CNG HA

C S D LiU

Bin son: Ng Duy Anh-2010

Ni Dung

Ni dung tho lun trong phn ny bao gm:

Tng quan cng ha h thng c s d liu
Chn la hng dn cho vic cng ha Oracle
Cng c s dng nh gi im d tn thng (VA
Tools)
C s to v duy tr cu hnh an ton bo mt
Lm sch d liu i vi mi trng th nghim

Phn II - 2

Tho lun: Phng th chiu su

Bin son: Ng Duy Anh-2010

Tng quan cng ha h thng c s d liu

Chn la hng dn cho vic cng ha Oracle
Cng c s dng nh gi im d tn thng (VA
Tools)
C s to v duy tr cu hnh an ton bo mt
Lm sch d liu i vi mi trng th nghim

Tho lun: Phng th chiu su

Phn II - 3

Bin son: Ng Duy Anh-2010

Tng quan cng ha h thng

Vic lm cng ha h thng l qu trinh cu hnh mt cch
an ton h thng bo v h thng khi s truy cp tri
php.
Vic lm cng h thng
l cn
thit
i
vi bt
k h thng

no c mt lot cc ty chn cu hnh, v l phng n kh

thi vi bt k h thng no c y bin php bo m
thch hp cho vic s dng trong cc mi trng nh hng
bo mt.
Mc ch lm cng ha h thng l loi tr nguy c bo mt
cng nhiu cng tt
tt. Thc hin bng cch
Loi b tt c cc yu t khng cn thit t h thng.
Ty chn cu hnh gii hn truy cp v gim thiu ri ro

Phn II - 4

Bin son: Ng Duy Anh-2010

Cng ha CSDL Oracle

Oracle pht trin nhiu la chn hn, v nhiu la chn sn c
trong h thng, cc cc ty chn ny cung cp cch thc mi
truy cp d liu.
i khi nhiu la chn khng thch hp gip cho k tn cng truy
cp tri php.
Kh khn hn trong vic lm cng ha v nhng ri ro bo mt c
th c mt trong h thng
Nhng Oracle cng c nhiu ty chn bo mt hn sn c s
dng bo mt.
Cng ha CSDL Oracle bao gm mt lot cc hot ng lin quan
nhiu
n
hi lloii t
ty chn
h cu
h
hnh
h
Hng dn quan trong nht l Tnh nng khng s dng th g b
Cng gim thiu b mt tip xc, th cng an ton.

Phn II - 5

Bin son: Ng Duy Anh-2010

Cng ha CSDL Oracle

Hy b hoc kha cc ti khon c nh ngha trc

m bn khng s dng. Thay i mt khu cho nhng ti
khon c nh ngha trc m bn cn s dng
(O l 11
(Oracle
11g c
cu
hnh
h h nh
h vy)
)
Hy b cc Roles nh ngha trc m bn khng s
dng.
Hy b cc thnh phn trong phn mm c s d liu m
bn khng s dng.
Hy b ty chn m bn khng s dng - chng hn, loi
b EXTPROC t Listener nu bn khng s dng external
procedure.
Hy b c quyn t Public m bn khng yu cu.
Vic a ra danh sch cc hot ng cn xem xt l cng
vic ln.

Phn II - 6

Bin son: Ng Duy Anh-2010

Tng quan cng ha h thng c s d liu

Chn la hng dn cho vic cng ha Oracle
Cng c s dng nh gi im d tn thng (VA
Tools)
C s to v duy tr cu hnh an ton bo mt
Lm sch d liu i vi mi trng th nghim

Tho lun: Phng th chiu su

Phn II - 7

Bin son: Ng Duy Anh-2010

Hng dn cho vic lm cng Oracle

Lm cng mt h thng phc tp bt k gm nhiu chi tit
nh, mt h thng c th c nhiu cu hnh
Bn cn c mt danh sch cc cng vic bn cn thc hin
(hoc chng thc)
to ra mt cu
hnh cng.
Vi Oracle l mt danh sch di, nhng c cng khai v
min ph
C 2 ti liu hng dn vit rt k cng cn thn i vi vic
ci t mt h thng c cu hnh an ton. Bn cn xem khi
to qu trnh x l vic cng ha ca ring bn

