SECURITY IN ORACLE

ORACLE SECURITY
SOLUTIONS

 Oracle Audit Vault

 Oracle Virtual Private Database
 Information Rights Management
 Oracle Advance Security
 ORACLE AUDIT VAULT
 Oracle Audit Vault enables the businesses to
address a key security problem remaining
today by protecting against the inside security
threats by monitoring their activities and
satisfying auditing requirements for
compliances.
 WHAT IS AUDIT VAULT?
 It collect, protect and monitor audit data through
consolidation.
 Access to Oracle Audit Vault is only allowed for the new
pre defined roles such as Audit Vault Administrator, Audit
Analyst, Auditor and Audit Achiever. All other users
including DBA are denied access to the audit data.
 Oracle Audit Vault provide a web interface to efficiently
collect, manage, alter and report on enterprise wide audit
information and user activities.
 It provide built-in reports based on user access and activity
such as failed login attempts, use of system privileges, and
changes to database structures.
 CONTINUE…
 Oracle Audit Vault helps organizations increase security by
automating the consolidation of audit data into a secure
and scalable repository.
 With the help of audit vault, the auditors can to analyze the
audit log data.
 It provide full visibility into the details of the what, where,
when, who of the audit events
 It consolidate the audit data across all systems into a single
audit data warehouse that is secure, scalable, reliable and
highly available.
AUDIT VAULT WORK FLOW
CONTINUE…
 Oracle Audit Vault solves the security and audit problems
by
 Consolidating audit information from multiple systems across
the enterprise.
 Detecting the data changes associated with regular and
privileged users.
 Protecting the audit data from modifications.
 CONTINUE…
 It can monitor and detect changes by privileged users.
 It provide valuable insight into who did what to which data
when.
 It provide the capability to detect, monitor, report the
history of privileged user changes, schema modification
and data level access.
 Audit policies and settings can be defined and managed by
the Oracle Audit Vault for the auditors sources throughout
the enterprise.
 ORACLE AUDIT VAULT REPORTS

 Privileged user activity

 Access to sensitive data
 Role grants
 DDL activity
 Login/logout
 User-defined reports
 What privileged users did on the financial
database?
 What user ‘A’ did across multiple databases?
 Who accessed sensitive data?
ORACLE VIRTUAL PRIVATE
DATABASE
 Virtual Private Databases (VPD) allow multiple users
to access a single schema and also preventing them
from accessing data that is not relevant to them.
 VPD enables you to enforce security, directly on tables,
views.
 It is referred to as Oracle Row-Level Security which
allows to define which rows users can access.
 WHY VPD?
 Scalability
 Table Customers contains 1,000 customer records. Suppose we
want customers to access their own records only. Using views, we
need to create 1,000 views. Using VPD, it can be done with a
single policy function.
 Simplicity
 A table T and many views are based on T. Suppose we want to
restrict access to some information in T. Without VPD, all view
definitions have to be changed. Using VPD, it can be done by
attaching a policy function to T; as the policy is enforced in T, the
policy is also enforced for all the views that are based on T.
 Security
 Server-enforced security
 Cannot be bypassed.
IRM
LIMITATIONS OF PERIMETER SECURITY
CONTENT DOES NOT STAY WITHIN ACCESS-CONTROLLED
PERIMETERS

E-mail
File system

SharePoint

Intranet/
Extranet
Content
Management
SECURE AND TRACK INFORMATION BEYOND THE
REPOSITORY

 Encryption places an access-controlled perimeter around the

information itself (documents, e-mails and web pages)
 Only authorized users can open, print and/or modify it
 All access to “sealed” information is centrally audited and reported
 Access to remotely stored information can be centrally revoked
 Documents digitally signed to be tamper-proof
 Provides Consistent security for user access
 Control and monitoring does not stop at the firewall !

Email

Content
Management
Oracle
Storage IRM
Area Server
Network
Collaborative
Workspace
Web
 IRM SUMMARY
Oracle IRM delivers:
 Security
 Documents and emails are secured – no matter how many copies are created
or where they go
 Usage is audited and access can always be revoked – even for copies that
leave your organization
 Usability
 As easy to use as unprotected documents and emails
 Seamless extension of familiar tools:
Word, PowerPoint, Excel, Outlook, Explorer, Adobe…
 Manageability
 policy-based control of thousands of documents and emails
 Secured Repository
ADVANCE DATA SECURITY
 Transparent Data Encryption enables you to encrypt sensitive data
 There are two types of TDE
- Tablespace Encryption
- Column Encryption
 Oracle Wallet Policy
 Encryption standards RC4, DES, 3DES, AES.MD5
TDE COLUMN ENCRYPTION
TABLESPACE ENCRYPTION
WHAT IS ORACLE WALLET?
 Wallet is a Oracle object which keeps the record of
Master key for the entire database and all other digital
certificates used by the database for encryption purpose.
The Walled kept outside the database software and has a
different password then DBA system password.
 Wallet password is separate from
System or DBA password
No access
to wallet

DBA starts up
Database

Security DBA opens wallet

containing master key
Thank You...