Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Copyright*©*2014*Oracle*and/or*its*affiliates.*All*rights*reserved.**|*
ö転UŲũ�¥û;ŗ*Ů'ĔÉ'nŏśöè»m��ƒŜŽƧìh!
Oracle*Confiden?al*–*Internal/Restricted/Highly*Restricted*
Presented*with*
Copyright*©*2014*Oracle*and/or*its*affiliates.*All*rights*reserved.**|*
þń�[§*
ó½Ů'öè�öè»Qáıį*
Oracleªöè�ö転UŲũķIJŵ*
Ň~ó½Ů'ö転UŲũķ¥Øúė*
ÎřF*Ćôķöè�ö転U�ŽƧìhùËƋ*
1!
2!
3!
4!
Oracle*Confiden?al*–*Internal/Restricted/Highly*Restricted* 2*
Copyright*©*2014*Oracle*and/or*its*affiliates.*All*rights*reserved.**|*
<¢U4@Ľó½Ů'Ʊ+ķæØ��x·ZŢƢ]ƴė�
Copyright*©*2014*Oracle*and/or*its*affiliates.*All*rights*reserved.**|*
<¢U4@Ľó½Ů'Ʊ+ķæØ��xx·ŭ�ƕD9�ė�
Copyright*©*2014*Oracle*and/or*its*affiliates.*All*rights*reserved.**|*
�ŀżû¢U-ăƛƖ¼ķʼnĵ�ƩĪ�ʼnĵƟŠ$~IJ�
-ċÂ{>�(Ơħ_ĩĥĻ6RAWŏ�
ġĆbaDMZ
ƩĪ� �üƋ�
ŝ1ŐÌ�¼Jŏ�ċh�
ã}ĴÙ�
��������
� s��ƞ�������������ň�
=IJćn��
[ƞ������������������� ļŒĴÙ�
�·°Ʊ�
������
ćn�� �·ĴÙ�
������
ćn�� �·ĴÙ�
������
ƥŮ×X¡ƞƦĴÙ�
&Ŕ�&Ŕ�
Ş#ŘkĴÙ�
��������
�������
�Ƣĸŋŏś�
ã}ĴÙ�
ġĆ£÷ķ¢Uĩĥ�ƵƭſGċh�
ġĆżŠŞW°ķƩĶğ�
ĴÙtIĭƩĶğ$IJÓ�
ġĆ¢UŋIJh¾� ġĆªƠűķż
�ƔŮ¢Um��
ªò`Ů,�ÑÔïL$ť�vÿwı�
Copyright*©*2014*Oracle*and/or*its*affiliates.*All*rights*reserved.**|*
śŷŲÇ�
2001
2006
2011
2013
ƈƑ78%ķõÕöè �öè»)!
Source: "Effective Data Leak Prevention Programs: Start by Protecting Data at the Source — Your Databases", IDC, August 2012
Source: “Verizon Business 2012 Data Breach Investigations Report”, Verizon, June 2012
98% ķõÕöèŪxķŮ,�ƘÅĂöè»ćn�
Copyright*©*2014*Oracle*and/or*its*affiliates.*All*rights*reserved.**|*
69: !����'1���!
• ŞŚ¢UJŏ�Ł@¢UJŏ¶Ř¿Ņ���• L,¢U-Jķöè¢UJŏƓġĆ¿Ņ��• -ŋƴ¬¶ŘÔƀgöè¢UķƠűÍ��• öèQá�'nĜ¹ƒŮĂ-J¢U¿żķĔÉ��
�1������� ���2�� �� ������ ���3�� ����� ���4��� ���� ��
�
���������� ��
� �������-����#$�*�!��� *���� ��!� ���������,��!��).�� ��"%(�����'�������!����+&�!��
Ů'¢U-JĖđ�
Copyright*©*2014*Oracle*and/or*its*affiliates.*All*rights*reserved.**|*
þń�[§*
ó½Ů'öè�öè»Qáıį*
Oracleªöè�ö転UŲũķIJŵ*
Ň~ó½Ů'ö転UŲũķ¥Øúė*
ÎřF*Ćôķöè�ö転U�ŽƧìhùËƋ*
1!
2!
3!
4!
