Soumettre la recherche
Mettre en ligne
Oracle Database Firewall - Pierre Leon
•
7 j'aime
•
3,249 vues
O
OracleVolutionSeries
Suivre
Presentation of Oracles NEW Database Firewall Software by Pierre Leon
Lire moins
Lire la suite
Technologie
Signaler
Partager
Signaler
Partager
1 sur 29
Recommandé
Ppt dbsec-oow2013-avdf
Ppt dbsec-oow2013-avdf
Melody Liu
Introducing Oracle Audit Vault and Database Firewall
Introducing Oracle Audit Vault and Database Firewall
Troy Kitch
Security Inside Out: Latest Innovations in Oracle Database 12c
Security Inside Out: Latest Innovations in Oracle Database 12c
Troy Kitch
AV/DF Advanced Security Option
AV/DF Advanced Security Option
DLT Solutions
Oracle Database Security
Oracle Database Security
Troy Kitch
Presentation database security enhancements with oracle
Presentation database security enhancements with oracle
xKinAnx
Oracle database 12c security and compliance
Oracle database 12c security and compliance
FITSFSd
Oracle Security Presentation
Oracle Security Presentation
Francisco Alvarez
Recommandé
Ppt dbsec-oow2013-avdf
Ppt dbsec-oow2013-avdf
Melody Liu
Introducing Oracle Audit Vault and Database Firewall
Introducing Oracle Audit Vault and Database Firewall
Troy Kitch
Security Inside Out: Latest Innovations in Oracle Database 12c
Security Inside Out: Latest Innovations in Oracle Database 12c
Troy Kitch
AV/DF Advanced Security Option
AV/DF Advanced Security Option
DLT Solutions
Oracle Database Security
Oracle Database Security
Troy Kitch
Presentation database security enhancements with oracle
Presentation database security enhancements with oracle
xKinAnx
Oracle database 12c security and compliance
Oracle database 12c security and compliance
FITSFSd
Oracle Security Presentation
Oracle Security Presentation
Francisco Alvarez
Oracle database 12c 2 day + security guide
Oracle database 12c 2 day + security guide
bupbechanhgmail
Oracle Audit Vault Training | Audit Vault - Oracle Trainings
Oracle Audit Vault Training | Audit Vault - Oracle Trainings
OracleTrainings
Auditing security of Oracle DB (Karel Miko)
Auditing security of Oracle DB (Karel Miko)
DCIT, a.s.
SQL Server Security - Attack
SQL Server Security - Attack
webhostingguy
Oracle Audit vault
Oracle Audit vault
uzzal basak
Security Quick Tour
Security Quick Tour
Active Base
Sustainable Compliance For PCI DSS Standard
Sustainable Compliance For PCI DSS Standard
Christian Frahm
SANS Institute Product Review: Oracle Entitlements Server
SANS Institute Product Review: Oracle Entitlements Server
OracleIDM
From Cisco ACS to ISE
From Cisco ACS to ISE
Mahzad Zahedi
Cisco Study: State of Web Security
Cisco Study: State of Web Security
Cisco Canada
Isaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditing
Antonios Chatzipavlis
CISCO ACS 5.6 Migration Guide
CISCO ACS 5.6 Migration Guide
PCCW GLOBAL
Cisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group Tagging
Cisco Canada
Demystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISE
Cisco Canada
F5 Networks Application Ready Solution for Oracle Database Technologies
F5 Networks Application Ready Solution for Oracle Database Technologies
F5 Networks
Con8823 access management for the internet of things-final
Con8823 access management for the internet of things-final
OracleIDM
Con9024 next generation optimized directory - oracle unified directory - final
Con9024 next generation optimized directory - oracle unified directory - final
OracleIDM
Idm Workshop
Idm Workshop
Mohamed Atef
8 isecurity database
8 isecurity database
Anil Pandey
Enterprise Security & SSO
Enterprise Security & SSO
Ambareesh Kulkarni
Oracle Database Vault
Oracle Database Vault
Marco Alamanni
Presentation database security audit vault & database firewall
Presentation database security audit vault & database firewall
xKinAnx
Contenu connexe
Tendances
Oracle database 12c 2 day + security guide
Oracle database 12c 2 day + security guide
bupbechanhgmail
Oracle Audit Vault Training | Audit Vault - Oracle Trainings
Oracle Audit Vault Training | Audit Vault - Oracle Trainings
OracleTrainings
Auditing security of Oracle DB (Karel Miko)
Auditing security of Oracle DB (Karel Miko)
DCIT, a.s.
