SlideShare a Scribd company logo

Oracle security 01-security requirements & solutions

Zhaoyang Wang
Zhaoyang Wang

Oracle security 01-security requirements & solutions

Technology
1 of 22
Download to read offline
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Security Requirements & Solutions
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Objectives After completing this lesson, you should be able to do the following: • Describe fundamental security requirements • Define the following terms: – Least privilege – Authorization – Authentication • Describe security policies • Describe the concept of security in detail • Preventing exploits • Maintaining data integrity • Protecting data • Controlling data access
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Industry-Security Requirements • Legal: – Sarbanes-Oxley Act (SOX) – Health Information Portability and Accountability Act (HIPAA) – California Breach Law – UK Data Protection Act • Auditing
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Security Standards Recognized security standards: • ISO 17799 • SANS Institute • CERT/CC Do your policies meet the standards?
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Fundamental Data-Security Requirements You should know the following fundamental data- security requirements: • Confidentiality • Integrity • Availability
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Components for Enforcing Security • Authentication • Authorization • Access control • Auditing
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Security Risks Risk analysis includes: • External attack: – Unauthorized users – Denial of service – Unauthorized data and service access • Internal abuse: data or service theft • Sabotage: data or service corruption • Complexity
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Principle of Least Privilege • Install only the required software on the machine. • Activate only the required services on the machine. • Give operating system (OS) and database access to only those users who require access. • Limit access to the root or administrator account. • Limit access to SYSDBA and SYSOPER accounts. • Limit users’ access to only the database objects that are required to do their jobs.
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Defining a Security Policy • What is a security policy? – A set of rules – Specific to an area and site – Required – Approved by management • What is a standard? – Rules specific to a system or process – Required for everyone • What are guidelines? – Suggestions and best practices – Specific to a system or a process
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Developing Your Security Policy The steps to develop your security policy are: 1. Assemble your security team. 2. Define your security requirements. 3. Develop procedures and systems to meet these requirements. 4. Implement security procedures.
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Examining All Aspects of Security Consider the following dimensions: • Physical • Personnel • Technical • Procedural Example: An employee leaves his or her desk while using an application.
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Implementing a Security Policy • Implement your standards and procedures. • Implement the plan for developing new systems and applications. • Monitor and enforce the policy. • Keep systems and applications up-to-date with security patches. • Educate users.
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Hardening the Operating System • Limit services to required services. • Limit users. • Use security from the service. • Apply all security patches and workarounds. • Protect backups. • Test security for in-house development. • Require strong passwords. • Control physical access. • Audit system activity. • Use intrusion-detection tools.
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Easing Administration • Examine the security features of the service: – Select the features that meet your security requirements. – Integrate the features to simplify administration. • Ease security administration by: – Using single sign-on – Delegating security authority – Grouping users with common privileges – Synchronizing with other sources
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Using a Firewall to Restrict Network Access Application Web server Database server Client computers Firewall Firewall
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Hardening Oracle Services • Harden the database. • Harden Oracle Net Services. • Use Connection Manager as a firewall. • Use available components: – Fine-grained access control – Enterprise user authentication – Encryption – Label security – Strong authentication by using public key infrastructure or Kerberos • Harden the middle tier.
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Preventing Exploits Use industry-standard practices: • Harden the database. • Harden the operating system. • Harden the network.
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Maintaining Data Integrity Sarbanes-Oxley requires assurance of the integrity of the data that is used to produce financial reports. Oracle Database 10g can provide the following: • Standard auditing • Fine-grained auditing • Privileged-account auditing • Network encryption
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Data Protection Under CA-SB-1386, personally identifiable information must be protected. Use the following techniques: • Restrict access. • Encrypt stored data. • Encrypt network traffic. • Restrict network access. • Monitor activity. • Harden every layer. OKYMSEISPDTGA MyCreditCardNum
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Access Control The law requires that only certain persons may access specific data. Access control and monitoring include: • Implement the Virtual Private Database (VPD): – Application context – Fine-grained access control (FGAC) • Use Oracle Label Security (OLS). • Apply auditing.
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Summary In this lesson, you should have learned how to: • List and describe fundamental security requirements • Define the following terms: – Principle of least privilege – Authorization – Authentication • Describe some security risks and requirements • Describe the concept of security in detail • Preventing exploits • Maintaining data integrity • Protecting data • Controlling data access
云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Q&A