Oracle*Confiden?al*–*Internal/Restricted/Highly*Restricted* 8*
Copyright*©*2014*Oracle*and/or*its*affiliates.*All*rights*reserved.**|*Oracle*Confiden?al**F**Do*Not*Distribute*
ƣªó½Ů'ķĔÉ'n�ö転UQá*
¼Ĵćn�
Packaged Apps (PSFT, EBS, Hyperion, Siebel, SAP)
BI and Content Management
Portal and App Servers
Email / File Servers
Mainframe
Web Services (External)
Web Services (Internal)
Databases
Directories
Data Warehouses
Unstructured Content
ŖņĴÙ ŏśŜá
'n²Ń°
'nƚƐ°
öè°
Copyright*©*2014*Oracle*and/or*its*affiliates.*All*rights*reserved.**|*Oracle*Confiden?al**F**Do*Not*Distribute*
ƣªó½Ů'ķĔÉ'n�öè»ķœĦƩá*
¼Ĵćn�
Mainframe
Web Services (External)
Databases
Directories
Data Warehouses
Unstructured Content
ŖņĴÙ ŏśŜá
'n²Ń°
'nƚƐ°
öè° £Uöè»ïL¦ŷ
»�ŞŚƩũ
öè»[Ʃũ
Label Security
ĴÙŹž�ŽƧìh
iņŽƧÕľ ¢UƟŠ�ŋIJ C'ŋIJ�
õÕöèƝū
Active Data Guard
¢U�B
Advanced Security
Copyright*©*2014*Oracle*and/or*its*affiliates.*All*rights*reserved.**|*
öè�ö転Um�¯X&'�
ŽƧìh�
• Oracle Database Vault • Oracle Label Security
• Oracle Advanced Security • Oracle Secure Backup • Oracle Data Masking
m¨�±ū��
ƟŠ�Ï��
• Oracle Configuration Management • Oracle Total Recall
• Oracleöè»ƩĪ��¦ŷćn��
¦ŷ�ƫø�
ƟŠ%Ï��
ŽƧìh�
m¨�±ū�
¦ŷ�ƫø�
Copyright*©*2014*Oracle*and/or*its*affiliates.*All*rights*reserved.**|*
�ö転UŋIJŲũ�ķ-ű[§�
人社部�据安全管理�范
î¿Ėđ�¿Ņh¾�
ŕrŤƆ�
• "ČaŅķöè¢UĖđ¿Ņ�
• öè»ŋIJ��¦ŷ��¢U�
�
• ?"ČaŅ,�ŀ�¿Ņ£�ķŋIJh¾�³Ih¾
• ĕèh¾ŸŅ³I�9�
�
• "ČaŅķƂŕŤƆba�Ļ¼ķàĊ�ŋIJűĠ
• ŤƆĀł�|ÜŮÍÃ
�
Copyright*©*2014*Oracle*and/or*its*affiliates.*All*rights*reserved.**|*
þń�[§*
ó½Ů'öè�öè»Qáıį*
Oracleªöè�ö転UŲũķIJŵ*
Ň~ó½Ů'ö転UŲũķ¥Øúė*
ÎřF*Ćôķöè�ö転U�ŽƧìhùËƋ*
1!
2!
3!
4!