Phn II - 8

D t b
Database
S
Security
it Technical
T h i l IImplementation
l
t ti G
Guide
id (STIG)
c pht trin bi Defense Information Systems Agency
(DISA) cho Department of Defense (DOD)
Center for Internet Security (CIS) Benchmark for Oracle
c pht trin bi CIS
Bin son: Ng Duy Anh-2010

1. Database STIG
STIGs l ti liu c xut bn bi cc DISA h tr ci
thin an ninh ca h thng thng tin ca B Quc phng
C nhiu ti liu STIG-tt c chng c th truy cp ti:
http://iase.disa.mil/stigs/stig/index.html
Danh sch kim tra (checklist) c th ti ti:
http://iase.disa.mil/stigs/checklist/index.html

Database STIG tp trung vo cc CSDL quan h

Database STIG c mt phn chung vch ra hng dn

lin quan n bt k h thng qun l c s d liu
(DBMS) no v c mt phn c th cho Oracle c thm
cc bc lin quan ch cho ring Oracle.

Phn II - 9

Bin son: Ng Duy Anh-2010

STIGs: Phn chung cho cc h thng DBMS

1. Integrity (tnh ton vn)
a. Software integrity
b. Database software development
c. Ad-hoc queries
d. Multiple services host systems
e. Data integrityincluding file integrity, software baseline, and file
backup and recovery

2. Discretionary access control (iu khin quyn truy cp)

a. Account control
b. Authentication
c. Database accounts
d. Authorizations
e. Protection of sensitive data
f. Protection of stored applications
g. Protection of database files
Phn II - 10

Bin son: Ng Duy Anh-2010

STIGs: Phn chung cho cc h thng DBMS

(tip theo)

3. Database auditing
a. Audit data requirements
b. Audit data backups
c. Audit data reviews
d. Audit data access
e. Database monitoring

4. Network access
a. Protection of database identification parameters
b. Network connections to the database
c. Database replication
d. Database links

5. Operating system (OS)

a. File access
b. Local database accounts
c. Administrator accounts
d. OS groups
Phn II - 11

Bin son: Ng Duy Anh-2010

STIGs: Cc chnh sch c th ring cho Oracle

6. Oracle access control
a. Oracle identification and authentication
b. Oracle connection pooling
c. Secure distributed computing
d. Oracle administrative connections
e. Oracle administrative OS groups
f. Default accounts
g. Default passwords
h. Oracle password management requirements

7. Oracle authorizations
a. Predefined roles
b. System privileges
c. Object privileges
d. Administration of privileges

8. Oracle replication
Phn II - 12

Bin son: Ng Duy Anh-2010

STIGs: Cc chnh sch c th ring cho Oracle

(tip theo)

9. Network security
a. Encrypting network logins
b. Protecting network communications
c. Listener security
d. XML DB protocol server

10. Oracle Intelligent Agent/Oracle Enterprise Manager (OEM)

11. Oracle account protections
12. ARCHIVELOG
13. Securing SQL*Plus
14. Protecting stored procedures
15. Oracle trace utility
16. Auditing in Oracleincludes standard auditing, fine-grained
auditing, mandatory auditing, and architectural discussions
Phn II - 13

Bin son: Ng Duy Anh-2010

STIGs: Cc chnh sch c th ring cho Oracle

(tip theo)

17. File and directory permissions at the OS level

18. Critical file managementincluding
g
g control files,, redo log
g
files, and data files
19. Optimal Flexible Architecture (OFA)
20. Initialization parameters
21. Miscellaneous OS requirementsincluding Unix, Window,
and z/OS

