Upload
yairr
View
220
Download
0
Embed Size (px)
Citation preview
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 1/42
10Copyright © 2005, Oracle. All rights reserved.
Implementing Oracle Database Security
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 2/42
10-2 Copyright © 2005, Oracle. All rights reserved.
Objectives
After completing this lesson, you should be able todo the following:• Describe your DBA responsibilities for security
• Implement security by applying the principle of least privilege
• Manage default user accounts• Implement standard password security features
• Describe database auditing• Describe Virtual Private Database (VPD)
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 3/42
10-3 Copyright © 2005, Oracle. All rights reserved.
Industry Security Requirements
• Legal: – Sarbanes-Oxley Act (SOX) – Health Information Portability and Accountability
Act (HIPAA) – California Breach Law – UK Data Protection Act
• Auditing
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 4/42
10-4 Copyright © 2005, Oracle. All rights reserved.
Security RequirementsFull Notes Page
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 5/42
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 6/42
10-6 Copyright © 2005, Oracle. All rights reserved.
Database Security
A secure system ensures the confidentiality of the datathat it contains. There are several aspects of security:• Restricting access to data and services
• Authenticating users• Monitoring for suspicious activity
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 7/42
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 8/4210-8 Copyright © 2005, Oracle. All rights reserved.
Principle of Least Privilege
• Install only required software on the machine.• Activate only required services on the machine.• Give OS and database access to only those users
that require access.• Limit access to the root or administrator account.• Limit access to the SYSDBA and SYSOPER
accounts.
• Limit users’ access to only the database objectsrequired to do their jobs.
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 9/4210-9 Copyright © 2005, Oracle. All rights reserved.
REVOKE EXECUTE ON UTL_SMTP, UTL_TCP, UTL_HTTP,UTL_FILE FROM PUBLIC;
O7_DICTIONARY_ACCESSIBILITY=FALSE
REMOTE_OS_AUTHENT=FALSE
Applying the Principle of Least Privilege
• Protect the data dictionary:
• Revoke unnecessary privileges from PUBLIC:
• Restrict the directories accessible by users.• Limit users with administrative privileges.
• Restrict remote database authentication:
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 10/4210-10 Copyright © 2005, Oracle. All rights reserved.
Apply the Principle of Least PrivilegeFull Notes Page
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 11/4210-11 Copyright © 2005, Oracle. All rights reserved.
Managing Default User Accounts
• DBCA expires andlocks all accounts,except: –
SYS – SYSTEM – SYSMAN – DBSNMP
• For a manuallycreated database,lock and expire anyunused accounts.
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 12/42
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 13/4210-13 Copyright © 2005, Oracle. All rights reserved.
Password SecurityFull Notes Page
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 14/4210-14 Copyright © 2005, Oracle. All rights reserved.
Supplied Password Verification Function: VERIFY_FUNCTION
The supplied password verification function enforcesthese password restrictions:• The minimum length is four characters.
• The password cannot be the same as theusername.• The password must have at least one alphabetic,
one numeric, and one special character.• The password must differ from the previous
password by at least three letters.Tip: Use this function as a template to createyour own customized password verification.
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 15/4210-15 Copyright © 2005, Oracle. All rights reserved.
Creating a Password Profile
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 16/4210-16 Copyright © 2005, Oracle. All rights reserved.
Assigning Users to a Password Profile
Select Administration > Schema > Users & Privileges >Users.
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 17/4210-17 Copyright © 2005, Oracle. All rights reserved.
Where We Are
• Comparing security aspects• Applying the principle of least privilege• Managing default user accounts
• Implementing standard password security features• Creating and using password profiles• Auditing• Virtual Private Database (VPD)
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 18/4210-18 Copyright © 2005, Oracle. All rights reserved.
Monitoring for Suspicious Activity
Monitoring or auditing must be an integral part of your security procedures. Review the following:• Mandatory auditing
• Standard database auditing• Value-based auditing• Fine-grained auditing (FGA)• DBA auditing
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 19/4210-19 Copyright © 2005, Oracle. All rights reserved.
Enterprise Manager Audit Page
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 20/4210-20 Copyright © 2005, Oracle. All rights reserved.
Audit trail
Parameter file
(2) Specify audit options.
Generateaudit trail.
(3) Review auditinformation.
(4) Maintain audit trail.
Standard Database Auditing
DBA User
(1) Enabledatabaseauditing.
executescommand.
Database
OS or XMLaudittrail
Auditoptions
Server process
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 21/42
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 22/4210-22 Copyright © 2005, Oracle. All rights reserved.
Enhanced Enterprise User Auditing
Standard audit
USERNAMEGLOBAL_UID
Fine-grained audit
DB_USER GLOBAL_UID
Standard audit
USERNAME
Fine-grained audit
DB_USER
Exclusive schema Shared schema
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 23/4210-23 Copyright © 2005, Oracle. All rights reserved.
Value-Based Auditing
User’s changeis made.
Trigger fires. Audit record iscreated by the trigger.
And it is inserted intoan audit trail table.
A user makes achange.
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 24/42
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 25/4210-25 Copyright © 2005, Oracle. All rights reserved.
Fine-Grained Auditing
• Monitors data access on the basis of content• Audits SELECT, INSERT , UPDATE, DELETE, and
MERGE
• Can be linked to a table or view, to one or morecolumns• May fire a procedure• Is administered with the DBMS_FGA package
employees
Policy: AUDIT_EMPS_SALARY
SELECT name, salaryFROM employeesWHERE
department_id = 10;
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 26/42
10-26 Copyright © 2005, Oracle. All rights reserved.
