Introduction to the Oracle Database Firewall to enhance the level of security to protect your valuable business data.

1. Oracle Database Firewall
Johan Louwers - Global Oracle Architect Office
Technology Vision

2. 2Copyright © Capgemini 2015. All Rights Reserved
Global Oracle Architect Office
Oracle Database Firewall
“Putting things into perspective ”
 High level product overview
Standard firewall implementations protecting your database only in a way that they
prevent connections on a network layer level while allowing all SQL statements over a
allowed network connection. This holds that a traditional network firewall only
provides a limited level of security and keeping your database vulnerable for attacks
on a SQL level.
• First line of defense: Transparently detect and block SQL injection attacks, privilege
escalation, and other threats against Oracle, Microsoft SQL Server, IBM DB2, SAP
Sybase, and MySQL databases
• Faster response: Automatically detect unauthorized database activities that violate
security policies, and thwart perpetrators from covering their tracks
• Simplified compliance reporting: Easily analyze audit and event data and take action
in a timely fashion with out-of-the-box compliance reports

3. 3Copyright © Capgemini 2015. All Rights Reserved
Global Oracle Architect Office
Oracle Database Firewall
“getting a bit technical”
 The technical foundation
The Oracle database firewall is a software based
“appliance” which will form a “man in the middle” solution to
tap into and evaluate SQL statements send to the database.
Based upon the implemented rules SQL statements will be
send to the database or will be blocked.
• Accurately detects and blocks unauthorized database
activity including SQL injection attacks by monitoring traffic
to Oracle and non-Oracle databases
• Consolidates audit data and logs generated by databases,
operating systems, directories, file systems, and custom
sources into a secure centralized repository
• Provides enterprise security intelligence and efficient
compliance reporting by combining monitoring and audit
data
• Utilizes a unique SQL grammar analysis engine and easy-
to-define whitelists and blacklists to ensure high accuracy
and performance
• Delivers horizontal and vertical scalability through easy-to-
deploy "software appliances

4. 4Copyright © Capgemini 2015. All Rights Reserved
Global Oracle Architect Office
Oracle Database Firewall
“Building an example use case”
 Building an example use case
In this example we have a number of Oracle databases
containing sensitive customer data. Applications connected
to the database are considered “safe” however the
database needs to be protected against the possibility that
an attacker gains access to the application server and starts
to query the database with the found login credentials.
1) Application server which is in need to connect to the
database
2) A network firewall protects the database on a network
layer level
3) The Oracle database firewall checks all the SQL
statements to verify only allowed SQL statements are
passed through to the database
4) The database only receives allowed SQL statements from
the application servers as they are filtered by the
database firewall
5) All firewall events are logged to the Oracle Audit Vault to
ensure they are kept save and can be used during a
investigation
6) Auditors and security staff are informed with alerts in case
of suspicious traffic. Reports are generated for auditing
purposes
1 3 4
56
Network
Firewall
2

5. 5Copyright © Capgemini 2015. All Rights Reserved
Global Oracle Architect Office
 Capgemini services and solutions
Capgemini provides a wide range of services and solutions for Oracle technology and
the required security that should accompany the IT footprint in which Oracle
technology is used. Specifically for Oracle database firewall solutions Capgemini
provides (among others) the below services
• Architecture services
Capgemini provides a wide range of architecture services on Oracle Technology also
including security architecture services.
• Implementation services
Implementation of the Oracle Database Firewall and other security features can be
provided by the Capgemini Oracle teams
• Maintenance services
Day to day maintenance of both software and hardware used to operate a Oracle
database firewall can be provided by Capgemini.
• Security watch services
• 24*7 active monitoring and acting upon security related incidents in line by the
Capgemini international monitoring and operating centre can be provided.
• Hosting and housing services
Hosting and housing of the required infrastructure as well as the maintenance can be
done from within one of the global Capgemini datacenters.
Oracle Database Firewall
“Working with Capgemini”

6. 6Copyright © Capgemini 2015. All Rights Reserved
Global Oracle Architect Office
Capgemini Oracle Architect Office – Background Information

7. 7Copyright © Capgemini 2015. All Rights Reserved
Global Oracle Architect Office
Capgemini - Global Oracle Architect Office
“Capgemini OAO key mission”
 Technology Standards
Creating and maintaining the global oracle technology standards and implementation
roadmaps to ensure customers receive the Oracle & Capgemini best practice based
solutions to provide the most optimal business value.
 Technology Vision
Identifying, tracking, prototyping and developing new solutions and technologies, using
a combination of forward-thinking visionary and practical realism to provide customers a
practical future roadmap and a clear direction.
 Technology Solutions
Ensuring that the technological solutions created by both Oracle and Capgemini are
positioned as a unified solution for our customer and the most optimal technological
advantages of the products are used.
 Business Value
Providing customers with the most optimal business value with the lowest TCO to
support customer is accelerating in their day to day operations and achieving there
goals with Oracle technology as an enabler.
Technology
Vision
Technology
Standards
Technology
Solutions
Business
ValueOAO

8. 8Copyright © Capgemini 2015. All Rights Reserved
Global Oracle Architect Office
Technology
Vision
Technology
Standards
Technology
Solutions
Business
ValueOAO
Capgemini - Global Oracle Architect Office
“Capgemini OAO core team”
 Sunil Krishnanunni
Senior Architect – Asia Pacific
Sunil.Krishnanunni@capgemini.com
 Del Albrecht
Senior Architect – North America
Delwin.Albrecht@capgemini.com
 Johan Louwers
Lead Architect – Global (EMEA)
Johan.louwers@capgemini.com
 Global Oracle Architect Office contact:
GlobalOAO.bnl@capgemini.com

9. The information contained in this presentation is proprietary.
© 2014 Capgemini. All rights reserved.
www.capgemini.com
About Capgemini
With almost 140,000 people in 40 countries, Capgemini is one of
the world’s foremost providers of consulting, technology and
outsourcing services. The Group reported 2013 global revenues
of EUR 10.1 billion.
Together with its clients, Capgemini creates and delivers
business and technology solutions that fit their needs and drive
the results they want.
A deeply multicultural organization, Capgemini has developed its
own way of working, the Collaborative Business ExperienceTM,
and draws on Rightshore®, its worldwide delivery model.
Rightshore® is a trademark belonging to Capgemini