SECURITY STRATEGY FOR oracle database environment

Executive Summary
Data security has become a top priority for organizations due to the increasing number of internal
and external attacks on data repositories of business applications. As a result, majority of the
organizations are paying attention in taking stronger steps to protect their data. Meanwhile there
are some organizations that are not yet strong with a database security strategy to defend from
externally or internally originated attacks to track sensitive data. Use of detective controls over
preventive measures is also a trending concept popular among organizations although it is highly
vulnerable. Based on the recent studies, it is found that the organizations are more confident in
defending attacks when they have implemented an integrated and comprehensive security
strategy and solution including preventive measures in it.

1. Types of Security Threats

Database security has become an essential necessity to the database environment due to
various reasons including unauthorized attempts to access or modify data, accidental data
losses and undue delays in accessing or using data.

Oracle Database Environment also face threats in privacy and integrity of data due to
unauthorized users both internal and external. The most significant types of security threats
are as follows.

1. Tampering of data
2. Data Theft and Eavesdropping
3. User Identity Falsification
4. Unauthorized Access to Tables and Columns
5. Unauthorized Access to Data Records
6. Lack of Accountability
7. Complex User Management Requirements
1.1. Tampering of Data
Data in a network transit can be interrupted by a malicious, unauthorized third party and
parts of data might subject to changes before transmission causing data tampering.

1.2. Data Theft and Eavesdropping

When data are transmitted over a WAN or Internet, both private network owners and
public carriers route parts of their network through insecure and vulnerable lines. Since
data are open for any interested party during this situation, eavesdrops can be installed
on network traffic by network sniffers and usernames and passwords can also be found
and stolen by packet sniffers.

1.3. Falsifying User Identities

User identities can be falsified in distributed environment for obtaining access to sensitive
and critical information in databases. Thus, database connections can be hijacked too.
Within networked environment, identity theft can also be taken place for criminal
attempts such as stealing personal data, bank account or credit card details.
Nonrepudiation can be taken place when hackers steal digital signatures to gain
unwanted advantage.

1.4. Unauthorized Access to Tables and Columns

Database contains many tables which will include tables required by different groups of
users. There should be authorization provided using access privileges for confidential
tables and/or confidential columns of tables, to overcome unauthorized access.

1.5. Unauthorized Access to Data Records

Tables might contain confidential records that must be kept confidential even from
authorized users and provide granular access control can be used to build up record wise
confidentiality. To accomplish this, database development should support different
security policies.
 1.6. Lack of Accountability
Having lack of records about users’ activities on the database generate lack of
accountability over database transactions. Therefore, a reliable method should be
implemented to monitor users’ operations on database.

1.7. Complex User Management Requirements

Handling thousands of users is challenging. Therefore, user managing accounts and
passwords in large scale environments makes the database system vulnerable to both
attacks and errors.

2. Security Measures to Safeguard Oracle Database Environment

Protection, security and privacy of information of an organization is a crucial asset for it.
Information security is comprehensively addressed by Oracle Database by providing security
measures such as secure hosting, scalable security, data exchange, deep data protection and
auditing. Imperative security measures mentioned below make the Oracle database well
protected.

1. Security Patches and Contacting Oracle Regarding Vulnerabilities

2. Securing User Accounts and Privileges
3. Securing Roles
4. Securing Passwords
5. Securing Data
6. Securing a Database Installation and Configuration
7. Securing the Network
8. Auditing
9. Addressing the CONNECT Role Change
2.1 Security Patches and Contacting Oracle Regarding Vulnerabilities
Suitable security patches for the Oracle Database, OS which Oracle Database installed on
and for the Oracle Database options and components should be applied. They are
released by Oracle Technology Network.

2.2 Securing User Accounts and Privileges

The steps to be followed for securing user accounts and privileges are as follows.

i. Practice the principle of least privilege.

ii. Keep default user accounts locked and expired.
iii. Use views to guarantee that access is granted.
iv. Monitor the granting privileges only to authorized users.
v. Revoke access.
vi. Grant privileges only to roles.
vii. Limit the proxy account privileges.
viii. Protect application code enabled roles with the use of secure application roles.
ix. Discourage users from using the NOLOGGING clause in SQL statements.

2.3 Securing Roles

The steps to be followed for securing roles are as follows.

i. Grant a role to users when they need all privileges of the role only.
ii. No user roles are granted to application developers.
iii. Create and assign roles specific to each Oracle Database installation.
iv. Create global roles for enterprise users.

