1 / 8

Oracle Security Mechanisms: Encryption, Auditing, & Control

Learn about Oracle's proprietary security approach with OLS, data confidentiality, granular access control, encryption with DBMS_CRYPTO, auditing capabilities, and end-to-end security features. Discover Oracle's transparent data encryption, performance benefits, separation of duties, wallet management, and advanced security measures for comprehensive database protection.

lhamilton
Download Presentation

Oracle Security Mechanisms: Encryption, Auditing, & Control

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ORACLE's Approach ORALCE uses a proprietary mechanism for security. They user OLS.... ORACLE Labeling Security. They do data confidentiality They do adjudication They do auditing All at the proprietary database level. A for pay solution, not based on open standards.

  2. The DBMS_CRYPTO Package Formerly DBMS_OBFUSCATION (Release 8) Extensive control of options Generate as many, or as few keys as you desire Granular access control, Manual salt generation, algorithm selection, chaining mode Limited Transparency

  3. Transparent Data Encryption Integrated with the Oracle database for simplicity Alter table encrypt column … Provides application transparency No API calls, database triggers or views required Media protection of PII data Social security numbers Credit Card Numbers Performance Works with existing indexes for fast searches

  4. Separation of duties Wallet password is separate from System or DBA password No access to wallet DBA starts up Database Security DBA opens wallet containing master key

  5. Master key and column keys Column keys encryptedby master key Master key stored in PKCS#12 wallet Security DBA opens wallet containing master key Column keys encryptdata in columns

  6. End to End Security Oracle Advanced Security Strong Authentication Oracle Advanced Security Network Encryption Oracle Advanced Security Transparent Data Encryption Data Automatically Decrypted Through SQL Interface Data Written To Disk Automatically Encrypted Data Encrypted On Backup Files

  7. Audit & monitor database activity Logon failures, privilege usage, data access, object access,and other activities Standard Audit Trail (over 250 audit actions) Gives first level of information about access to the database Statement auditing Privilege auditing Schema Object auditing Fine-Grained Auditing (FGA) Gives second level of information about specific operations to the database Enables you to monitor data access based on content. Oracle Database 10g Auditing AUDITING

  8. Fine-grained auditing (FGA) • Beginning with Oracle9i Database, Oracle provides the capability to audit specific rows within a table. This is accomplished using the DBMS_FGA package. • Features • Attach audit policy to table or view • Specify audit condition using a SQL predicate • User’s query text with bind variables are written to audit record upon a triggering audit event • Event handler can alert administrator to triggering condition (e.g. write record to log, send page)

More Related