Phn II - 14

Bin son: Ng Duy Anh-2010

2. CIS Oracle Benchmark

CCIS (www.cisecurity.org) ban hnh cc chun CIS cho
Oracle nh l mt phn ca mt tp hp cc tiu ch chun,
rt nhiu cng c, phn mm, d liu, v cc dch v khc

c
cng
b nh
h l mt
t dch
d h v cho
h tt c
ngi
i d
dng ttrn

ton th gii.
Bn c th ti v cc tiu chun t:
http://www.cisecurity.org/bench_oracle.html
Cc khuyeend ngh trong kt qu Oracle benchmark l mt qu trnh
xy dng ng thun t cc chuyn gia bo mt Oracle hng u
Cc chun CIS c dng ca mt danh sch kim tra chia thnh mt
s on
Trong mi phn l mt danh sch cc mc cn c xc nhn

Mi mc nh vy bao gm: m t, cc hnh ng hoc

ngh thit lp cho cc tham s, kin, phin bn Oracle p
dng, h iu hnh..

Phn II - 15

Bin son: Ng Duy Anh-2010

Cc phn chnh CIS Oracle benchmark

1. OS-specific settings
2. Installation and patch
3. Oracle directory and file permissions
4. Oracle parameter settings
5. Encryption-specific settings
6. Startup and shutdown
7. Backup and disaster recovery
8. Oracle user profile setup settings
9. Oracle user profile access settings
10 E
10.
Enterprise
t
i M
Manager/Grid
/G id C
Control/Agents
t l/A
t
11. Items relevant to specific subsystems
12. General policy and procedures
13. Auditing policy and procedures
14. Appendix Aadditional settings
Phn II - 16

Bin son: Ng Duy Anh-2010

Tm tt 02 ti liu

C hai ti liu c cch tip cn rng i vi vic cng ha

CSDL
Khng c gii thch theo ngha hp vic cng ha CSDL m
ch bao hm cc thit
lp cu
hnh nht
nh, loi b cc
thnh phn mc nh, kha ngi s dng,
Cung cp mt danh sch y bao gm c nhng hot
ng phi c kim ton, chia ra trch nhim cn thc
hin u, v nhng hot ng cn phi c thc hin,
vv
STIG tp trung hn vo vic ci t chung,
chung process-tin
process tin
trnh, roles-vai trnhng vn cn tham gia trong vic
an ton bo mt mi trng Oracle.

Phn II - 17

Bin son: Ng Duy Anh-2010

Hai vic cn nh v vic chn hng dn

cng ha CSDL
1. Khng nn t mnh ngh v xy dng danh sch kim tra
(checklist) vic lm cng CSDL; C cc hng dn tt cho
bn chn la nh l CIS Oracle benchmark hoc Database
STIG
2. S dng cc ti liu ny khng ch l mt hng dn lm
cng CSDL m cn l c s ci t an ton bo mt Oracle
mt cch ton din. Cc ti liu ny phc tho cc thit lp
cu hnh cng nh phc tho cc tin trnh, th tc v nhng
g bn cn tp trung vo. Theo nhiu cch tt c bi hc
g kha ny
yg
gii thch lm th no s dng
g cng
g c

trong
Oracle thc hin iu m hai ti liu ngh bn lm.

Phn II - 18

Bin son: Ng Duy Anh-2010

Hng dn cng c s dng

nh gi im d tn thng (VA Tools)

Vic s dng checklist vic cng ha h thng l n gin

nhng t nht
Checklist c nhiu phn kim tra v chnh sa c th c
thc hin t ng
Trong thc t khng t ng cc cng vic ny nhanh
chng tr ln khng th qun l (trong trng hp bn c
hng chc, hng trm trng hp v tt c khng th ph
hp s dng vi ch 1 gold build.
Cng c c s dng gi l vulnerability assessment (VA)
tools hoc vulnerability scanners

Phn II - 19

Bin son: Ng Duy Anh-2010

Vulnerability assessment (VA) tools

Qut cc trng hp CSDL v a ra kt qu mt bo co

cho thy nhng thay i cn thc hin lm CSDL an
ton hn
Kt
qu trnh by di hnh thc 1 bn bo co an ninh v
phn loi cc vn , khuyn co thc hin CSDL an
ton hn, tit kim hu ht cc cng vic t nht lin quan
r sot c s d liu v s lin kt kt qu vi checklists

Phn II - 20

Bin son: Ng Duy Anh-2010

10

VA tools
C nhiu cng c VA cho Oracle bao gm: AppDetective,
AppSentry, Guardium, IPLocks,v NGS Squirrel
VA Tool thc hin nhiu loi kim tra, cc loi ny c th chia
lm 3 nhm chnh:
Kim tra l hng phn mm
Kim tra cu hnh sai
Kim tra vic s dng sai i vi CSDL
Tt c cc kim tra l cn thit kim tra l hng trong c s d liu ca bn.