Recommended

Oracle security 02-administering user security
Oracle security 02-administering user securityOracle security 02-administering user security
Oracle security 02-administering user security
Zhaoyang Wang
 
Osobní bezpečnost na internetu
Osobní bezpečnost na internetuOsobní bezpečnost na internetu
Osobní bezpečnost na internetu
DCIT, a.s.
 
Oracle security 08-oracle network security
Oracle security 08-oracle network securityOracle security 08-oracle network security
Oracle security 08-oracle network security
Zhaoyang Wang
 
Secure Technical Implementation Guide for databases by Martin Obst
Secure Technical Implementation Guide for databases by Martin ObstSecure Technical Implementation Guide for databases by Martin Obst
Secure Technical Implementation Guide for databases by Martin Obst
Carsten Muetzlitz
 
Oracle db subprograms
Oracle db subprogramsOracle db subprograms
Oracle db subprograms
Simon Huang
 
Auditing security of Oracle DB (Karel Miko)
Auditing security of Oracle DB (Karel Miko)Auditing security of Oracle DB (Karel Miko)
Auditing security of Oracle DB (Karel Miko)
DCIT, a.s.
 
1 z0 052
1 z0 0521 z0 052
1 z0 052
Wasim Ahmed
 
Oracle Berkeley Db 11g R2
Oracle Berkeley Db 11g R2Oracle Berkeley Db 11g R2
Oracle Berkeley Db 11g R2
Prem Kumar
 

Recommended

Oracle security 02-administering user security
Oracle security 02-administering user securityOracle security 02-administering user security
Oracle security 02-administering user security
Zhaoyang Wang
 
Osobní bezpečnost na internetu
Osobní bezpečnost na internetuOsobní bezpečnost na internetu
Osobní bezpečnost na internetu
DCIT, a.s.
 
Oracle security 08-oracle network security
Oracle security 08-oracle network securityOracle security 08-oracle network security
Oracle security 08-oracle network security
Zhaoyang Wang
 
Secure Technical Implementation Guide for databases by Martin Obst
Secure Technical Implementation Guide for databases by Martin ObstSecure Technical Implementation Guide for databases by Martin Obst
Secure Technical Implementation Guide for databases by Martin Obst
Carsten Muetzlitz
 
Oracle db subprograms
Oracle db subprogramsOracle db subprograms
Oracle db subprograms
Simon Huang
 
Auditing security of Oracle DB (Karel Miko)
Auditing security of Oracle DB (Karel Miko)Auditing security of Oracle DB (Karel Miko)
Auditing security of Oracle DB (Karel Miko)
DCIT, a.s.
 
1 z0 052
1 z0 0521 z0 052
1 z0 052
Wasim Ahmed
 
Oracle Berkeley Db 11g R2
Oracle Berkeley Db 11g R2Oracle Berkeley Db 11g R2
Oracle Berkeley Db 11g R2
Prem Kumar
 
海通证券金融云思考与实践(数据技术嘉年华2017)
海通证券金融云思考与实践(数据技术嘉年华2017)海通证券金融云思考与实践(数据技术嘉年华2017)
海通证券金融云思考与实践(数据技术嘉年华2017)
Zhaoyang Wang
 
云管理平台助力海通金融云建设
云管理平台助力海通金融云建设云管理平台助力海通金融云建设
云管理平台助力海通金融云建设
Zhaoyang Wang
 
海通证券数据库备份恢复云平台实践(OTN Tour Shanghai 2017)
海通证券数据库备份恢复云平台实践(OTN Tour Shanghai 2017)海通证券数据库备份恢复云平台实践(OTN Tour Shanghai 2017)
海通证券数据库备份恢复云平台实践(OTN Tour Shanghai 2017)
Zhaoyang Wang
 
