ppt dbsec-oow2013-avdf
TRANSCRIPT
Oracle Audit Vault and Database Firewall :First Line of Defense In Data Security
Melody LiuSenior Principal Product Manager
Oracle Database Security
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.2
Program Agenda
Introduction
Overview of Oracle Audit Vault and Database Firewall
Key Features
Demo
Q&A
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.3
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.4
Oracle Audit Vault and Database Firewall Overview
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.5
Oracle Database Security SolutionsDefense-in-Depth for Maximum Security
Activity Monitoring
Database Firewall
Auditing and Reporting
DETECTIVE
Redaction and Masking
Privileged User Controls
Encryption
PREVENTIVE ADMINISTRATIVE
Sensitive Data Discovery
Configuration Management
Privilege Analysis
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.6
Oracle Audit Vault and Database Firewall
APPS
Users
AUDIT
DATA
AUDIT VAULT
Firewall Events
Database Firewall
AUDIT DATA
Operating SystemsFile SystemsDirectories
Custom Audit DataA
UD
IT D
ATA
Reports
!Alerts
Policies
Auditor
Security Manager
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.7
Heterogeneous Enterprise Auditing Collection with Audit Vault Server
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.8
Heterogeneous Enterprise Auditing Collection with Audit Vault Server
AUDIT VAULT
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.9
Audit Vault Server
Central Repository of Audit Event Data
Extensive and Customizable Reporting
Powerful Alerting
Enterprise Scale Deployment
Heterogeneous Enterprise Audit Collection
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.10
Audit Vault Server
Central Repository of Audit Event Data
Extensive and Customizable Reporting
Powerful Alerting
Enterprise Scale Deployment
Heterogeneous Enterprise Audit Collection
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.11
Audit Vault ServerCentral Repository of Audit Event Data
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.12
Audit Vault ServerCentral Repository of Audit Event Data
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.13
Audit Vault ServerCentral Repository of Audit Event Data
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.14
Audit Vault Server
Central Repository of Audit Event Data
Extensive and Customizable Reporting
Powerful Alerting
Enterprise Scale Deployment
Heterogeneous Enterprise Audit Collection
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.15
Audit Vault ServerExtensive and Customizable Reporting
Dozens of predefined reports
Flexible interactive browsing
Customizable reporting
Scheduling, notification & attestation
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.16
Audit Vault ServerExtensive and Customizable Reporting – Entitlement Report
Create meaningful users.Remove snapshot time, tablespace
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.17
Audit Vault Server
Central Repository of Audit Event Data
Extensive and Customizable Reporting
Powerful Alerting
Enterprise Scale Deployment
Heterogeneous Enterprise Audit Collection
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.18
Audit Vault ServerPowerful Alerting
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.19
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.20
Audit Vault Server
Central Repository of Audit Event Data
Extensive and Customizable Reporting
Powerful Alerting
Enterprise Scale Deployment
Heterogeneous Enterprise Audit Collection
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.21
Audit Vault Server
Built on Proven Oracle Technology
Secure – Fine-grained security groups– Strict separation of Duty
Life Cycle Management for Audit Event Data
3rd Party Integration & Custom Collection plug-in
Enterprise Scale Deployment
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.22
Audit Vault Server SummaryHeterogeneous Enterprise Audit Collection
AUDIT VAULT
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.23
Central Repository of Audit Event Data
Extensive and Customizable Reporting
Powerful Alerting
Enterprise Scale Deployment
Audit Vault Server SummaryHeterogeneous Enterprise Audit Collection
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.24
Database Monitoring with Database Firewall
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.25
SQL Injection#1 Risks on OWASP Most Critical Application Security Risks - 2013
• Anyone who can sent untrusted data to the database including external users, internal users, and administrators
Threat Agent
• EASY• Attacker sends text based attacks that exploit
the uncleansed syntaxAttack Vector