FGA Policy
dbms_fga.add_policy (object_schema => 'HR',object_name => 'EMPLOYEES',policy_name => 'audit_emps_salary',audit_condition=> 'department_id=10',audit_column => 'SALARY',handler_schema => 'secure',handler_module => 'log_emps_salary',enable => TRUE,statement_types => 'SELECT' );
SELECT name, job_id
FROM employees;
SELECT name, salaryFROM employeesWHERE
department_id = 10;
SECURE.LOG_ EMPS_SALARY
employees
• Defines: – Audit criteria – Audit action
• Is created withDBMS_FGA.ADD_POLICY
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 27/42
10-27 Copyright © 2005, Oracle. All rights reserved.
FGA PolicyFull Notes Page
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 28/42
10-28 Copyright © 2005, Oracle. All rights reserved.
Audited DML Statement: Considerations
• Records are audited if FGA predicate is satisfiedand relevant columns are referenced.
• DELETEstatements are audited regardless of anyspecified columns.
• MERGEstatements are audited with the underlyingINSERT or UPDATEgenerated statements.
UPDATE hr.employeesSET salary = 10
WHERE commission_pct = 90;UPDATE hr.employeesSET salary = 10
WHERE employee_id = 111;
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 29/42
10-29 Copyright © 2005, Oracle. All rights reserved.
FGA Guidelines
• To audit all statements, use a null condition.• Policy names must be unique.• The audited table or view must already exist when
you create the policy.• If the audit condition syntax is invalid, an ORA-
28112 error is raised when the audited object isaccessed.
• If the audited column does not exist in the table,no rows are audited.
• If the event handler does not exist, no error isreturned and the audit record is still created.
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 30/42
10-30 Copyright © 2005, Oracle. All rights reserved.
DBA Auditing
Users with the SYSDBA or SYSOPER privileges canconnect when the database is closed:• Audit trail must be stored outside the database.• Connecting as
SYSDBA or
SYSOPER is always
audited.• Enable additional auditing of SYSDBA or SYSOPER
actions with audit_sys_operations .• Control audit trail with audit_file_dest .
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 31/42
10-31 Copyright © 2005, Oracle. All rights reserved.
Maintaining the Audit Trail
The audit trail should be maintained. Follow bestpractice guidelines:• Review and store old records
• Prevent storage problems• Avoid loss of records
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 32/42
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 33/42
10-33 Copyright © 2005, Oracle. All rights reserved.
Where We Are
• Comparing security aspects• Applying the principle of least privilege• Managing default user accounts• Implementing standard password security features• Describing auditing:
– Mandatory auditing – Standard database auditing – Value-based auditing
– Fine-grained auditing – DBA auditing
• Virtual Private Database (VPD)
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 34/42
10-34 Copyright © 2005, Oracle. All rights reserved.
Virtual Private Database: Overview
• Virtual Private Database (VPD) consists of: – Fine-grained access control – Secure application context
• VPD uses policies to add conditions to SQLstatements that protect sensitive data.• VPD provides row-level access control.• Application attributes defined inside an
application context are used by fine-grainedaccess policies.
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 35/42
10-35 Copyright © 2005, Oracle. All rights reserved.
VPD Example
Business rule: Employees outside the HR departmentare only allowed to see their own EMPLOYEESrecord.A salesman enters the following query:
SELECT * FROM EMPLOYEES;The function implementing the security policy returnsthe predicate employee_id= 'my_emp_id' and thedatabase rewrites the query and executes thefollowing:
SELECT * FROM EMPLOYEES WHERE employee_id= 'my_emp_id‘;
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 36/42
10-36 Copyright © 2005, Oracle. All rights reserved.
Creating a Column-Level Policy
BEGINdbms_rls.add_policy(object_schema => 'hr',
object_name => 'employees',
policy_name => 'hr_policy',function_schema =>'hr',policy_function => 'hrsec',statement_types =>'select,insert',
sec_relevant_cols =>'salary,commission_pct');
END;/
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 37/42
10-37 Copyright © 2005, Oracle. All rights reserved.
Column-Level VPD: Example
• Statements are not always rewritten.• Consider a policy protecting the SALARYand
COMMISSION_PCTcolumns of the EMPLOYEES table. The fine-grained access control is: – Not enforced for this query:
– Enforced for these queries:
SQL> SELECT last_name, salary2 FROM employees;
SQL> SELECT last_name FROM employees;
SQL> SELECT * FROM employees;
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 38/42
10-38 Copyright © 2005, Oracle. All rights reserved.
Security Updates
• Oracle posts security alerts on the OracleTechnology Network Web site at:http://www.oracle.com/technology/deploy/security/alerts.htm
• Oracle database administrators and developerscan also subscribe to be notified about criticalsecurity alerts via e-mail by clicking the“Subscribe to Security Alerts Here” link.
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 39/42
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 40/42
10-40 Copyright © 2005, Oracle. All rights reserved.
Summary
In this lesson, you should have learned how to:• Describe your DBA responsibilities for security• Apply the principle of least privilege
• Manage default user accounts• Implement standard password security features• Describe database auditing• Describe Virtual Private Database (VPD)
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 41/42
10-41 Copyright © 2005, Oracle. All rights reserved.
Practice Overview:Implementing Oracle Database Security
This practice covers the following topics:• Expiring passwords every 60 days• Locking accounts after a grace period of 10 days
• Not allowing the reuse of passwords for 1,800 days• Forcing accounts to lock for 10 minutes after four
failed login attempts
8/14/2019 Less10 Security Mb
http://slidepdf.com/reader/full/less10-security-mb 42/42
Full Notes Page