Oracle*Confiden?al*–*Internal/Restricted/Highly*Restricted* 13*
Copyright*©*2014*Oracle*and/or*its*affiliates.*All*rights*reserved.**|*
������)(�)(%!��'40�
评估体系 ĕèöè»u�*©ķ¥ƌŘƶ�,ĴÙ¿Ņö転UſGJŏ�ą�ń¾�ĨƉŮ'ö転UŲũķűĠ�
安全层次 ĕèſGJŏķYJřĐ�,ĴÙ¿Ņ�°Ě�ƪĞķŅJƩá
�h¾JŏúƱ�ĕèŮ'öè»ķNĴÒ^�£�ö軃ŜŋIJķh¾Jŏ�
制度体系
Copyright*©*2014*Oracle*and/or*its*affiliates.*All*rights*reserved.**|*
&3)(%!�=��5���2��
• ³IŤƆaŅ!– ĆÚţŬ�HġĆ�ķúĤðå*
• ƇÙ{>ŋIJ!– ��9VĴƇÙķÒ^*
• ö軃ŜŋIJ!– ƒŜh¾Ưű£��ŽƧŝ®¦ŷ�Ɗƍťj*
• öèm¨�Ŧõ!– õÕöè|Ű�ģ*
• öè�B%§ī!– Ć�BµY�ʼnĵ�H�BřĐƏ®ƶž�
³IŤƆaŅ¾�
ƇÙ{>ŋIJ¾�
öè�BÏ�|R¾�ƒŮŜá|ư¾�
öèV8¢U¾�
Ĺē�
ıį�
Copyright*©*2014*Oracle*and/or*its*affiliates.*All*rights*reserved.**|*
• żŠ¢Uķ¨Ŀ
• Ʈ)ÁĴÙŋIJ
• ÃŹž
• =IJŹž�
• ¢Uķ�ĉƟŠ�
• mêĮČĴÙķìh
• ìhƃ�:.ÿƨ�:.�Ĭ��K�3W1H�ŽƧ3öè»�öè�¼Ĵŏś
• ŮŒf�cŒfķ�Ŵ¾¢Uìh
• ªöèƔŮaŌŋIJ
• öèm¨�
• ŞŚm¨
• ª�wöèƔŮöè±ū
• m¨¬_ķöè
• ª�BöèƔŮm¨�
• �oöè¦ŷ
• ŕō¾ķ¦ŷ
• ª¦ŷöèƔŮƮ)ŋIJ�ijÖâů�ĸì
• ¤ÿƔŮ¢UƟŠÝí
����ĴÙŋIJ�������������������������������������ŽƧìh������������������������������������öèQá�����������������������������������ĸì��
>'401��#, �
Copyright*©*2014*Oracle*and/or*its*affiliates.*All*rights*reserved.**|*
• Data Encryption • Communication Encryption • Backup Encryption • Data Masking • Segregation of Duty • Data Classification
• DBA Behavior Tracking • User Behavior Tracking • Role Change Audit • Store Procedure Ch. Auditing • Configuration Change Auditing
• Sensitive Data Blocking • Unauthorized IP Blocking • Unauthorized Tools Blocking • Non-Official Hour Blocking • Suspicious Activity Blocking • SQL Injection Blocking
4�¦ŷ 4iƩũ 4)�ě
>'401��?- �4i. 4). 4��
1� 2� 3�
Copyright*©*2014*Oracle*and/or*its*affiliates.*All*rights*reserved.**|*
ƟŠŋIJ�
öè�B�
þÊŋIJ�
¢Uʼnĵ�
¢UĘ
Ē�
éČŋIJ�
þÊaď�
zĄ¦ŷ�
þʦ
ŷ�
þÊŋ
IJ�ƒŮĸì�
� ��+�$��;���
Copyright*©*2014*Oracle*and/or*its*affiliates.*All*rights*reserved.**|*
� �<8�7�"/*.�öè»ŋIJ�!
• PÈFśķúÁ�¥ıöè»ŋIJ*
• ĕè¢UʼnĵºƙƑAdvanced*SecurityªõÕöèƔŮm¨*
ö転U��• ƙƑźŻ¤/õÕöè!• ¤/¢Uʼnĵ��éČ�m¨��Ŷ�¦ŷ!
• ƙƑDatabase!Vaulte¿öè¢U�QáõÕöè!
• ƙƑDatabase!Vaultìh×éČƇÙŋIJ!
ö軦ŷ�!• ĕè¢Uʼnĵ¤/¦ŷ��Ŷʼnĵ!• ƙƑAudit!Vault!and!Database!VaultñƮöè»ŞŚïL�ö軦ŷþÊ!