SQL Server Security - Attack
SQL Server Security - Attack
webhostingguy
Oracle Audit vault
Oracle Audit vault
uzzal basak
Security Quick Tour
Security Quick Tour
Active Base
Sustainable Compliance For PCI DSS Standard
Sustainable Compliance For PCI DSS Standard
Christian Frahm
SANS Institute Product Review: Oracle Entitlements Server
SANS Institute Product Review: Oracle Entitlements Server
OracleIDM
From Cisco ACS to ISE
From Cisco ACS to ISE
Mahzad Zahedi
Cisco Study: State of Web Security
Cisco Study: State of Web Security
Cisco Canada
Isaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditing
Antonios Chatzipavlis
CISCO ACS 5.6 Migration Guide
CISCO ACS 5.6 Migration Guide
PCCW GLOBAL
Cisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group Tagging
Cisco Canada
Demystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISE
Cisco Canada
F5 Networks Application Ready Solution for Oracle Database Technologies
F5 Networks Application Ready Solution for Oracle Database Technologies
F5 Networks
Con8823 access management for the internet of things-final
Con8823 access management for the internet of things-final
OracleIDM
Con9024 next generation optimized directory - oracle unified directory - final
Con9024 next generation optimized directory - oracle unified directory - final
OracleIDM
Idm Workshop
Idm Workshop
Mohamed Atef
8 isecurity database
8 isecurity database
Anil Pandey
Enterprise Security & SSO
Enterprise Security & SSO
Ambareesh Kulkarni
Tendances
(20)
Oracle database 12c 2 day + security guide
Oracle database 12c 2 day + security guide
Oracle Audit Vault Training | Audit Vault - Oracle Trainings
Oracle Audit Vault Training | Audit Vault - Oracle Trainings
Auditing security of Oracle DB (Karel Miko)
Auditing security of Oracle DB (Karel Miko)
SQL Server Security - Attack
SQL Server Security - Attack
Oracle Audit vault
Oracle Audit vault
Security Quick Tour
Security Quick Tour
Sustainable Compliance For PCI DSS Standard
Sustainable Compliance For PCI DSS Standard
SANS Institute Product Review: Oracle Entitlements Server
SANS Institute Product Review: Oracle Entitlements Server
From Cisco ACS to ISE
From Cisco ACS to ISE
Cisco Study: State of Web Security
Cisco Study: State of Web Security
Isaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditing
CISCO ACS 5.6 Migration Guide
CISCO ACS 5.6 Migration Guide
Cisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group Tagging
Demystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISE
F5 Networks Application Ready Solution for Oracle Database Technologies
F5 Networks Application Ready Solution for Oracle Database Technologies
Con8823 access management for the internet of things-final
Con8823 access management for the internet of things-final
Con9024 next generation optimized directory - oracle unified directory - final
Con9024 next generation optimized directory - oracle unified directory - final
Idm Workshop
Idm Workshop
8 isecurity database
8 isecurity database
Enterprise Security & SSO
Enterprise Security & SSO
En vedette
Oracle Database Vault
Oracle Database Vault
Marco Alamanni
Presentation database security audit vault & database firewall
Presentation database security audit vault & database firewall
xKinAnx
Oracle Audit Vault and Database Vault のご紹介
Oracle Audit Vault and Database Vault のご紹介
オラクルエンジニア通信
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
Edgar Alejandro Villegas
Oracle Database Vault
Oracle Database Vault
Khalid ALLILI
Enable oracle database vault
Enable oracle database vault
Osama Mustafa
En vedette
(6)
Oracle Database Vault
Oracle Database Vault
Presentation database security audit vault & database firewall
Presentation database security audit vault & database firewall
Oracle Audit Vault and Database Vault のご紹介
Oracle Audit Vault and Database Vault のご紹介
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database Vault
Oracle Database Vault
Enable oracle database vault
Enable oracle database vault
Similaire à Oracle Database Firewall - Pierre Leon
Varhol oracle database_firewall_oct2011
Varhol oracle database_firewall_oct2011
Peter Varhol
Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2
Oracle BH
Talk IT_ Oracle_김상엽_110822
Talk IT_ Oracle_김상엽_110822
Cana Ko
Database Options
Database Options
Connor McDonald
Oracle 11g security - 2014
Oracle 11g security - 2014
Connor McDonald
Webdays blida mobile top 10 risks
Webdays blida mobile top 10 risks
Islam Azeddine Mennouchi
Web security
Web security
dogangcr
Best Practices in Implementing Oracle Database Security Products
Best Practices in Implementing Oracle Database Security Products
Estuate, Inc.
Tänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi Tara
ORACLE USER GROUP ESTONIA
Data Sheet: OpenDNS Enterprise Insights
Data Sheet: OpenDNS Enterprise Insights
Courtland Smith
csf_ppt.pptx
csf_ppt.pptx
0567Padma
Securing data in Oracle Database 12c - 2015
Securing data in Oracle Database 12c - 2015
Connor McDonald
Round table guide
Round table guide
OracleIDM
Innovations dbsec-12c-pub
Innovations dbsec-12c-pub
OracleIDM
MySQL Security
MySQL Security
Mario Beck
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Bob Rhubart
Security in oracle
Security in oracle
ssuser40bb47
security in oracle database
security in oracle database
ssuser40bb47
Presentation deploying oracle database 11g securely on oracle solaris
Presentation deploying oracle database 11g securely on oracle solaris
xKinAnx
Extending The Value Of Oracle Crm On Demand Through Cloud Based Extensibility
Extending The Value Of Oracle Crm On Demand Through Cloud Based Extensibility
Jerome Leonard
Similaire à Oracle Database Firewall - Pierre Leon
(20)
Varhol oracle database_firewall_oct2011
Varhol oracle database_firewall_oct2011
Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2
Talk IT_ Oracle_김상엽_110822
Talk IT_ Oracle_김상엽_110822
Database Options
Database Options
Oracle 11g security - 2014
Oracle 11g security - 2014
Webdays blida mobile top 10 risks
Webdays blida mobile top 10 risks
Web security
Web security
Best Practices in Implementing Oracle Database Security Products
Best Practices in Implementing Oracle Database Security Products
Tänased võimalused turvalahendustes - Tarvi Tara
Tänased võimalused turvalahendustes - Tarvi Tara
Data Sheet: OpenDNS Enterprise Insights
Data Sheet: OpenDNS Enterprise Insights
csf_ppt.pptx
csf_ppt.pptx
Securing data in Oracle Database 12c - 2015
Securing data in Oracle Database 12c - 2015
Round table guide
Round table guide
Innovations dbsec-12c-pub
Innovations dbsec-12c-pub
MySQL Security
MySQL Security
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Security in oracle
Security in oracle
security in oracle database
security in oracle database
Presentation deploying oracle database 11g securely on oracle solaris
Presentation deploying oracle database 11g securely on oracle solaris
Extending The Value Of Oracle Crm On Demand Through Cloud Based Extensibility
Extending The Value Of Oracle Crm On Demand Through Cloud Based Extensibility
Dernier
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
Paola De la Torre
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
OnBoard
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
Pixlogix Infotech
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Alan Dix
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
HostedbyConfluent
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Ridwan Fadjar
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
Scott Keck-Warren
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
Slack Application Development 101 Slides
Slack Application Development 101 Slides
praypatel2
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
2toLead Limited
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
ThousandEyes
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
The Digital Insurer
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
gurkirankumar98700
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Michael W. Hawkins
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
Dernier
(20)
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Slack Application Development 101 Slides
Slack Application Development 101 Slides
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
Oracle Database Firewall - Pierre Leon
1.
<Insert Picture Here> Oracle
Database Firewall Pierre Leon Database Security – Oracle UK
2.
Agenda
• Evolving Threats to Databases • Oracle Database Firewall • Security Models • Policy Enforcement • Reporting • Architecture and Deployment Modes • Oracle Database Security Solutions • Q&A © 2011 Oracle Corporation 2
3.
How is Data
Compromised? 2010 Data Breach Investigations Report © 2011 Oracle Corporation 3
4.
#1 Cause of
Data Breaches: Web Applications Hacked with SQL Injection and Stolen Credentials Obtained Using Malware Threat action categories by percent% of breaches and% of records Types of hacking by% of breaches within Hacking and % of records Attack pathways by percent% of breaches and% of records 2010 Data Breach Investigations Report © 2011 Oracle Corporation 4
5.
Existing Security Solutions
Not Enough Key Loggers Malware SQL Injection Espionage Spear Phishing Botware Social Engineering Web Users Database Application Users Application Database Administrators Data Must Be Protected at the Source © 2011 Oracle Corporation 5
6.