Vic kim tra cc l hng (trong tt c cc loi) c thc

bng
g cch s dng
g mt
cch tip
p cn
a hng.
g
hin
Mt s iu c th c kim tra t bn ngoi vo
Mt s kim tra khc c thc hin t bn trong c s d liu.

Cng c VA c nhiu ch lm vic cung cp cho bn

hnh nh y .
Phn II - 21

Bin son: Ng Duy Anh-2010

Ba iu cn nh v vic
S dng mt cng c nh gi
1. Mt s cng c VA l phn mm quyt c lp v nhng
cng c khc l mt phn ca b sn phm phn mm bo
mt CSDL ln hn. Nu bn ang mun thc hin y
cc
ki
kin ngh
h d
do D
Database
t b
STIG trong
t
danh
d h sch
h ki
kim ttra
CIS, Bn nn xem xt cc b sn phm c th h kim ton
vic trin khai ca bn, thc hin pht hin xm nhp, chia
tch trch nhim,v.v..
2. VA qut kim tra c hai l hng v CPU ci t (hoc bn
cn phi ci t) cng nh cc cu hnh ca CSDL.
3 Mt s cc kim tra m bn cn thc hin c cp h
3.
iu hnh. Hy chc chn rng cng c VA bn chn c th
thc hin kim tra v s hu tp tin, quyn tp tin, ..vv..

Phn II - 22

Bin son: Ng Duy Anh-2010

11

C sTo v Duy tr
mt cu hnh an ton bo mt
Khi hon thnh vic lm cng CSDL, bn c mt cu hnh
cht ch, nhng bn cn phi m bo rng n vn cn cht
ch v khng b gim st theo thi gian.
C hai iu
bn c th
lm g
m bo duy tr cu
hnh an
ton bo mt
Thc hin chy cc nh gi trn c s lch c lp
tm cc l hng mi khi chng c to ra
V To ra mt c s i vi mt cu hnh m bn ng vi
n v theo di bt k thay i t cu hnh ny bng cch s
dng
g mt cnh bo cn phi c xem xt v ph duyt.
y
Cc thc hin tt nht cho thy rng bn lm c hai bi v chng b
sung cho nhau

Cng c theo di s thay i to ra mt ng ranh gii gia

cc cu hnh ca bn v cnh bo bn v bt k thay i no
c thc hin.
Phn II - 23

Bin son: Ng Duy Anh-2010

Cng c theo di cc thay i

l mt phn ca vic thc hin bo mt c s d liu
l cch duy nht bn c th m bo rng khng c ai
thay th cc file ca bn vi cc phin bn Trojan
l nhng cch hiu qu nht m bo rng scipts
chy theo nh k khng c s dng nh l mt l
mt im ca s tha hip.
Hy tm mt cng c VA bao gm mt cng c theo di s
thay i m bo vic tun th v duy tr tnh lin tc

Phn II - 24

Bin son: Ng Duy Anh-2010

12

Ba iu cn nh v c s
to v duy tr cu hnh an ton bo mt
1. Cng c theo di cc thay i c s dng nhiu ln trong
vic thc hin bo mt Oracle.Mt s trong s ny c th to
v theo di c s an ton bo mt tip theo giai on lm
cng
h
ha. C
Cc cng
c VA kt hp
h vi
i cng
c theo
th di th
thay
i cho bn nhiu la chn hn trong vic tun th c
tip tc
2. Baseline c to ra bi vic to ra bn tm tt c h thng
xc nh duy nht file v script. Bt k thay i no s c
a ra bo co
3 Baseline bao gm bng tm tt c h thng danh sch cc
3.
file khng ln thay i, tm tt cc kt qu script OS, tm tt
cc kt qu truy vn, tm tt cc gi tr bin mi trng,
hoc cc im nhp trong regitry