Oracle Compute Cloud Service快速实践
Oracle Compute Cloud Service快速实践Oracle Compute Cloud Service快速实践
Oracle Compute Cloud Service快速实践
Zhaoyang Wang
 
Oracle Compute Cloud Service介绍
Oracle Compute Cloud Service介绍Oracle Compute Cloud Service介绍
Oracle Compute Cloud Service介绍
Zhaoyang Wang
 
Oracle cloud 使用云市场快速搭建小型电商网站
Oracle cloud 使用云市场快速搭建小型电商网站Oracle cloud 使用云市场快速搭建小型电商网站
Oracle cloud 使用云市场快速搭建小型电商网站
Zhaoyang Wang
 
Oracle cloud ravello介绍及测试账户申请
Oracle cloud ravello介绍及测试账户申请Oracle cloud ravello介绍及测试账户申请
Oracle cloud ravello介绍及测试账户申请
Zhaoyang Wang
 
Oracle cloud 云介绍及测试账户申请
Oracle cloud 云介绍及测试账户申请Oracle cloud 云介绍及测试账户申请
Oracle cloud 云介绍及测试账户申请
Zhaoyang Wang
 
New awesome features in MySQL 5.7
New awesome features in MySQL 5.7New awesome features in MySQL 5.7
New awesome features in MySQL 5.7
Zhaoyang Wang
 
Performance Tuning Tool01-Statspack
Performance Tuning Tool01-StatspackPerformance Tuning Tool01-Statspack
Performance Tuning Tool01-Statspack
Zhaoyang Wang
 
SQL Tuning02-Intorduction to the CBO Optimizer
SQL Tuning02-Intorduction to the CBO OptimizerSQL Tuning02-Intorduction to the CBO Optimizer
SQL Tuning02-Intorduction to the CBO Optimizer
Zhaoyang Wang
 
SQL Tuning04-Interpreting Execution Plans
SQL Tuning04-Interpreting Execution PlansSQL Tuning04-Interpreting Execution Plans
SQL Tuning04-Interpreting Execution Plans
Zhaoyang Wang
 
SQL Tuning01-Introduction to SQL Tuning
SQL Tuning01-Introduction to SQL TuningSQL Tuning01-Introduction to SQL Tuning
SQL Tuning01-Introduction to SQL Tuning
Zhaoyang Wang
 
MySQL Fulltext Search Tutorial
MySQL Fulltext Search TutorialMySQL Fulltext Search Tutorial
MySQL Fulltext Search Tutorial
Zhaoyang Wang
 
Data Organization in InnoDB
Data Organization in InnoDBData Organization in InnoDB
Data Organization in InnoDB
Zhaoyang Wang
 
Oracle enterprise manager cloud control 12c release 5 installation on oracle ...
Oracle enterprise manager cloud control 12c release 5 installation on oracle ...Oracle enterprise manager cloud control 12c release 5 installation on oracle ...
Oracle enterprise manager cloud control 12c release 5 installation on oracle ...
Zhaoyang Wang
 
Oracle enterprise manager cloud control 12c r5 agent installation
Oracle enterprise manager cloud control 12c r5 agent installationOracle enterprise manager cloud control 12c r5 agent installation
Oracle enterprise manager cloud control 12c r5 agent installation
Zhaoyang Wang
 
Why use MySQL
Why use MySQLWhy use MySQL
Why use MySQL
Zhaoyang Wang
 
MYSQLCLONE Introduction
MYSQLCLONE IntroductionMYSQLCLONE Introduction
MYSQLCLONE Introduction
Zhaoyang Wang
 
Interpreting execution plans
Interpreting execution plansInterpreting execution plans
Interpreting execution plans
Zhaoyang Wang
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 

More Related Content

More from Zhaoyang Wang

More from Zhaoyang Wang (20)

海通证券金融云思考与实践(数据技术嘉年华2017)
海通证券金融云思考与实践(数据技术嘉年华2017)海通证券金融云思考与实践(数据技术嘉年华2017)
海通证券金融云思考与实践(数据技术嘉年华2017)
 