2.4 Securing Passwords

The steps to be followed for securing passwords are as follows.

i. Choose passwords carefully.

ii. Ensure that the password is sufficiently complex.
iii. Modify default user passwords and administrative passwords.
iv. Enforce password management.
v. No user passwords are stored in Oracle tables without encryption.
2.5 Securing Data
The steps to be followed for securing data are as follows.

i. Enabling data dictionary protection.

ii. Restricting operating system access.
iii. Encrypting sensitive data and backup media with database files.

2.6 Securing Database Installation and Configuration

The steps to be followed for securing database installation and configuration are as
follows.

i. Ensure that the Oracle owner account umask value is 022.

ii. Install Oracle Database on UNIX systems.
iii. During installation, when you are prompted for a password, create a secure
password.
iv. Lock and expire default user accounts after installation.

2.7 Securing Network

The steps to be followed for securing network are as follows.

i. Secure the client connection

ii. Secure the network connection
iii. Secure a secure sockets layer connection

2.8 Auditing
The steps to be followed for auditing are as follows.

i. Audit Sensitive Information

ii. Enable Default Auditing of SQL Statements and Privileges
iii. Keep Audited Information Manageable
iv. Audit Typical Database Activity
v. Audit Suspicious Database Activity
2.9 Addressing the CONNECT Role Change
The approaches to be followed to address the CONNECT role change are as follows.

Approach 1: New Database Role Creation

Approach 2: Restore CONNECT Privileges
Approach 3: Conducting Least Privilege Analysis

Figure 1 Security Measures to Safeguard Oracle Database Environment (Docs.oracle.com, 2019)

3. Security Strategy for Help desk Database

3.1. Stored Data Protection

Any sensitive customer data stored and handled by the organization must always be
secured against unauthorized use. Thus, any sensitive data that are not required for any
business purpose related to the organization must be securely and irrecoverably
discarded.

Organizations are not authorized to store:

1. Any kind of personal data.

2. Data which violate the general rules and regulations.
3. Data that are restricted by any policy in the company.

3.2. Information Classification

Data that are stored in databases are classified as follows.

• Confidential data are including information assets such as customer data which would
cause damage to the organization if disclosed or modified.

• Internal Use data which should be protected from unauthorized disclosure.

• Public data which can be freely shared.

3.3. Managing User Privileges and Roles

There are 4 users.
1. Help Desk Operator
2. Specialist
3. Help Desk Manager
4. System Admin
▪ Role based access control should be followed by assigning user privileges to user roles
based on job classification and job responsibilities.
▪ Sensitive data such as business data, personal information and customer information
access is provided only to employees who require them for job responsibilities.
 ▪ Employees who do not have a business need are not granted access for confidential
data.
3.4. Data Security Policy
Data security policy defines access control mechanisms to database at the object level.
User are granted access privileges for specific action types on specific schema objects.
▪ User Help Desk Operator are privileged to perform SELECT, INSERT and
UPDATE statements but not DELETE statements on the Problem,
ProblemFollowUp and Solution tables.
▪ User Specialist are privileged to perform SELECT, INSERT and UPDATE statements
but not DELETE statements using the Solution tables.
▪ User Help Desk Manager are privileged to perform SELECT, INSERT and
UPDATE statements but not DELETE statements on the Problem,
ProblemFollowUp, ProblemType, ProblemTypeCategory and Solution tables.
▪ User Help Desk Manager are privileged to perform SELECT statements but
not INSERT, UPDATE and DELETE statements on the Personnel, Equipment and
Software tables.
▪ User System Admin are privileged to perform SELECT, INSERT, UPDATE and
DELETE statements on any table.
 BACKUP STRATEGY

1. Database Failures .................................................................................................................. 10

1.1. Soft Failures ........................................................................................................................ 10

1.2. Hard Failures ...................................................................................................................... 10

1.3. Network Failures ................................................................................................................ 10

2. Significance of a Backup Strategy .......................................................................................... 11

3. Backup/ Recovery Types ........................................................................................................ 11

4.1. Full Backup ...................................................................................................................... 11

4.2. Differential Backup ......................................................................................................... 11

4.3. Shadow Writing .............................................................................................................. 12

4.4. Mirroring ......................................................................................................................... 12

4.5. Fallback areas ................................................................................................................. 12

4.6. Restore/rerun ................................................................................................................. 13

4. Backup Strategy ..................................................................................................................... 13

4.1. Backup Method .............................................................................................................. 14

4.2. Reasons to Select Differential Backup Method and Expected Advantages ................... 14

4.3. Disadvantages of Differential Backup ............................................................................ 14

References
15
1. Database Failures

A database is susceptible for several database failures under few categories. Distributed
database systems can be mainly vulnerable for database failure types such as soft failures,
hard failures and network failures.