Phn II - 25

Bin son: Ng Duy Anh-2010

Cp nht bn v li Oracle
Critical Patch Updates (CPU)

Lun lun ci t bn v li cho cc vn an ninh ngay khi

chng c sn t Oracle
Khi cc l hng c pht hin, Oracle a ra cc bn v v
bn phi ci t bn v
loi b cc l hng

Cc bn v bo mt c a ra vi hnh thc CPU,Mt

CPU l mt gi cc bn v li c pht hnh hng qu
khc phc cc vn an ninh
CPU c a ra t nm 2005, trc khi CPU c c
s dng cc cnh bo (Alert) v an ninh c ban hnh khi
cc l hng c pht hin v c sa li
Oracle CPU bao gm cc bn v sa li cho tt c cc thnh
phn phn mm ca Oracle
Mi bn v c pht hnh ng vi mi phin bn ca
CSDL, Application Server, Enterprise Manager.
Phn II - 26

Bin son: Ng Duy Anh-2010

13

Cp nht bn v li Oracle
Critical Patch Updates (CPU)

Nm 2007, oracle gii thiu bn v x l p dng cho nhiu

sn phm 1 lc (n-apply process) cc bn v c pht hnh
i vi Oracle E-Business Suite, PeopleSoft, Siebel, v cc
d
ng
dng kh
khc.
Cc bn v li cho c s d liu c tch ly cc CPU
mi nht bao gm tt c cc bn sa li cc CPU trc
(tr khi c quy nh khc)
Mi CPU bao gm tp hp cc bn v li, mt t vn
(advisory), cc ghi ch trc khi ci t, cc ghi ch v phin
bn

Phn II - 27

Bin son: Ng Duy Anh-2010

V d: database risk matrix in a CPU.

Phn II - 28

Bin son: Ng Duy Anh-2010

14

Common Vulnerability Scoring System (CVSS)

H thng nh gi l hng bo mt

Phn II - 29

Bin son: Ng Duy Anh-2010

Database n-Apply CPUs

CPU thng 7/2007 vi nh dng n-Apply CPU c nhng li
ch sau:
Cc bn v c ty bin gi quyt c cc xung t
Loi tr c vic rollback v ci li cc CPU thc s
c ci t gim thiu gii hn thi gian cht. CPU vn cn
tch ly, nhng vy qu trnh ci t c ci thin.
Kh nng thc hin ci t ch cc phn CPU mi c sa
li hn l phi ci t li ton b cc CPU

N-Apply CPU l mt tp tin zip c cha cc phn t v c

bng
g cch s dng
g opatch.
p
Mi p
phn t l mt
nhm
ci t
cc bn sa li bo mt. Mi Phn t l mt bn v c lp
khng xung t vi bt k phn t no khc trong CPU.

Phn II - 30

Bin son: Ng Duy Anh-2010

15

5 iu cn nh v CPU
1. CPU c pht hnh ba thng mt ln ti cc ngy c th,
bn c th hoch nh trc th nghim v trin khai cc
bn sa li.
2. CPU bao gm
cc bn sa li bo mt cho l hng
c
pht hin. iu rt quan trng p dng bn sa li bo
mt v y l cch tt nht bo v mnh khi cc cuc tn
cng khai thc l hng
3. CPU bao gm mt ma trn cc nguy c cho php xc nh
cch thc lm th no sa li cho cc mi trng ca
bn
4. CPU c tch ly, nu p dng cc CPU mi nht bao
gm tt c cc bn sa li cho tt c cc l hng trc y.
5. Vic gi n-Apply CPU cho php trin khai mt s l hng
mi so vi l hng c c a ra trong 1 bn v duy nht
Phn II - 31