Database Security
Defense In Depth Approach • Monitor and block threats before they reach databases • Track changes and audit database activity • Control access to data within the database • Prevent access by non database users • Implement with • Transparency – no changes to existing applications • High Performance – no measurable impact on applications • Accuracy – minimal false positives and negatives © 2011 Oracle Corporation 6
7.
Business Drivers
• Customers need a first line of defence to monitor and protect against existing and emerging threats • Hackers breach databases from the web exploiting vulnerabilities in applications • Stolen credentials exploited for unauthorised use Application Database Firewall Database © 2011 Oracle Corporation 7
8.
Oracle Database Firewall
First Line of Defense Allow Log Alert Substitute Applications Block Alerts Built-in Custom Policies Reports Reports • Monitor database activity to help prevent unauthorisedactivity, application bypass and SQL injections, illegal access to sensitive data etc. • Highly accurate SQL grammar based analysis, no false positives • White-list, black-list, and exception-list based security policies • Built-in and custom compliance reports for regulations © 2011 Oracle Corporation 8
9.
Oracle Database Firewall
Positive Security Model Based Enforcement White List Allow Block Applications • White-list based policies enforce normal or expected behavior • Policies evaluate factors such as time, day, network, and application • Easily generate white-lists for any application • Out of policy SQL statements can be logged, alerted, blocked or substituted with a harmless SQL statement • SQL substitution foils attackers without disrupting applications © 2011 Oracle Corporation 9
10.
Oracle Database Firewall
Negative Security Model Based Enforcement Black List Allow Block Applications • Stop specific unwanted SQL commands, user or schema access • Prevent privilege or role escalation and unauthorisedaccess to sensitive data • Black list policies can evaluate factors such as day, time, network, and application © 2011 Oracle Corporation 10
11.
Oracle Database Firewall
Scalable and Safe Policy Enforcement Log Allow SELECT * FROM accounts Alert Becomes SELECT * FROM dual where 1=0 Substitute Applications Block • Innovative SQL grammar technology reduces millions of SQL statements into a small number of SQL characteristics or “clusters” • Flexible enforcement at SQL level: block, substitute, alert and pass, log only • SQL substitution foils attackers without disrupting applications • Centralisedpolicy management and reporting • Superior performance and policy scalability © 2011 Oracle Corporation 11
12.
SQL Injection
Too much trust in applications SELECT *FROMdvd_stock WHERE catalog-no = 'PHE8131' AND location = 1 Allow SELECT *FROMdvd_stock Block WHERE catalog-no = '' Application UNION SELECTcardNo, customerId, 0 FROM DVD_Orders–-' AND location = 1 • Applications are given high levels of privilege • Database trusts the application • “Users” subvert the application to access to the database (and beyond) • Each application is unique • Regular expression black lists are ineffective • Grammar based white list blocks SQL injection attacks © 2011 Oracle Corporation 12
13.
Oracle Database Firewall
Semantic Analysis and Policy Creation • Train the Analyser on Firewall logs • Automatically generate White Lists • Create exceptions • Create default actions for unrecognised SQL/anomalies • Novelty policies • Assign threat levels • Assign actions • Set policies for Logon/Logoff and Failed Login © 2011 Oracle Corporation 13
14.
Oracle Database Firewall
Data Masking • Prevents creating yet another database with sensitive and regulated data • Sensitive and regulated information contained in SQL statements can be masked or redacted in real-time prior to being logged • Flexible masking policies allow masking all data or just specific columns • Critical for organisationswho want to monitor and log all database activity © 2011 Oracle Corporation 14
15.
Oracle Database Firewall
Reporting • Database Firewall log data consolidated into reporting database • Dozens of built in reports that can be modified and customised • Database activity and privileged user reports • Entitlements reporting for database attestation and audit • Supports demonstrating controls for PCI, SOX, HIPAA, etc. • Logged SQL statements can be sanitisedof sensitive PII data © 2011 Oracle Corporation 15
16.
Oracle Database Firewall
Local Monitor Architecture In-Line Blocking and Monitoring Out-of-Band Inbound Monitoring SQL Traffic HA Mode Policy Management Analyser Server(s) • In-line blocking and monitoring, or out-of-band monitoring modes • High availability with parallelFirewalls / Management Servers • Monitoring of remote databases by forwarding network traffic • Application agnostic • Support for Oracle and non-Oracle Databases © 2011 Oracle Corporation 16
17.