Failures occur under each category are as follows.

1.1. Soft Failures

1 OS failure
2 Crash of main memory crash
3 Failures in transactions
4 System generated errors
5 Supporting software failure

1.2. Hard Failures

1 Failures of power
2 Media faults
3 Malfunctional behavior in reading and writing
4 Disk corruptions
5 Crash of disk read/write head

1.3. Network Failures

1 Communication link failures

2 Network congestion
3 Information corruption during transfer
4 Site failures
5 Network partitioning
2. Significance of a Backup Strategy

Database backups are used to recover data prior from to corruption or data deletion. It
provides a mode for disaster recovery. Implementing a data backup strategy is significant in
conducting effective database backup.

Significance of backup data and files are as follows.

1. There are constantly evolving and malicious threats

2. Serious and massive economic losses can be taken place
3. Maintain trust and reputation
4. Popular and heavy use of big data is databases
5. Endpoints are increasing in businesses.
6. Data enablement via smarter secondary data work

A regular data backup strategy considers on main backup types as below.

3. Backup/ Recovery Types

4.1. Full Backup

Full backup takes a backup of all data in database. Data items for backup will not be
drastically different from previous backups. As a result, conducting full backup is easier.
Meanwhile, it consumes more time for execution as a relatively larger backup is taken
place. There are practical issues taken place due to the capacity of the backup. It will also
result gaps between full backups taken.

4.2. Differential Backup

Taking a backup of the changed content since last full backup is called differential backup.
This is much easier and quick backup method to be followed immediately after a full
backup. This is an ideal method for taking daily backups. The size of the differential backup
increases when the time since full backup increases.
4.3. Shadow Writing

A shadow database is used to update transactions in the duplicate copy of the database
too. When the transaction is completed, a DB pointer is created to point to the shadow
database making it the latest copy of the database and old copy will be deleted later.
Writing on a shadow database can achieve atomicity and durability of a database. In an
emergency situation, when a database transaction is not completed, database pointer
will remain directing to the old copy of the database and shadow copy will be removed.

4.4. Mirroring

Database mirroring is used to increase database availability. It can be implemented on

the basis of per-database and only with databases using the full backup model. Any
supported database adhering to compatibility level can use mirroring technique.

Mirroring is not supported by bulk-logged and simple recovery models. Thus, master,
model, msdb or tempdb databases cannot be mirrored.

Two copies of a database are maintained during mirroring, and they must be stored on
different server instances. Out of them acts as the principal server, serving the database
to clients while the second acts as the mirror server depending on the mirroring session
status and configuration. Once, database mirroring session is synchronized, a hot standby
server is provided supporting rapid failover without a loss of data from committed
transactions. The mirror server is available as a warm standby server with possible data
losses when the session is not synchronized.

4.5. Fallback areas

Fallback strategy is a simple method. During the upgrade, user data are not even touched.
Hence, all user data tablespaces are made read-only and keep only in read-write access.
An offline backup of the core database is done before invoking the upgrade. The benefit
of it is to quickly restore the files to the offline backup in an emergency during upgrade.
The steps followed in fallback strategy are:
 Step 1 – Take USER DATA tablespaces read-only

Step 2 – Copy / backup the files

4.6. Restore/rerun

During restore/rerun method, daily transactions are reprocessed up to the failure point.
The latest database backup copy will be mounted. Then the system log is consulted and all
transaction since the copy will be rerun. The method is simple and does not need a special
restart procedure. More time is consumed for transaction reprocessing. This approach will
be impractical with complex database having more transactions as it is impossible to rerun
all lost transactions and new transactions concurrently. This drawback can cause problems
during time critical transactions.

4. Backup Strategy

The steps followed in preparation of backup strategy.

1 Understand system requirements.

2 Understand how often the backup should run.
3 Define Recovery point objective (RPO), describing the tolerable amount of data loss in
a major incident.
4 Define how often to perform a backup and how often ship them offsite.
5 Determine the size of the backup.
6 Select the backup method considering above facts, hardware, software, compatibility,
scalability, usability, support and centralized administration.
7 Maintain a documented backup policy.
4.1. Backup Method

The backup method referred to Helpdesk System is Differential Backup.