Bin son: Ng Duy Anh-2010

Lm sch d liu i
vi mi trng th nghim
Cc DBA m bo vic export d liu t production database
cho mc ch pht trin hoc th nghim, cc thng tin
nhy cm nh lng, thng tin c nhn,..b loi b hoc b
sa
i
i.
Cc Production database thng c gim st v qun l
vic truy nhp cao hn so vi mi trng pht trin, iu ny
ch c ngha khi d liu trong mi trng th nghim v
pht trin thp hn so vi product
Cc nh pht trin c th truy cp c s d liu pht trin v
th nghim,
nghim nhng thng khng c vo my ch product

Phn II - 32

Bin son: Ng Duy Anh-2010

16

Lm sch d liu nhy cm

L mt cng vic ht sc kh khn, khng ch bn cn phi
bit ni lu gi d liu nhy cm bn cn phi:

Thay i rt nhiu d liu m khng lm mt hiu lc ca ng dng cho cc th

nghim (test d liu)
Bn khng th thay i ngu nhin d liu. Nu c cc foreign keys cn chc
chm rng key c bo ton v tt c tham chiu l nguyn vn
Mt vi fields i hi vic m ha logic
Chc chn rng d liu cc ct c s dng cho index dy tr vic phn b thng
k l gn vi d liu product, nu khng vic kim tra v tc thc hin s
khng th hin c gn vi mi trng product

Trn tt c l vic lm sch d liu product trc khi th

nghim l vn kh gii quyt
quyt, l l do ti sao nhiu t
chc pht trin khng lm iu v s dng d liu product
nh l d liu th nghim. iu ny vi php cc hng dn
an ninh

Phn II - 33

Bin son: Ng Duy Anh-2010

Enterprise Management Grid Control

Cng c u tin gip bn lm iu ny l la chn Data
Masking trong Enterprise Manager
Cc bc cho php la chn Data Masking trong Enterprise
Management Grid Control:

Bc 1: Log onto EM
Bc 2: Kch chn Targets tab v Databases subtab
Bc 3: La chn database m bn mun mt l d liu nhy cm
Bc 4: Kch vo lin kt Administration. gc di bn phi l
phn Data Masking:

Lin kt Definitions cho php bn thit lp cc quy tc lc.

lc

Lin kt Format Library cho php bn xy dng mt th vin Data Masking.

Mt nh dng mt n d liu xc nh cch bn mun mt n d liu nhy

cm.

Phn II - 34

Bin son: Ng Duy Anh-2010

17

Enterprise Management Grid Control

(tip theo)

Bc 5: Kch lin kt Format Library, a n mt trang vi mt

danh sch cc nh dng c sn. Bm vo Create.

Bc 6: Hnh trn cho thy mt nh dng che cc s an sinh x hi. Nhng con
s ny c mt mu ca [0-9] {3} - [0-9] {2} - [0-9] {4}. Trong trng hp ny bn c
th chn ngu nhin cc ch s t th xung v nhn vo Go. Nhp 1 l bt u v
11 l kt thc yu cu Oracle to ra 11 ch s ngu nhin cho bn. Nhp chut
vo OK. Sau , bn s phi gi mt PL / SQL th tc a vo cc du gch
ngang v tr 4 v 7, do nhp vo tn ca th tc ca bn v bm OK.

Phn II - 35

Bin son: Ng Duy Anh-2010

Enterprise Management Grid Control

(tip theo)

Bc 7: Kch chut vo mc Masking Definitions a

bn tr li mn hnh Masking definitions. Nhp chut vo
Mask to ra job to mt n. To job vi mt tn v chn
cc
c s
d liu
li nii cc
d liu
li nhy
h cm
c tr.
t
Bc 8: Nhp chut vo Add nh ngha ct lm mt n
v thc hin lm mt n nh th no. a vo schema
name v nhp vo biu tng tm kim. Chn ct nhy cm
t danh sch (hoc nhiu ct). Nhp chut vo Define
Format v bm Add.

