Oracle Database Security Assessment

Security, an unavoidable technology these days if you see the technology trend and the number of innovations in IT. Securing your Database is equally important as securing applications and network. Attacks can happen from inside or outside but the portion of damage that can do is unexpected. If attackers can gain access to database from any vulnerable points(say it from Network or Application or From OS)  it can lead to disaster. Hence, it is vital to understand the database vulnerabilities and how to fill the gap.

DBSAT (Database Security Assessment Tool) essentially an Oracle Database security Vulnerability assessment tool which tells what are all security gaps available in the database and it also suggests with recommendations. Roles, privileges, Security configurations, OS level permissions, options and features etc. are the major part of the DBSA report which tells if they are configured as per security standards with the database or not.

A comprehensive and formatted report can be easily generated using DBSA tool. DBSA tool is packaged and provided in support.oracle.com (DOC ID: 2138254.1).

There are two options available in dbsat tool.


$dbsat collect <connect_string> <destination>  -- for collecting data from the database 


$dbsat report collectedFile

Check the Oracle reference below for more details and architecture diagram. 

Reference: https://docs.oracle.com/cd/E76178_01/SATUG/toc.htm#SATUG-GUID-7FFFEC95-6D54-4299-95FA-FDFA2F8835B0


If you want more information you can contact viewssharings@gmail.com

Oracle Database Security Products covering 360 degree Security

We often see customers are looking for various security products available to provide comprehensive security solutions. But most of them we see are segmented that means no single solutions can cover everything(360 degree security solution). We saw bunch of Oracle Security products are available ranging from Database to Middleware. I will brief about Database Security products in this article.

Oracle has a bunch of Security Products, combined them a comprehensive database security solutions can be availed to provide 360 degree security protection.


Broadly these products are categorized under EVALUATE, PREVENT, DETECT, DATA DRIVEN SECURITY

Let us see what are the products coming under which category.

1. EVALUATE: Privilege Analysis, DataBase Security Assessment
2. PREVENT: Database Vault, Data Redaction, Data Encryption, Data Masking and Subsetting, Key Management
3. DETECT: Database SQL Firewall, Audit Vault
4. DATA DRIVEN SECURITY: Label Security, Real Application Security, Row Level Security



DBSAT-(Database Security Assessment Tool): It captures all security parameters and their configurations, security features and options being used and recommendations.

Privilege Analysis: It comes along with Oracle Database Vault license. It evaluates the privileges and roles and filters out necessary and unnecessary privileges.

Database Vault: Privilege account management, Multi-factor authorizations etc. Separation of duties

Data Encryption: Encrypts data at rest in column or tablespace levels.

Data Redaction: Also known as dynamic masking, it mask data on the basis of policy and applies on the basis of factors.(Users, roles, Ip address etc) ex: Credit card number XXXX-XXXX-XXXX-1234

Data Masking and Subsetting: It masks data completely in the underlying table hence reduce the sensitive data exposure to the test and dev like non-prod environments.

Oracle Key vault: Protects keys, certificates, wallet contents etc. and manage key life cycle.
It acts like HSM. TDE keys can be access directly from OKV.

Audit Vault and Database Firewall: DB Firewall can be deployed as first line of defense. It analyses incoming sqls and detects anomaly. Audit vault is a central auditing and monitoring system which can be integrated with DB firewall to work together in detecting anomaly and alert to the security admin.


If you are interested in these technologies, Kindly contact viewssharings@gmail.com.

Oracle Database Security

1. Why Database Security ?

   Databases are the core component of enterprises as it holds business information over the years, hence Data protection is very much essential  and so Databases. 

2. Why Oracle Database Security ?

   Oracle offers customers an end to end security product and solutions to meet customer business needs in securing their infrastructure. Oracle Database security product portfolio contains.

1. Database Vault

2. Database Masking and Subsetting

3. Transparent Data Encryption and Data Reduction

4. Data Encryption

5. Oracle Wallet

6. Oracle Key Vault

7. Audit Vault and Database Firewall

Majority of Oracle Database security products supports both on premises and oracle public cloud infrastructures.

Oracle Database Masking and Subsetting : 

Oracle Database Masking and Subsetting pack in Oracle Enterprise Manager enables organisation to maximize the business value of their production data by leveraging it in various non-production system while at the same time ensuring that copied data is full sanitized to maintain security and privacy remain in compliance with regulation and keep costs low.

* Data Masking and Subsetting solution makes it easy and identify sensitive data through automated discovery jobs and reusable data models.

* It provides an integrated solution to mask and optionally subset data in a single workflow.

* It provides high fidelity data outputs by explicitly tracking data relationship and maintains referential integrity.

* It facilitates masking and subsetting data in databases or by real time extraction of data in a database.

* It provides to mask Oracle and Non-Oracle databases.

* Supports local and Oracle public cloud databases in a single solution.

High Level steps for masking and subsetting:

1. Create Data Model: Discovers Sensitive Data and Data relationship

2. Select formats and criteria : Masking formats and Templates, Goals and Conditions for subsetting

3. Preview and Validate : Preview masking algorithm results, preview subset reduction results

4. Execute Transformation : In Database mode or In Expert Mode

Thanking You,

Manoj Kumar 

Oracle Database Security Consultant, EMEA presales