Monday, 9 October 2017

Oracle Database Security Assessment

Security, an unavoidable technology these days if you see the technology trend and the number of innovations in IT. Securing your Database is equally important as securing applications and network. Attacks can happen from inside or outside but the portion of damage that can do is unexpected. If attackers can gain access to database from any vulnerable points(say it from Network or Application or From OS)  it can lead to disaster. Hence, it is vital to understand the database vulnerabilities and how to fill the gap.

DBSAT (Database Security Assessment Tool) essentially an Oracle Database security Vulnerability assessment tool which tells what are all security gaps available in the database and it also suggests with recommendations. Roles, privileges, Security configurations, OS level permissions, options and features etc. are the major part of the DBSA report which tells if they are configured as per security standards with the database or not.

A comprehensive and formatted report can be easily generated using DBSA tool. DBSA tool is packaged and provided in support.oracle.com (DOC ID: 2138254.1).

There are two options available in dbsat tool.


$dbsat collect <connect_string> <destination>  -- for collecting data from the database 


$dbsat report collectedFile

Check the Oracle reference below for more details and architecture diagram. 

Reference: https://docs.oracle.com/cd/E76178_01/SATUG/toc.htm#SATUG-GUID-7FFFEC95-6D54-4299-95FA-FDFA2F8835B0


If you want more information you can contact viewssharings@gmail.com


Tuesday, 3 October 2017

Oracle Database Security Products covering 360 degree Security

We often see customers are looking for various security products available to provide comprehensive security solutions. But most of them we see are segmented that means no single solutions can cover everything(360 degree security solution). We saw bunch of Oracle Security products are available ranging from Database to Middleware. I will brief about Database Security products in this article.

Oracle has a bunch of Security Products, combined them a comprehensive database security solutions can be availed to provide 360 degree security protection.


Broadly these products are categorized under EVALUATE, PREVENT, DETECT, DATA DRIVEN SECURITY

Let us see what are the products coming under which category.

1. EVALUATE: Privilege Analysis, DataBase Security Assessment
2. PREVENT: Database Vault, Data Redaction, Data Encryption, Data Masking and Subsetting, Key Management
3. DETECT: Database SQL Firewall, Audit Vault
4. DATA DRIVEN SECURITY: Label Security, Real Application Security, Row Level Security



DBSAT-(Database Security Assessment Tool): It captures all security parameters and their configurations, security features and options being used and recommendations.

Privilege Analysis: It comes along with Oracle Database Vault license. It evaluates the privileges and roles and filters out necessary and unnecessary privileges.

Database Vault: Privilege account management, Multi-factor authorizations etc. Separation of duties

Data Encryption: Encrypts data at rest in column or tablespace levels.

Data Redaction: Also known as dynamic masking, it mask data on the basis of policy and applies on the basis of factors.(Users, roles, Ip address etc) ex: Credit card number XXXX-XXXX-XXXX-1234

Data Masking and Subsetting: It masks data completely in the underlying table hence reduce the sensitive data exposure to the test and dev like non-prod environments.

Oracle Key vault: Protects keys, certificates, wallet contents etc. and manage key life cycle.
It acts like HSM. TDE keys can be access directly from OKV.

Audit Vault and Database Firewall: DB Firewall can be deployed as first line of defense. It analyses incoming sqls and detects anomaly. Audit vault is a central auditing and monitoring system which can be integrated with DB firewall to work together in detecting anomaly and alert to the security admin.


If you are interested in these technologies, Kindly contact viewssharings@gmail.com.