Phn II - 36

Bin son: Ng Duy Anh-2010

18

Enterprise Management Grid Control

(tip theo)

Bc 9: Kch Import From Library bi v bn to ra cc

dng mt n. Chn nh dng ca bn v bm Import. By
gi bn chn d liu nhy cm lm u v lm mt n
n
nh
h th no
((xem h
hnh
h sau).
) B
Bm Next.
N t

Phn II - 37

Bin son: Ng Duy Anh-2010

Enterprise Management Grid Control

(tip theo)

Bc 10: Kch bn c to ra. Xem li thng tin to ra v bm

Next. Nhp cc thng tin host m kch bn s c lu tr. Nhp
schedule nu job c lp lch hoc chn thc hin ngay. Nhp
chut vo Next.
Next
Bc 11: Oracle to ra cc kch bn v bn c th xem n nh
th hin trong hnh sau. Submit thc hin cng vic to mt n

Phn II - 38

Bin son: Ng Duy Anh-2010

19

Enterprise Management Grid Control

(tip theo)

Bn c th xem li trng thi (v cc li c th) ca vic lm mt

n nh sau:

Phn II - 39

Bin son: Ng Duy Anh-2010

Enterprise Management Grid Control

(tip theo)

V d, nu bn s dng ch s ngu nhin v mt th tc PL/SQL

b sung thm cc du gch ngang, v nu d liu ban u nh
sau:

Phn II - 40

Bin son: Ng Duy Anh-2010

20

Enterprise Management Grid Control

(tip theo)

Kt qu sau khi d liu c lm mt n s nh sau:

Phn II - 41

Bin son: Ng Duy Anh-2010

Data Masking
La chn Data Masking l mt sn phm mi v v th ch c
cc nh dng th s. Vi thi gian cc th vin nh dng
mt n s pht trin v s bo qun c qun l thng k
v
llogic
i
Tuy nhin, c mt tp hp ln cng c ca third-party thc
hin chc nng ny v c mt b hon chnh cc thc hin
v cc nh dng. V d nh Princeton Softech (nay l IBM
Optim), Application, Solix, v HP/Outerbay.

Phn II - 42

Bin son: Ng Duy Anh-2010

21

3 iu cn nh v Lm sch d liu Test

1. Phi dn dp thng tin nhy cm nu mun to ra d liu
th nghim bng cch sao chp d liu thc t t h thng
product.
2. Dn dp d liu l tm
thng, c th
khng ch n gin
thay th d liu vi cc chui ngu nhin hoc s. Phi gi
gn logic ng dng, thng c m ha d liu v phi
bo tn phn b thng k cho cc bi kim tra v tc
thc hin.
3. Nn s dng cc cng c dn dp d liu, s dng gi
data masking l mt phn ca Enterprise Management Grid
Control hoc s dng cc cng c ca bn th ba.

Phn II - 43

Bin son: Ng Duy Anh-2010

Tho lun v chin thut

Phng th chiu su
Tt c cc bo mt thng tin hin i c thnh lp trn 1
khi nim gi l phng th chiu su
Phng th chiu su bao gm nhiu lp bo v lm tng chi ph
ca mt cuc tn
cng vo ni c nhiu
ro cn
Nhiu k thut v nhiu h thng gip gim thiu nhng tc
ng khi mt thnh phn phng th b tn thng hoc ph v
Cung cp cc vng t h thng gim st v xc nh xm
nhp gip ta c c thi gian pht hin v phn cng
Phng th chiu su c xem l chin lc ch kh thi cho
cc
h th
thng th
thng ti
tin
Bo v mi trng Oracle phi tun theo nhng chin lc
Lun nh lun n chnh ca phng th chiu su l khng da
ch vo 1 lp

Phn II - 44

Bin son: Ng Duy Anh-2010

22

Tng Kt

Ni dung tho lun trong phn ny bao gm:

Tng quan cng ha h thng c s d liu
Chn la hng dn cho vic cng ha Oracle
Cng c s dng nh gi im d tn thng (VA
Tools)
C s to v duy tr cu hnh an ton bo mt
Lm sch d liu i vi mi trng th nghim

Phn II - 45

Tho lun: Phng th chiu su

Bin son: Ng Duy Anh-2010

23