oracle security tips nzoug’ 2010 rotorua, nz by: francisco munoz alvarez
TRANSCRIPT
![Page 1: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/1.jpg)
ORACLE SECURITY TIPSNZOUG’ 2010
Rotorua, NZ
By:Francisco Munoz Alvarez
![Page 2: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/2.jpg)
ORACLE SECURITY (Based on Oracle EMEA Security Workshop)
Francisco Munoz Alvarez
Oracle ACE DirectorPresident CLOUG, LAOUC & NZOUG8/9/10g/11g OCP, RAC OCE, AS OCA, E-Business OCP, SQL/PLSQL OCA, Oracle 7 OCMOracle 7 & 11GR2 Beta TesterITIL Certified
Blog: www.oraclenz.com - Email: [email protected] – Twitter : fcomunozBlog: www.oracleenespanol.com - Comunidad Oracle: www.oraclemania.ning.com
CEO at DBIS ™ Database Integrated Solutions www.dbisonline.comwww.dbis.co.nz
![Page 3: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/3.jpg)
The Rule:
“The most important rule with respect to data is to never put yourself into an unrecoverable situation.”
The importance of this guideline cannot be stressed enough, but it does not mean that you can never use time saving or performance enhancing options.
![Page 4: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/4.jpg)
Information Security Has Changed
![Page 5: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/5.jpg)
Hacking Steps
![Page 6: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/6.jpg)
OFFICIAL STATISTICSfrom Secret Service Germany
![Page 7: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/7.jpg)
SOME SHORT FACTS
![Page 8: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/8.jpg)
HIGH SCORE LIST
![Page 9: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/9.jpg)
2007/2008 SHOPPING LIST
![Page 10: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/10.jpg)
CRISIS SHOPPING LIST 2009
![Page 11: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/11.jpg)
CONCLUSION
![Page 12: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/12.jpg)
Some Oracle Security Tips
1) Grant privileges only to a user or application which requires the privilege to accomplish necessary work. Excessive granting of unnecessary privileges can compromise security.
![Page 13: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/13.jpg)
Some Oracle Security Tips
2)No administrative functions are to be performed by an application. For example create user, delete user, grant role, grant object privileges, etc.
![Page 14: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/14.jpg)
Some Oracle Security Tips
3) Privileges for schema or database owner objects should be granted via a role and not explicitly. Do not use the “ALL” option when granting object privileges, instead specify the exact privilege needed, such as select, update, insert, delete.
![Page 15: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/15.jpg)
Some Oracle Security Tips
4)Password protected roles may be implemented to allow an application to control access to its data. Thereby, end users may not access the application’s data from outside the application.
![Page 16: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/16.jpg)
Some Oracle Security Tips
5)Access to Administrative or System user accounts should be restricted to authorized DBAs.
![Page 17: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/17.jpg)
Some Oracle Security Tips
6) Do not grant system supplied database roles. These roles may have administrative privileges and the role privileges may change with new releases of the database.
![Page 18: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/18.jpg)
Some Oracle Security Tips
7) Database catalog access should be restricted. Example: Use “USER_VIEWS” instead of “DBA_VIEWS” for an Oracle database.
![Page 19: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/19.jpg)
Some Oracle Security Tips
8) Privileges granted to PUBLIC are accessible to every user and should be granted only when necessary.
![Page 20: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/20.jpg)
Some Oracle Security Tips
9) Any password stored by applications in the database should be encrypted.
![Page 21: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/21.jpg)
Some Oracle Security Tips
10) Applications should not “DROP”, “CREATE” or “ALTER” objects within the application.
![Page 22: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/22.jpg)
Some Oracle Security Tips
11) Utilize the shared database infrastructure to share cost whenever possible.
![Page 23: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/23.jpg)
Some Oracle Security Tips
12) Applications should not access the database with the same security as the owner of the database objects. For example on SQL Server do not grant the “dbowner” role and on Oracle do not use the Schema userid to connect to the database. Setup another userid with the necessary privileges to run the application.