4.2. Reasons to Select Differential Backup Method and Expected Advantages

1 Faster restoring process than incremental backup as only the immediate last full
backup and latest differential is required.
2 Faster backing up than full back up as only modified files are needed.
3 Less storage space required.
4 Retention of multiple versions of same files are allowed.

4.3. Disadvantages of Differential Backup

1 Availability of initial full backup is essential for differential backups.

2 Recovery requires a full backup and all differential backups.
3 Recovery is incomplete if either one of the backups fail.
4 Restoring a specific file consumes more time as it should be located differential or
full backup sets.
References

[1]"Why backups are important", Pluralsight.com, 2019. [Online]. Available:

https://www.pluralsight.com/blog/software-development/data-backups-important.
[Accessed: 27- Dec- 2019].

[2]"Types Of Database Backups | SolarWinds MSP", Solarwindsmsp.com, 2019. [Online].

Available: https://www.solarwindsmsp.com/content/types-of-database-backups.
[Accessed: 26- Dec- 2019].

[3]"How To Backup A Mirrored Database Using SQL Agent", C-sharpcorner.com, 2019. [Online].
Available: https://www.c-sharpcorner.com/article/how-to-backing-up-a-mirrored-
database-using-sql-agent/. [Accessed: 26- Dec- 2019].

[4]"Top 7 Reasons Why It is Important to Backup Your Files from cyber attacks", ZNetLive Blog -
A Guide to Domains, Web Hosting & Cloud Computing, 2019. [Online]. Available:
https://www.znetlive.com/blog/top-7-reasons-why-it-is-important-to-backup-your-files-
in-todays-age-of-cyberthreats/. [Accessed: 26- Dec- 2019].

[5]"Backup and Recovery - Recovery Procedures", Dlsweb.rmit.edu.au, 2019. [Online]. Available:

https://www.dlsweb.rmit.edu.au/Toolbox/knowmang/content/backup/recovery.htm.
[Accessed: 26- Dec- 2019].

[6]"Is there a FALLBACK strategy?", Upgrade your Database - NOW!, 2019. [Online]. Available:
https://mikedietrichde.com/2009/08/19/is-there-a-fallback-strategy/. [Accessed: 27-
Dec- 2019].

[7]"Fallback Strategy: Partial Offline Backup", Upgrade your Database - NOW!, 2019. [Online].
Available: https://mikedietrichde.com/2018/07/17/fallback-strategy-partial-offline-
backup/. [Accessed: 27- Dec- 2019].

[8]"▶ Shadow Database in DBMS - Shadow Database in SQL", Tutorialcup.com, 2019. [Online].
Available: https://www.tutorialcup.com/dbms/shadow-database.htm. [Accessed: 27-
Dec- 2019].
[9]"Distributed DBMS - Failure & Commit - Tutorialspoint", Tutorialspoint.com, 2019. [Online].
Available:
https://www.tutorialspoint.com/distributed_dbms/distributed_dbms_failure_commit.h
tm. [Accessed: 27- Dec- 2019].

[10]"Database Systems: Concepts, Design and Applications", O’Reilly | Safari, 2019. [Online].
Available: https://www.oreilly.com/library/view/database-systems-
concepts/9788177585674/9788177585674_ch13lev1sec3.html. [Accessed: 27- Dec-
2019].

[11]"Acronis", Acronis.com, 2019. [Online]. Available: https://www.acronis.com/en-

us/blog/posts/tips-tricks-better-business-backup-and-recovery-world-backup-day.
[Accessed: 27- Dec- 2019].

[12]"Differential backup - Backup4all", Backup4all.com, 2019. [Online]. Available:

https://www.backup4all.com/differential-backup-kb.html. [Accessed: 27- Dec- 2019].

[13]A. IB, "Differential Backup", Getrevising.co.uk, 2019. [Online]. Available:

https://getrevising.co.uk/grids/differential-backup. [Accessed: 27- Dec- 2019].

[14]E. Staff, "Backup Types: Full, Incremental, Differential | Pros & Cons", Enterprise Features,
2019. [Online]. Available: http://www.enterprisefeatures.com/backup-types-full-
incremental-differential/. [Accessed: 27- Dec- 2019].