Fledel Oracle Business Intelligence.
Oracle Business Intelligence Event 22 nd February 2012 Saxon Hotel, Johannesburg Business Intelligence Strategy Recommendations for Customers Using Oracle.
Michael Mast Senior Architect Applications Technology Oracle Corporation.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 12 1.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | 5 Lifehacks for the Apex Development environment Five frameworks you should use.
9 Copyright © 2004, Oracle. All rights reserved. Getting Started with Oracle Migration Workbench.
CON8473 – Oracle Distribution of OpenStack Ronen Kofman Director of Product Management Oracle OpenStack September, 2014 Copyright © 2014, Oracle and/or.
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | What You Need to Know About User Defined Objects (UDOs) With Tools Release 9.2.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Daddy, what's a middle wear? An incredibly oversimplified explanation of what Middleware.
My Oracle Support (The next generation Metalink experience) lynn
OpenWorld 2018 Accelerate Your Success on Oracle Cloud Infrastructure with Applications Unlimited Support Viviana Tilita Senior Technical Support Engineer.
Charles Phillips screen
JD Edwards Support and Oracle Cloud Infrastructure: A Successful Path to Oracle Cloud
PLANNING A SECURE BASELINE INSTALLATION
IT Management, Simplified
Presentation transcript:

Oracle Audit Vault and Database Firewall What’s New and Best Practices Andrey Brozhko Melody Liu Oracle Database Security Product Management September 30, 2014

Session Agenda Oracle Audit Vault and Database Firewall Overview 1 Oracle Audit Vault and Database Firewall Overview What’s New Best Practices Q&A 2 3 4

Oracle Audit Vault and Database Firewall Heterogeneous Audit Data Consolidation and Database Activity Monitoring

Oracle Audit Vault and Database Firewall High-level architecture Users Apps Database Firewall Events Audit Vault Alerts OS & Storage Directories Databases Custom Audit Data & Event Logs Reports Policies

Audit Vault Trust but verify Consolidate and secure event data Extensive and customizable reporting Powerful, threshold based alerting Enterprise-scale deployment Alerts OS & Storage Directories Databases Custom Audit Data & Event Logs Reports Policies Audit Vault

Databases, Operating Systems, Directories

Extensive and Customizable Reporting Predefined reports Interactive browsing Build custom reports Report scheduling and notification Report attestation

Powerful Alerting

Database Firewall Monitor user activity from network Detect and block unauthorized activity Detect and block SQL injection attacks Advanced grammatical SQL analysis Positive and negative security model Scalable software appliance Users Apps Database Firewall Events Audit Vault Alerts Reports Policies

Database Firewall Anomaly detection and threat blocking with positive security model SELECT * from stock where catalog-no='PHE8131' White List Allow Apps Block SELECT * from stock where catalog-no=' ' union select cardNo,0,0 from Orders --' Databases Block out-of-policy SQL statements from reaching the database Automated white list generation for any application Define permitted SQL behavior per user or application

Database Firewall Enforcing behavior with negative security model Black List Allow Log Legitimate data access SELECT * from stock Block Unauthorized workstation or application SELECT * from stock Databases Block specific unauthorized SQL statements, users or object access Blacklist on session factors: IP address, application, DB user, OS user

What’s New in 12.1.2 Enhanced Scalability, Security and Deployment Simplicity

iSCSI SAN support for Audit Repository

NFS Storage for Audit Data Archives

Forwarding Policy Alerts to Syslog Simple to setup Alerts contain link to detailed description in Auditor Dashboard <10>Jan  7 13:59:40 avs00161eb81587 logger: [AVDFAlert@111 name="Alert_FailLogOn" severity="Critical" url="https://10.244.163.91/console/f?p=7700:33:::NO::P33_ALERT_ID:1" time="2014-01-07T13:59:40.153746Z" target="avsource" user="INVALID" desc=" "]