云管理平台助力海通金融云建设
云管理平台助力海通金融云建设云管理平台助力海通金融云建设
云管理平台助力海通金融云建设
 
海通证券数据库备份恢复云平台实践(OTN Tour Shanghai 2017)
海通证券数据库备份恢复云平台实践(OTN Tour Shanghai 2017)海通证券数据库备份恢复云平台实践(OTN Tour Shanghai 2017)
海通证券数据库备份恢复云平台实践(OTN Tour Shanghai 2017)
 
Oracle Compute Cloud Service快速实践
Oracle Compute Cloud Service快速实践Oracle Compute Cloud Service快速实践
Oracle Compute Cloud Service快速实践
 
Oracle Compute Cloud Service介绍
Oracle Compute Cloud Service介绍Oracle Compute Cloud Service介绍
Oracle Compute Cloud Service介绍
 
Oracle cloud 使用云市场快速搭建小型电商网站
Oracle cloud 使用云市场快速搭建小型电商网站Oracle cloud 使用云市场快速搭建小型电商网站
Oracle cloud 使用云市场快速搭建小型电商网站
 
Oracle cloud ravello介绍及测试账户申请
Oracle cloud ravello介绍及测试账户申请Oracle cloud ravello介绍及测试账户申请
Oracle cloud ravello介绍及测试账户申请
 
Oracle cloud 云介绍及测试账户申请
Oracle cloud 云介绍及测试账户申请Oracle cloud 云介绍及测试账户申请
Oracle cloud 云介绍及测试账户申请
 
New awesome features in MySQL 5.7
New awesome features in MySQL 5.7New awesome features in MySQL 5.7
New awesome features in MySQL 5.7
 
Performance Tuning Tool01-Statspack
Performance Tuning Tool01-StatspackPerformance Tuning Tool01-Statspack
Performance Tuning Tool01-Statspack
 
SQL Tuning02-Intorduction to the CBO Optimizer
SQL Tuning02-Intorduction to the CBO OptimizerSQL Tuning02-Intorduction to the CBO Optimizer
SQL Tuning02-Intorduction to the CBO Optimizer
 
SQL Tuning04-Interpreting Execution Plans
SQL Tuning04-Interpreting Execution PlansSQL Tuning04-Interpreting Execution Plans
SQL Tuning04-Interpreting Execution Plans
 
SQL Tuning01-Introduction to SQL Tuning
SQL Tuning01-Introduction to SQL TuningSQL Tuning01-Introduction to SQL Tuning
SQL Tuning01-Introduction to SQL Tuning
 
MySQL Fulltext Search Tutorial
MySQL Fulltext Search TutorialMySQL Fulltext Search Tutorial
MySQL Fulltext Search Tutorial
 
Data Organization in InnoDB
Data Organization in InnoDBData Organization in InnoDB
Data Organization in InnoDB
 
Oracle enterprise manager cloud control 12c release 5 installation on oracle ...
Oracle enterprise manager cloud control 12c release 5 installation on oracle ...Oracle enterprise manager cloud control 12c release 5 installation on oracle ...
Oracle enterprise manager cloud control 12c release 5 installation on oracle ...
 
Oracle enterprise manager cloud control 12c r5 agent installation
Oracle enterprise manager cloud control 12c r5 agent installationOracle enterprise manager cloud control 12c r5 agent installation
Oracle enterprise manager cloud control 12c r5 agent installation
 
Why use MySQL
Why use MySQLWhy use MySQL
Why use MySQL
 
MYSQLCLONE Introduction
MYSQLCLONE IntroductionMYSQLCLONE Introduction
MYSQLCLONE Introduction
 
Interpreting execution plans
Interpreting execution plansInterpreting execution plans
Interpreting execution plans
 