• SEVERE• Injection can result in data loss or corruption,
lack of accountability or complete host takeover
Impact
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.26
Database Firewall
Real-time Database Activity Monitoring on the Network
Capture Events for Analysis and Compliance Reporting
Flexible Deployment Models
SQL Injections Protection with Positive Policy Model
Constraining Activities with Negative Policy Model
First Line of Defence
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.27
Database Firewall
Real-time Database Activity Monitoring on the Network Capture Events for Analysis and Compliance Reporting Flexible Deployment Models
SQL Injections Protection with Positive Policy Model
Constraining Activities with Negative Policy Model
First Line of Defence
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.28
Database Firewall
Real-time Database Activity Monitoring on the Network
Capture Events for Analysis and Compliance Reporting
Flexible Deployment Models SQL Injections Protection with Positive Policy Model
Constraining Activities with Negative Policy Model
First Line of Defence
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.29
Database FirewallFlexible Deployment Models
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.30
Database Firewall
Real-time Database Activity Monitoring on the Network
Capture Events for Analysis and Compliance Reporting
Flexible Deployment Models
SQL Injections Protection with Positive Policy Model Constraining Activities with Negative Policy Model
First Line of Defence
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.31
Database FirewallSQL Injection Protection with Positive Policing Model
White List
Applications Block
Allow
SELECT * from stock where catalog-no='PHE8131'
SELECT * from stock where catalog-no=‘' union select cardNo,0,0 from Orders --’
• Define “allowed” behavior for any user or application• Automated whitelist generation for any application• Out-of-policy Database network interactions instantly blocked
Databases
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.32
Database Firewall
Real-time Database Activity Monitoring on the Network
Capture Events for Analysis and Compliance Reporting
Flexible Deployment Models
SQL Injections Protection with Positive Policy Model
Constraining Activities with Negative Policy Model
First Line of Defence
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.33
Database FirewallConstraining Activity with Negative Policing Model
• Stop specific “non-authorized” SQL interactions, user or schema access• Blacklisting can be done on IP address, application, DB user, OS user• Provide flexibility to authorized users while still monitoring activity
Black List
Block
AllowLogSELECT * from stock
SELECT * from stockDatabases
Non-authorizeduser activity
Legitimate data access
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.34
Other Key AVDF Features
Distributed as Soft Appliance
One Web UI Management Console for Admin and Auditor
Fine-Grained Security Groups
Strict Separation of Duty
Command Line Client for Automation and Scripting
Easy Installation & Administration
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.35
Enterprise Manager Cloud Control 12c Integration
EM integration
Database plugin 12.1.0.5
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.36
Summary in 1 Slide
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.37
Oracle Audit Vault and Database Firewall
APPS
Users
AUDIT
DATA
AUDIT VAULT
Firewall Events
Database Firewall AU
DIT
DATA
Reports
!Alerts
Policies
Auditor
Security Manager
AUDIT DATA
Operating SystemsFile SystemsDirectories
Custom Audit Data
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.38
Oracle Database Security SessionsTime Session Title
Monday 12:15 - 1:15 pm Security Inside-Out with Oracle Database 12c
Monday 1:45 - 2:45 pm Oracle Database 12c Real Application Security for Oracle Application Express
Monday 1:45 - 2:45 pm Oracle Audit Vault and Database Firewall: First Line of Defense in Data Security
Monday 4:45 – 5:45 pm Introducing Oracle Key Vault: Enterprise Database Encryption Key Management
Tuesday 3:45 – 4:45 New security capabilities in Oracle Database 12c
Tuesday 5:15 – 6:15 pm Oracle Audit Vault and Database Firewall: Deployment Best Practices
Wednesday 11:45 – 12:45 pm Oracle Database Security Solutions Customer Panel: Real-World Case Studies
Wednesday 3:30 – 4:30 pm DBA Best Practices for Protecting Data Privacy with Oracle’s Data Masking
Wednesday 5:00 – 6:00 pm Sensitive Data Redaction with Oracle Database 12c
Complimentary eBook Register Nowwww.mhprofessional.com/dbsecUse Code: db12c
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.40