Presentation is loading. Please wait.

Presentation is loading. Please wait.

Oracle Audit Vault and Database Firewall

Published byJoslyn Burgess Modified over 9 years ago

Similar presentations

Presentation on theme: "Oracle Audit Vault and Database Firewall"— Presentation transcript:

1

2 Oracle Audit Vault and Database Firewall
What’s New and Best Practices Andrey Brozhko Melody Liu Oracle Database Security Product Management September 30, 2014

3

4 Session Agenda Oracle Audit Vault and Database Firewall Overview
1 Oracle Audit Vault and Database Firewall Overview What’s New Best Practices Q&A 2 3 4

5 Oracle Audit Vault and Database Firewall
Heterogeneous Audit Data Consolidation and Database Activity Monitoring

6 Oracle Audit Vault and Database Firewall
High-level architecture Users Apps Database Firewall Events Audit Vault Alerts OS & Storage Directories Databases Custom Audit Data & Event Logs Reports Policies

7 Audit Vault Trust but verify Consolidate and secure event data
Extensive and customizable reporting Powerful, threshold based alerting Enterprise-scale deployment Alerts OS & Storage Directories Databases Custom Audit Data & Event Logs Reports Policies Audit Vault

8 Databases, Operating Systems, Directories

9 Extensive and Customizable Reporting
Predefined reports Interactive browsing Build custom reports Report scheduling and notification Report attestation

10 Powerful Alerting

11 Database Firewall Monitor user activity from network
Detect and block unauthorized activity Detect and block SQL injection attacks Advanced grammatical SQL analysis Positive and negative security model Scalable software appliance Users Apps Database Firewall Events Audit Vault Alerts Reports Policies

12 Database Firewall Anomaly detection and threat blocking with positive security model SELECT * from stock where catalog-no='PHE8131' White List Allow Apps Block SELECT * from stock where catalog-no=' ' union select cardNo,0,0 from Orders --' Databases Block out-of-policy SQL statements from reaching the database Automated white list generation for any application Define permitted SQL behavior per user or application

13 Database Firewall Enforcing behavior with negative security model
Black List Allow Log Legitimate data access SELECT * from stock Block Unauthorized workstation or application SELECT * from stock Databases Block specific unauthorized SQL statements, users or object access Blacklist on session factors: IP address, application, DB user, OS user

14 What’s New in Enhanced Scalability, Security and Deployment Simplicity

15 iSCSI SAN support for Audit Repository

16 NFS Storage for Audit Data Archives

17 Forwarding Policy Alerts to Syslog
Simple to setup Alerts contain link to detailed description in Auditor Dashboard <10>Jan  7 13:59:40 avs00161eb81587 logger: name="Alert_FailLogOn" severity="Critical" url=" time=" T13:59: Z" target="avsource" user="INVALID" desc=" "]

18 Security and Usability Enhancements
Database Vault protection of audit repository Simplified deployment of Audit Vault Agents Auto-upgrade capability in Audit Vault Agents Improved administration dashboard Enhanced diagnostic tools

19 Extended Target Platform Support
Oracle Big Data Appliance (BDA) support Database Firewall support for MYSQL 5.6 Database Firewall support for Oracle 9i Windows & Linux 32-bit host OS support for Audit Vault Agents XSL transformation capability in XML file collection plugins

20 Oracle Audit Vault and Database Firewall Best Practices

21 Deployment Best Practices
Understand your database security needs Estimate aggregate volume of logged audit and event data Roll out audit logs consolidation, or activity monitoring, or both Auditing? Monitoring? Blocking?

22 Rolling Out Audit Log Consolidation
Making your audit data safe, secure and accessible with Oracle Audit Vault Install and configure Audit Vault Server Register Secured Targets Configure Audit Vault Install and activate Audit Vault Agents on target hosts Configure native audit policies Configure Targets Configure archive locations Configure data retention policies Data Lifecycle Settings Start collecting and consolidating audit data from trails Create baseline set of alerts Alerts & Reports

23 Rolling Out Monitoring
Monitoring all relevant SQL activity on the network Deploy Database Firewalls Architect and configure Database Firewall networking Setup Database Firewalls Configure Enforcement Points Switch on Database Activity Monitoring Configure Monitoring Assign ‘Unique’ policy to Enforcement Points Fine-tune policy based on logged SQL Configure Policy

24 Rolling Out Blocking Protecting your databases with Database Firewall
Review SQL activity for the period Identify sets of users with common behavior Learn from Logged Data Define permitted session profiles and privileged users Specify what activity is to be logged Create Whitelists Deploy against production traffic Tighten policy by rules on out of policy SQL Refine Policy Set-up alerts on all out of policy activity Switch to Database Policy Enforcement Mode Enable Blocking

25 Database Firewall Policy
SQL Statements Exceptions are applied first Session factors determine profile Profile defines the range of permitted SQL activity Novelty rules look at what is accessed and how Default rule is applied to everything else Exceptions List Session Profile If YES (Match), then PASS/ALERT/BLOCK SQL Baseline If YES (Match), then PASS/ALERT/BLOCK Novelty Policy If YES (Match), then PASS/ALERT/BLOCK Default Rule 25