Recently uploaded

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 

Recently uploaded (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 

Oracle security 01-security requirements & solutions

  • 1. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Security Requirements & Solutions
  • 2. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Objectives After completing this lesson, you should be able to do the following: • Describe fundamental security requirements • Define the following terms: – Least privilege – Authorization – Authentication • Describe security policies • Describe the concept of security in detail • Preventing exploits • Maintaining data integrity • Protecting data • Controlling data access
  • 3. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Industry-Security Requirements • Legal: – Sarbanes-Oxley Act (SOX) – Health Information Portability and Accountability Act (HIPAA) – California Breach Law – UK Data Protection Act • Auditing
  • 4. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Security Standards Recognized security standards: • ISO 17799 • SANS Institute • CERT/CC Do your policies meet the standards?
  • 5. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Fundamental Data-Security Requirements You should know the following fundamental data- security requirements: • Confidentiality • Integrity • Availability
  • 6. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Components for Enforcing Security • Authentication • Authorization • Access control • Auditing
  • 7. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Security Risks Risk analysis includes: • External attack: – Unauthorized users – Denial of service – Unauthorized data and service access • Internal abuse: data or service theft • Sabotage: data or service corruption • Complexity
  • 8. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Principle of Least Privilege • Install only the required software on the machine. • Activate only the required services on the machine. • Give operating system (OS) and database access to only those users who require access. • Limit access to the root or administrator account. • Limit access to SYSDBA and SYSOPER accounts. • Limit users’ access to only the database objects that are required to do their jobs.
  • 9. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Defining a Security Policy • What is a security policy? – A set of rules – Specific to an area and site – Required – Approved by management • What is a standard? – Rules specific to a system or process – Required for everyone • What are guidelines? – Suggestions and best practices – Specific to a system or a process
  • 10. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Developing Your Security Policy The steps to develop your security policy are: 1. Assemble your security team. 2. Define your security requirements. 3. Develop procedures and systems to meet these requirements. 4. Implement security procedures.
  • 11. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Examining All Aspects of Security Consider the following dimensions: • Physical • Personnel • Technical • Procedural Example: An employee leaves his or her desk while using an application.
  • 12. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Implementing a Security Policy • Implement your standards and procedures. • Implement the plan for developing new systems and applications. • Monitor and enforce the policy. • Keep systems and applications up-to-date with security patches. • Educate users.
  • 13. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Hardening the Operating System • Limit services to required services. • Limit users. • Use security from the service. • Apply all security patches and workarounds. • Protect backups. • Test security for in-house development. • Require strong passwords. • Control physical access. • Audit system activity. • Use intrusion-detection tools.
  • 14. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Easing Administration • Examine the security features of the service: – Select the features that meet your security requirements. – Integrate the features to simplify administration. • Ease security administration by: – Using single sign-on – Delegating security authority – Grouping users with common privileges – Synchronizing with other sources
  • 15. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Using a Firewall to Restrict Network Access Application Web server Database server Client computers Firewall Firewall
  • 16. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Hardening Oracle Services • Harden the database. • Harden Oracle Net Services. • Use Connection Manager as a firewall. • Use available components: – Fine-grained access control – Enterprise user authentication – Encryption – Label security – Strong authentication by using public key infrastructure or Kerberos • Harden the middle tier.
  • 17. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Preventing Exploits Use industry-standard practices: • Harden the database. • Harden the operating system. • Harden the network.
  • 18. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Maintaining Data Integrity Sarbanes-Oxley requires assurance of the integrity of the data that is used to produce financial reports. Oracle Database 10g can provide the following: • Standard auditing • Fine-grained auditing • Privileged-account auditing • Network encryption
  • 19. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Data Protection Under CA-SB-1386, personally identifiable information must be protected. Use the following techniques: • Restrict access. • Encrypt stored data. • Encrypt network traffic. • Restrict network access. • Monitor activity. • Harden every layer. OKYMSEISPDTGA MyCreditCardNum
  • 20. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Access Control The law requires that only certain persons may access specific data. Access control and monitoring include: • Implement the Virtual Private Database (VPD): – Application context – Fine-grained access control (FGAC) • Use Oracle Label Security (OLS). • Apply auditing.
  • 21. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Summary In this lesson, you should have learned how to: • List and describe fundamental security requirements • Define the following terms: – Principle of least privilege – Authorization – Authentication • Describe some security risks and requirements • Describe the concept of security in detail • Preventing exploits • Maintaining data integrity • Protecting data • Controlling data access
  • 22. 云和恩墨 成就所托 by 王朝阳 18516271611 sonne.k.wang@gmail.com Q&A