![Page 24: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/24.jpg)
Some Oracle Security Tips
12) Database integrity should be enforced on the database using foreign keys not in the application code. This helps prevent code outside the application from creating orphan records and/or invalid data.
![Page 25: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/25.jpg)
Some Oracle Security Tips
12) Do not hard code username and passwords in the application source code.
![Page 26: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/26.jpg)
Some Oracle Security Tips
13) Ensure external users have the least privilege possible.
![Page 27: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/27.jpg)
Some Oracle Security Tips
13) Ensure external users have the least privilege possible.
![Page 28: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/28.jpg)
Some Oracle Security Tips
14) Ensure external users have the least privilege possible.
![Page 29: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/29.jpg)
Oracle Security Solutions
![Page 30: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/30.jpg)
Oracle Security Components
![Page 31: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/31.jpg)
DB ENVIRONMENT
![Page 32: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/32.jpg)
Security Data in Rest/Access Control
![Page 33: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/33.jpg)
WHAT IS ASO?
![Page 34: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/34.jpg)
What Security Problems does ASO solve?
![Page 35: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/35.jpg)
ASO BENEFITS
![Page 36: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/36.jpg)
TDE – Transparent Data Encryption
![Page 37: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/37.jpg)
TDE – Transparent Data Encryption
![Page 38: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/38.jpg)
TDE – Transparent Data Encryption
![Page 39: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/39.jpg)
SECURING DATA IN MOTION
![Page 40: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/40.jpg)
NETWORK ENCRYPTION
![Page 41: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/41.jpg)
SECURING BACKUP
![Page 42: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/42.jpg)
SECURING BACKUPExamples
![Page 43: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/43.jpg)
DATAMASKING
![Page 44: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/44.jpg)
WHAT IS DATAMASKING?
![Page 45: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/45.jpg)
PREVENT MODIFICATIONS BY UNAUTHORIZED USERS
![Page 46: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/46.jpg)
WHAT IS DATA VAULT?
![Page 47: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/47.jpg)
DATA VAULT HELP TO SOLVE:
![Page 48: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/48.jpg)
DATA VAULT VsVPD and OLS
![Page 49: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/49.jpg)
DATABASE VAULT Realms and Rule
![Page 50: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/50.jpg)
DATA VAULT REPORTS
![Page 51: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/51.jpg)
DATA VAULT EXAMPLES
![Page 52: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/52.jpg)
HIGHLY SECURED ENVIROMENTS AUDIT VALT
![Page 53: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/53.jpg)
AUDIT VAULT EXAMPLES
![Page 54: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/54.jpg)
AUDIT VAULT REPORTSWho, What, When, Where
![Page 55: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/55.jpg)
AUDIT VAULT DASHBOARD
![Page 56: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/56.jpg)
AUDIT VAULT SUMMARY
![Page 57: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/57.jpg)
PROGRAM
The Oracle ACE Program is designed to recognize and reward members of the Oracle Technology and Applications communities for their contributions to those communities. These individuals are technically proficient (when applicable) and willingly share their knowledge and experiences.
The program comprises two levels: Oracle ACE and Oracle ACE Director.
The former designation is Oracle's way of saying "thank you" to community contributors for their efforts; we (and the community) appreciate their enthusiasm. The latter designation is for community enthusiasts who not only share their knowledge (usually in extraordinary ways), but also want to increase their community advocacy and work more proactively with Oracle to find opportunities for the same. In this sense, Oracle ACE is "backward looking" and Oracle ACE Director is "forward looking."
![Page 58: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/58.jpg)
PROGRAM
![Page 59: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/59.jpg)
PROGRAM
![Page 60: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/60.jpg)
PROGRAM
![Page 61: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/61.jpg)
Questions?
![Page 62: ORACLE SECURITY TIPS NZOUG’ 2010 Rotorua, NZ By: Francisco Munoz Alvarez](https://reader036.vdocument.in/reader036/viewer/2022062718/56649e695503460f94b66dd8/html5/thumbnails/62.jpg)
Thank you !