26 Database Firewall Policy Best Practices
Choose the right tools for the job Be selective in what you log Use Exceptions to log all activity for users with elevated privileges White list (ie ‘Pass’) all regular application activity in a Profile, only set ‘Log’ action for sensitive SQL Configure Novelty Policies to identify and log access to sensitive objects Set Default Rule to capture out-of-policy SQL Periodically review and update policies

27 Database Firewall For passive monitoring (DAM) deploy out-of-band
Network deployment best practices For passive monitoring (DAM) deploy out-of-band Use Proxy mode for no impact on network infrastructure Deploy in-line DAM if planning to turn on DPE (blocking) in the future Proxy Users Inline blocking and monitoring Apps Database Firewall Events Alerts Reports Policies

28 Custom Collection Plug-ins
When built-in audit collection plugins are not enough XML-file and database table audit trail types are supported No need to write code, package configuration using avpack tool Create custom reports to address specific presentation needs Once deployed new plug-in and reports become integral part of the product installation Oracle Confidential – Internal

29 Custom Collection Plug-ins
Annotated Example for custom database table audit trail ‘Source’ to Audit Vault field mapping Value ‘mapping’ (optional)

30 Custom Collection Plug-ins
Best practices and recommendations Separate individual Secured Target trails Make sure that XML trail files are standard-conformant Correctly identify unique record field (or fields) in the trail Check filesystem and database permissions Verify time stamp functions properly Break audit data into multiple trails for increased performance Oracle Confidential – Internal

31 Q&A

32 Connect With Us oracle.com/database/security
/OracleDatabase /OracleSecurity blogs.oracle.com/ SecurityInsideOut KeyManagement Oracle Database Insider /Oracle/database /OracleLearning oracle.com/database/security oracle.com/technetwork/database/security

33

34

Download ppt "Oracle Audit Vault and Database Firewall"

Similar presentations

1.

1.
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Your customer as a segment of one That changes every second! Hein Van Der Merwe Chief.

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Your customer as a segment of one That changes every second! Hein Van Der Merwe Chief.
Internet of Things Security Architecture

Internet of Things Security Architecture
1. Real-World Deployment and Best Practices with Oracle Database Vault at Customers: Ross Stores Covidien Kamal Tbeileh Sr. Principal Product Manager,

1. Real-World Deployment and Best Practices with Oracle Database Vault at Customers: Ross Stores Covidien Kamal Tbeileh Sr. Principal Product Manager,
Miss Scarlet with a lead pipe, in the library Players: 3 to 6 Contents: Clue game board, six suspect tokens, six murder weapons, 21 cards, secret envelope,

Miss Scarlet with a lead pipe, in the library Players: 3 to 6 Contents: Clue game board, six suspect tokens, six murder weapons, 21 cards, secret envelope,
Oracle Universal Content Management and Storage Systems

Oracle Universal Content Management and Storage Systems
Virtualization of Fixed Network Functions on the Oracle Fabric Krishna Srinivasan Director, Product Management Oracle Networking Savi Venkatachalapathy.

Virtualization of Fixed Network Functions on the Oracle Fabric Krishna Srinivasan Director, Product Management Oracle Networking Savi Venkatachalapathy.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Database Vault with Oracle Database 12c Chi Ching Chui Senior Development.

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Database Vault with Oracle Database 12c Chi Ching Chui Senior Development.
AVG Internet Security 7.5 Product presentation.

AVG Internet Security 7.5 Product presentation.
A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.

A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.
Oracle Cloud Marketplace Neelesh Gurnani Director, Product Development Arif Khan Director, Product Management September 29, 2014 Copyright © 2014, Oracle.

Oracle Cloud Marketplace Neelesh Gurnani Director, Product Development Arif Khan Director, Product Management September 29, 2014 Copyright © 2014, Oracle.
Oracle Enterprise Manager – Cloud Control 12c Simon Keys, The Small Ronnie Martin Lambert, The Large Ronnie.

Oracle Enterprise Manager – Cloud Control 12c Simon Keys, The Small Ronnie Martin Lambert, The Large Ronnie.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle SQL Developer What’s New in Version 4.1 Jeff Smith

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle SQL Developer What’s New in Version 4.1 Jeff Smith
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Advanced Metadata Modeling Modeling for the Oracle Business Intelligence Cloud.

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Advanced Metadata Modeling Modeling for the Oracle Business Intelligence Cloud.
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Introduction and Update: Oracle Hyperion Financial Close Management CON8536 Richard.

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Introduction and Update: Oracle Hyperion Financial Close Management CON8536 Richard.
CON7349 - Software-Defined Networking in a Hybrid, Open Data Center Krishna Srinivasan Senior Principal Product Strategy Manager Oracle Virtual Networking.

CON Software-Defined Networking in a Hybrid, Open Data Center Krishna Srinivasan Senior Principal Product Strategy Manager Oracle Virtual Networking.
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle SQL Developer For the DBA Jeff Smith

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle SQL Developer For the DBA Jeff Smith

Similar presentations

Ads by Google