Professional Documents
Culture Documents
Miller Auditing
Miller Auditing
Miller Auditing
Mike Miller
Chief Security Officer
Integrigy Corporation
Agenda
1 2 3 4
Oracle Q&A
Auditing
About Integrigy
Products Services
Verify
Security Security Assessments
AppSentry
Validates
Oracle EBS, Apex, OBIEE, Databases,
Security
Sensitive Data, Penetration Testing
ERP Application and Database
Security Auditing Tool Ensure
Compliance
Compliance Assistance
SOX, PCI, HIPAA
AppDefend
Protects
Oracle EBS
Build
Enterprise Application Firewall
for the Oracle E-Business Suite
Security Security Design Services
Auditing, Encryption, DMZ
You
Agenda
1 2 3 4
Oracle Q&A
Auditing
Questions To Start
Encryption Solution
Data Encryption Process
Requirements Selection and Implement
Encryption
Planning Implementation On-going
Auditing and Logging
Ignored Used
1 2 3 4
Oracle Q&A
Auditing
First Point – Is There Impact on Performance?
DBMS_FGA.add_policy
Auditing
AUDIT_FILE_DEST dir
DB
AUDIT_TRAIL
AUD$ table
Native
Standard OS/XML
4 Auditing
AUDIT_FILE_DEST dir
AUDIT_SYSLOG_LEVEL
SYS Syslog
3
Privileged
Auditing AUDIT_SYS_OPERATIONS
Type of auditing and logging Audit and logging parameters Location of audit data
System Operations Auditing
Database
OS
User
Name
Schema
Name
User
Name
Machine/
IP
Address
Terminal
User
host
Database
OS
User
Name
Schema
Name
User
Name
Machine/
IP
Address
Terminal
User
host
§ V$DIAG_ALERT_EXT
-‐ Database view shows both the Alert and Listener Logs
Other Audit Logs
DBMS_FGA.add_policy
Auditing AUDIT_FILE_DEST
dir
Unified
DB Audit
AUDIT_TRAIL AUD$ table
SYS.UNIFIED_
AUDIT_TRAIL
Native
Standard OS/XML
4 Auditing
AUDIT_FILE_DEST
dir
AUDIT_SYSLOG_LEVEL
Syslog
SYS
3
Privileged
Auditing AUDIT_SYS_OPERATIONS
Type of auditing and logging Audit and logging parameters Location of audit data
Oracle 12c Database Auditing - Pure
Fine Grained
5
Fine
DBMS_FGA.add_policy
Auditing
Unified Audit
Native
Standard
4 Auditing Unified Audit
SYS.UNIFIED_AUDIT_TRAIL
Policies
SYS
3
Privileged
Auditing
Type of auditing and logging Audit and logging parameters Location of audit data
SYS.UNIFIED_AUDIT_TRAIL IS A VIEW
Number of
Column Description*
Columns
Standard auditing including SYS audit records 44
Real Application Security (RAS) and RAS auditing 17
Oracle Label Security 14
Oracle Data Pump 2
Fine grained audit (FGA) 1
Data Vault (DV) 10
Oracle RMAN 5
SQL*Loader Direct Load 1
Total 94
*Key column is AUDIT_TYPE
New Unified Audit Policy Based Syntax
1 2 3 4
Oracle Q&A
Auditing
Database Auditing Effort by Task
Effort
Monitoring,
Alerting,
80%
Reporting,
Reviewing
Database Application
1 – Vendor Defaults
0 - Not Performed
Modify authentication
User SYSADMIN E4
E1, E11 configurations to database E12 Turning off AuditTrail
successful logins
Modify authentication
Generic seeded E4 configurations to Oracle E- Turning Page Access
E1, E11 application account E12
Business Suite Tracking off
logins
Use The Oracle Client Identifier to Track DBAs
As of Release 12, the Oracle E-Business Suite automatically sets and updates
CLIENT_IDENTIFIER to the FND_USER.USERNAME of the user logged on. Prior to Release
Oracle
12, follow Support Note
E-Business Suite How to add DBMS_SESSION.SET_IDENTIFIER(FND_GLOBAL.USER_NAME) to
FND_GLOBAL.APPS_INITIALIZE procedure (Doc ID 1130254.1)
Starting with PeopleTools 8.50, the PSOPRID is now additionally set in the Oracle
PeopleSoft
database CLIENT_IDENTIFIER attribute.
SAP With SAP version 7.10 above, the SAP user name is stored in the CLIENT_IDENTIFIER.
To pass the middle-tier username, edit the RPD connection pool settings and create a
OBIEE new connection script to run at connect time. Add the following line to the connect
script: CALL DBMS_SESSION.SET_IDENTIFIER('VALUEOF(NQ_SESSION.USER)’)
*Note: Client Identifier is passed to the audit trail. When connection pools are used will only see for active sessions.
Agenda
1 2 3 4
Oracle Q&A
Auditing
Integrigy Oracle Whitepapers
This presentation is based on our
Auditing and Logging whitepapers
available for download at –
http://www.integrigy.com/security-resources
Contact Information
web: www.integrigy.com
Michael Miller
e-mail: mmiller@integrigy.com
Chief Security Officer
blog: integrigy.com/oracle-security-blog
Integrigy Corporation
youtube: youtube.com/integrigy