Security and Usability Enhancements Database Vault protection of audit repository Simplified deployment of Audit Vault Agents Auto-upgrade capability in Audit Vault Agents Improved administration dashboard Enhanced diagnostic tools

Extended Target Platform Support Oracle Big Data Appliance (BDA) support Database Firewall support for MYSQL 5.6 Database Firewall support for Oracle 9i Windows & Linux 32-bit host OS support for Audit Vault Agents XSL transformation capability in XML file collection plugins

Oracle Audit Vault and Database Firewall Best Practices

Deployment Best Practices Understand your database security needs Estimate aggregate volume of logged audit and event data Roll out audit logs consolidation, or activity monitoring, or both Auditing? Monitoring? Blocking?

Rolling Out Audit Log Consolidation Making your audit data safe, secure and accessible with Oracle Audit Vault Install and configure Audit Vault Server Register Secured Targets Configure Audit Vault Install and activate Audit Vault Agents on target hosts Configure native audit policies Configure Targets Configure archive locations Configure data retention policies Data Lifecycle Settings Start collecting and consolidating audit data from trails Create baseline set of alerts Alerts & Reports

Rolling Out Monitoring Monitoring all relevant SQL activity on the network Deploy Database Firewalls Architect and configure Database Firewall networking Setup Database Firewalls Configure Enforcement Points Switch on Database Activity Monitoring Configure Monitoring Assign ‘Unique’ policy to Enforcement Points Fine-tune policy based on logged SQL Configure Policy

Rolling Out Blocking Protecting your databases with Database Firewall Review SQL activity for the period Identify sets of users with common behavior Learn from Logged Data Define permitted session profiles and privileged users Specify what activity is to be logged Create Whitelists Deploy against production traffic Tighten policy by rules on out of policy SQL Refine Policy Set-up alerts on all out of policy activity Switch to Database Policy Enforcement Mode Enable Blocking

Database Firewall Policy SQL Statements Exceptions are applied first Session factors determine profile Profile defines the range of permitted SQL activity Novelty rules look at what is accessed and how Default rule is applied to everything else Exceptions List Session Profile If YES (Match), then PASS/ALERT/BLOCK SQL Baseline If YES (Match), then PASS/ALERT/BLOCK Novelty Policy If YES (Match), then PASS/ALERT/BLOCK Default Rule 25

Database Firewall Policy Best Practices Choose the right tools for the job Be selective in what you log Use Exceptions to log all activity for users with elevated privileges White list (ie ‘Pass’) all regular application activity in a Profile, only set ‘Log’ action for sensitive SQL Configure Novelty Policies to identify and log access to sensitive objects Set Default Rule to capture out-of-policy SQL Periodically review and update policies

Database Firewall For passive monitoring (DAM) deploy out-of-band Network deployment best practices For passive monitoring (DAM) deploy out-of-band Use Proxy mode for no impact on network infrastructure Deploy in-line DAM if planning to turn on DPE (blocking) in the future Proxy Users Inline blocking and monitoring Apps Database Firewall Events Alerts Reports Policies

Custom Collection Plug-ins When built-in audit collection plugins are not enough XML-file and database table audit trail types are supported No need to write code, package configuration using avpack tool Create custom reports to address specific presentation needs Once deployed new plug-in and reports become integral part of the product installation Oracle Confidential – Internal

Custom Collection Plug-ins Annotated Example for custom database table audit trail ‘Source’ to Audit Vault field mapping Value ‘mapping’ (optional)

Custom Collection Plug-ins Best practices and recommendations Separate individual Secured Target trails Make sure that XML trail files are standard-conformant Correctly identify unique record field (or fields) in the trail Check filesystem and database permissions Verify time stamp functions properly Break audit data into multiple trails for increased performance Oracle Confidential – Internal

Q&A

Connect With Us oracle.com/database/security /OracleDatabase /OracleSecurity blogs.oracle.com/ SecurityInsideOut KeyManagement Oracle Database Insider /Oracle/database /OracleLearning oracle.com/database/security oracle.com/technetwork/database/security