• ª�ŶƔŮêĒ!• ¤ĈĘųöè»ïLþÊ�
öè»ŋIJ��
öè»*¢U�*
öè»*¦ŷ�*
Copyright*©*2014*Oracle*and/or*its*affiliates.*All*rights*reserved.**|*
Ųũª¼ķöè»ŋIJŤƆbaÎř�
ö軦ŷ��
öè»ŋIJ��
ö転U��
• ƅƆöè»ŋIJ�ƒŮŜá�
• ƅƆïLŮ,¦ŷ�Ɗƍ�aď�• þÊaď�â��xž�
• h¤¢Uʼnĵ�• þ¹¢U´Ē�• þÊaď�ČƬŋIJ�
Copyright*©*2014*Oracle*and/or*its*affiliates.*All*rights*reserved.**|*
Oracleúė0öè»ŋIJ��
• NĴöè»C'ŋIJ��EM)ðåöè»ŋIJ�ķþ¹µL�NĴƁøq�ƄEqň¸pöè»ŋIJ�ĸì�Eröè»*
• NĴygDatabase*Vault�öè»Ʃáş�őčķöè»ŋIJ�ĴÙƔŮþ¹ķDBAµL��
Copyright*©*2014*Oracle*and/or*its*affiliates.*All*rights*reserved.**|*
Oracleúė0ö軦ŷ��NĴıĆö軦ŷlť�
• ö軶q�ĝƲlť�• |?ªÚĆúÁïLöè»Ɣ٦ŷ�UƱ�• Ć!¤ķÍťÄ��ō¾ƏŎ�ªDBAķűĠƷ�• Ưűª¦ŷöè\aď�
Oracleö軦ŷ7�(AVDF)�• ¦ŷũ�UƱ�|?¦ŷÚĆŽƧúÁ�qäm¨ŽƧ�ĺëöè»ïL�Ƴ� TƑńň��
• öè»ƩĪ��DV|?SgýÍťÄ��L,�Ųę¦ŷúėʼnĵ AV|?çŪm¨ŽƧ�ĺëŽƧ�»[ŧoƒŮňÞơõÕŽƧ�ÍťÄ�2Ļ¼Æ��
• ðå¦ŷâ��• ŊtāŮ�
úė!��
úė5��
Copyright*©*2014*Oracle*and/or*its*affiliates.*All*rights*reserved.**|*
Oracleúė0ö転U��
¦ŷ�
¢U�ŋIJ�
¢Uʼnĵ�
ŴŨŋIJ�
�>Ųd�
öèm¨�
Firewall Events
Users Applications
Database Firewall Allow Log
Alert
Substitute
Block
Audit Data
Audit Vault
Reports
!!Alerts Policies
Auditor
Security Manage
r OS,
Directory, File System & Custom Audit Logs
Database Vault�
Copyright*©*2014*Oracle*and/or*its*affiliates.*All*rights*reserved.**|*
XXƢQ¢UƞšđĎŃÔ��
Oracle¥O1
)ƨ@ćn�1 )ƨ@ćn�2 )ƨ@ćn�…
'nŏśŜá9��
ITŜá9��
Àw9��
Ǝ@Àw��
ƢQŏś�
RÐàĊŋIJ�� 'n9��
Oracle¥O2
öè»m�*Database*Vault� ƗĀm¨*
Transparent*Encryp?on�
ĮČƇÙŽƧ|ŋIJ�|¦ŷ�
öè»ƩĪ�*Database*Firewall�
ö軦ŷ»*Audit*Vault�
Copyright*©*2014*Oracle*and/or*its*affiliates.*All*rights*reserved.**|*
þń�[§*
ó½Ů'öè�öè»Qáıį*
Oracleªöè�ö転UŲũķIJŵ*
Ň~ó½Ů'ö転UŲũķ¥Øúė*
ÎřF*Ćôķöè�ö転U�ŽƧìhùËƋ*
1!
2!
3!
4!
Oracle*Confiden?al*–*Internal/Restricted/Highly*Restricted* 25*
Copyright*©*2014*Oracle*and/or*its*affiliates.*All*rights*reserved.**|*
Îř�ŊtĆôÛĂİƜ�
Oracle*Confiden?al*–*Internal/Restricted/Highly*Restricted* 26�
" öè»ŏś¢U�Ŕ�– �úĢ�Ķ
" ��$���� ����&
" ' �!��
Copyright*©*2014*Oracle*and/or*its*affiliates.*All*rights*reserved.**|*
ļƤķX¡úĤ�
Oracle*Confiden?al*–*Internal/Restricted/Highly*Restricted* 27�
! «ßƟŠŋIJąM¥ƌ
! ��"���$���#���
! ������
! ���%�
Copyright*©*2014*Oracle*and/or*its*affiliates.*All*rights*reserved.**|*��*