Oracle Database Firewall
Fast and Flexible Deployments Application Servers Users Database Out-of-Band Router Firewall Database Servers Host Based In-Line Agent • In-Line: All database traffic goes through the Oracle Database Firewall • Out-of-Band/Passive: Database Firewall connected to a SPAN port or TAP • Optional Host Based Remote or Local Monitors • Can send network traffic from the database host to the Database Firewall • Can send non-network database activity to the Database Firewall to identify unauthoriseduse of local console or remote sessions © 2011 Oracle Corporation 17
18.
Major US East-Coast
Bank Active Database Firewall • Protect business critical databases to prevent unauthorisedaccess, data loss and PII exposure Business Challenges • Monitor and protect over 600 databases across 7 international data centers. • Minimal impact to existing database performance • Oracle Database Firewall for real-time database protection and monitoring of billions of transactions Solution per day • Prevent unauthorised data access and malicious activity • Passed internal and external audit • Demonstrate active controls over data access and Business Results database systems • Standardised security, alerts and reporting across the complete business © 2011 Oracle Corporation 18
19.
Major US Investment
Bank Auditing Data Changes • Monitor 60+ databases • Track every change to customer data Business Challenges • Alert on unauthorisedchanges to stored procedures or user roles and privileges • Automated report distribution to internal auditors • Database Firewall deployed in heterogeneous environments providing monitoring and reporting on Solution every change to customer data • Monitor procedure and user role changes with full separation of duties from existing DBA team • Passes daily audits Business Results • Audit data ready for sign-off automatically emailed before the start of business © 2011 Oracle Corporation 19
20.
Major European Government
Protecting Government Data and PII • Prevent access to highly sensitive citizen data other than via certified application Business Challenges • Enforce strict application behavior through white-list • Monitor and audit every transaction 24x365 • Six fully redundant pairs of Database Firewall to maintain a complete database security perimeter Solution • Critical high-availability architecture to meet strict service-level requirements • Complete protection from unauthorisedaccess, hacking of malicious changes to application code Business Results • Highly sensitive citizen data protected by continuously available firewall perimeter • Meets government standards for PII data storage © 2011 Oracle Corporation 20
21.
Heterogeneous Database Support
• Oracle 8i, 9i, 10g, 11g • MS-SQL 2000, 2005, 2008 • Sybase 12.5.4 to 15.0.x • SQL Anywhere 10.x • DB2 9.x for LUW © 2011 Oracle Corporation 21
22.
Oracle Database Security
Solutions Inside. Outside. Complete. • Monitor and block threats before they reach databases • Track changes and audit database activity • Control access to data within the database • Prevent access by non database users • Transparency, high performance, accuracy Monitoring Access Auditing & Encryption & Blocking Control Tracking & Masking • Database Firewall • Database Vault • Audit Vault • Advanced Security • Label Security • Configuration • Secure Backup • Identity Management Management • Data Masking • Total Recall © 2011 Oracle Corporation 22
23.
For More Information
search.oracle.com database security or oracle.com/database/security © 2011 Oracle Corporation 23
24.
© 2011 Oracle
Corporation 24
25.
Remote/Local Monitor
• Remote Monitor • Runs on the server operating system. • Sends database transactions to Oracle Database Firewall • Supported platforms is by OS -- and then by the RDBMS platforms that DBFW support: • Local Monitor • Resides inside a database • Monitors local / non-network access. © 2011 Oracle Corporation 25
26.
User Role Reporting
• Entitlement Reports • User names • User roles and privileges • Last changed, changed by whom and when • Automated and transparent • User role reporting can be run ad-hoc or scheduled • Report on user roles and privileges • Deltas since the last report © 2011 Oracle Corporation 26
27.
Stored Procedure Reporting
• Stored procedure contents • Its not enough to know a procedure was run, it is important to know what SQL was executed when the procedure is called. • Stored procedure reports • Name • Content • Threat rating (injection risk, system tables etc). • Stored procedure type (DML, DDL, DCL, SELECT etc) • Last changed, changed by whom and when • Automated and transparent • Stored procedure reporting can be run adhoc or scheduled © 2011 Oracle Corporation 27
28.
The Cost of
Inaccuracy select * from hr.employees; 3,000 transactions per second 260 million transactions per day © 2011 Oracle Corporation 28
29.
© 2011 Oracle
Corporation 29
Notes de l'éditeur
Add one slide after on database firewall category