Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Database Firewall
Overview
Wolfgang Thiem
ORACLE Germany B.V. & Co.KG
STCC Munich
Todays Agenda
1
Q&A
DETECTIVE
ADMINISTRATIVE
Activity Monitoring
Database Firewall
Configuration Management
DETECTIVE
ADMINISTRATIVE
Activity Monitoring
Database Firewall
Configuration Management
Todays Agenda
1
Q&A
Auditing
(Audit Vault Agents)
Pathways
Network
Impact on
database
Information
Purpose
10
Audit Vault
Audit data consolidation
SYBASE
Reports
Policies
Audit Data,
Event Logs
Audit Vault
Copyright 2015 Oracle and/or its affiliates. All rights reserved.
12
High Availability
14
15
Powerful Alerting
Multi-event alerts
with thresholds and
duration
Flexible alert
conditions
Customizable alert
content
Alerts via email or
syslog
16
Database Firewall
First line of defense
Database Firewall
Users
SYBASE
Application
s
Policy-based
pass/log/alert/substitute/block
17
Database Firewall
Enforcing access with black-list based policy
Legitimate
access
Unauthorized
access, eg.
from not
permitted IP
address
Black-list
Policy
Allow
Log
Block
Databases
19
Database Firewall
Anomaly detection and threat blocking with white-list based policy
Legitimate
access
Unauthorized
access, eg. SQLinjection
White-list
Policy
Allow
Log
Block
Databases
20
Database Firewall
Transparent blocking with statement substitution
Database Firewall
Becomes
SELECT * FROM dual where 1=0
Databases
21
DCL
Solution:
Database Firewall creates activity profile
22
Database Firewall
Flexible deployment
Out of band
Proxy
Passive monitoring
Proxy mode
Inline blocking
and monitoring
Host monitor
In-line
Monitoring or blocking
Host monitor
Host agent mirrors traffic back to
Database Firewall
Copyright 2015 Oracle and/or its affiliates. All rights reserved.
25
26
Heterogeneous databases
OSs and other sources,
data lifecycle management
Real-time alerting,
customizable reporting, report
scheduling and attestation
Todays Agenda
1
Q&A
28
Deployment Overview
Understand and prioritise your
database security needs
Estimate aggregate volume of
logged audit and event data
Roll out audit logs consolidation, or
activity monitoring, or both
Auditing?
Monitoring?
Blocking?
Configure
Audit Vault
Configure Targets
Install and activate
Audit Vault Agents
on target hosts
Configure native
audit policies
Configure archive
locations
Configure data
retention policies
Data Lifecycle
Settings
Deploy Database
Firewalls
Architect and
configure Database
Firewall networking
Setup
Database Firewalls
Configure
Monitoring
Configure
Enforcement Points
Switch on Database
Activity Monitoring
Assign Unique
policy to
Enforcement Points
Fine-tune policy
based on logged SQL
Configure Policy
Learn from
Logged Data
Create Whitelists
Define permitted
session profiles and
privileged users
Specify what activity
is to be logged
Deploy against
production traffic
Tighten policy by
rules on out of policy
SQL
Refine Policy
Enable Blocking
Set-up alerts on all
out of policy activity
Switch to Database
Policy Enforcement
Mode
Out of band
Deployment recommendations
Proxy
Users
Inline blocking
and monitoring
Apps
Database Firewall
Events
Alerts
Reports
Policies
Primary links
(Active)
Database
Firewalls
High Availability
data link
Secondary links
(Dormant)
Audit Vault
Agents
High Availability
Network switch
SQL
traffic
SPAN
port
Identical streams
of activity logs
De-duplication
Inbound
SQL requests
STP-enabled
path
Database
Firewall
Audit Vault Server
Inbound
SQL traffic
Network
switch
Network
switch
SQL traffic
STP-disabled
path
Database
Firewall
Activity Data
Proxy
port
Inbound
SQL Traffic
Load-balancer
Database Firewalls
Proxy
port
Activity Data
Copyright 2015 Oracle and/or its affiliates. All rights reserved.
Separate (switching)
network path
Inbound
SQL Traffic
Layer 2 Traffic
Manager
Database Firewalls
Separate (switching)
network path
Activity Data
Copyright 2015 Oracle and/or its affiliates. All rights reserved.
Todays Agenda
1
Q&A
59
12.2
66
67