<Insert Picture Here> Oracle Database Firewall: prvá línia obrany

Similar documents
Oracle Audit Vault and Database Firewall

An Oracle White Paper January Oracle Database Firewall

An Oracle White Paper January Oracle Database Firewall

Oracle Audit Vault and Database Firewall. Morana Kobal Butković Principal Sales Consultant Oracle Hrvatska

Oracle Corporation

Oracle Database Security

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

An Oracle White Paper April Oracle Audit Vault and Database Firewall

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Oracle Information Security Visioni

Complete Database Security. Thomas Kyte

An Oracle White Paper June Oracle Database Firewall 5.0 Sizing Best Practices

Hayri Tarhan, Sr. Manager, Public Sector Security, Oracle Ron Carovano, Manager, Business Development, F5 Networks

Installing and Configuring Guardium, ODF, and OAV

Database Security & Compliance with Audit Vault and Database Firewall. Pierre Leon Database Security

Real-Time Database Protection and. Overview IBM Corporation

MySQL Security: Best Practices

An Oracle White Paper May Oracle Audit Vault and Database Firewall 12.1 Sizing Best Practices

Database Security & Auditing

The Need for Real-Time Database Monitoring, Auditing and Intrusion Prevention

Protecting Sensitive Data Reducing Risk with Oracle Database Security

Enterprise Database Security & Monitoring: Guardium Overview

DMZ Gateways: Secret Weapons for Data Security

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Best Approaches to Database Auditing: Strengths and Weaknesses.

Auditing Data Access Without Bringing Your Database To Its Knees

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

How To Achieve Pca Compliance With Redhat Enterprise Linux

An Oracle White Paper June Oracle Database 11g: Cost-Effective Solutions for Security and Compliance

MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE

Guardium Change Auditing System (CAS)

White Paper. Protecting Databases from Unauthorized Activities Using Imperva SecureSphere

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

<Insert Picture Here> Oracle Database Security Overview

FREQUENTLY ASKED QUESTIONS

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Enforcive /Cross-Platform Audit

<Insert Picture Here> Oracle Database Vault

Oracle Database Security Solutions

Building A Secure Microsoft Exchange Continuity Appliance

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

Security It s an ecosystem thing

Securely maintaining sensitive financial and

VULNERABILITY & COMPLIANCE MANAGEMENT SYSTEM

White Paper. What Auditors Want Database Auditing. 5 Key Questions Auditors Ask During a Database Compliance Audit

APPLICATION COMPLIANCE AUDIT & ENFORCEMENT

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery

GFI White Paper PCI-DSS compliance and GFI Software products

McAfee Database Security. Dan Sarel, VP Database Security Products

Oracle Health Sciences Network. 1 Introduction. 1.1 General Security Principles

Critical Security Controls

Obtaining Value from Your Database Activity Monitoring (DAM) Solution

Architecture Overview

Privileged User Monitoring for SOX Compliance

Database security issues PETRA BILIĆ ALEXANDER SPARBER

RSA ACCESS MANAGER. Web Access Management Solution ESSENTIALS SECURE ACCESS TO WEB APPLICATIONS WEB SINGLE SIGN-ON CONTEXTUAL AUTHORIZATION

White Paper. Managing Risk to Sensitive Data with SecureSphere

How To Protect Data From Attack On A Computer System

Implementing Database Security and Auditing

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite

Securing Data in Oracle Database 12c

March

An Oracle White Paper April Security and Compliance with Oracle Database 12c

Information Security & Privacy Solutions Enabling Information Governance

Monitoring Microsoft SQL Server Audit Logs with EventTracker The Importance of Consolidation, Correlation, and Detection Enterprise Security Series

NitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring

Stronger database security is needed to accommodate new requirements

FISMA / NIST REVISION 3 COMPLIANCE

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

Global Partner Management Notice

OracleAS Identity Management Solving Real World Problems

How DataSunrise Helps to Comply with SOX, PCI DSS and HIPAA Requirements

McAfee Database Activity Monitoring 5.0.0

Introduction to IT Security

ICTN Enterprise Database Security Issues and Solutions

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

F5 and Microsoft Exchange Security Solutions

Security Trends and Client Approaches

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Quest InTrust. Version 8.0. What's New. Active Directory Exchange Windows

Identity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities

<Insert Picture Here> Playing in the Same Sandbox: MySQL and Oracle

IPLocks Vulnerability Assessment: A Database Assessment Solution

Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking

Securing OS Legacy Systems Alexander Rau

Enforcive / Enterprise Security

From Rivals to BFF: WAF & VA Unite OWASP The OWASP Foundation

Why Add Data Masking to Your IBM DB2 Application Environment

Intro to QualysGuard IT Compliance SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Building Energy Security Framework

Imperva SecureSphere Data Security

Mingyu Web Application Firewall (DAS- WAF) All transparent deployment for Web application gateway

Application and Database Security with F5 BIG-IP ASM and IBM InfoSphere Guardium

SWOT Assessment: BeyondTrust Privileged Identity Management Portfolio

8 Steps to Holistic Database Security

Oracle Privileged Account Manager 11gR2. Karsten Müller-Corbach

Database Auditing & Security. Brian Flasck - IBM Louise Joosse - BPSolutions

Transcription:

1

<Insert Picture Here> Oracle Database Firewall: prvá línia obrany Iveta Šťavinová Technology Pre Sales

Agenda What is Database Firewall Oracle Database Firewall Components and Deployment Modes Reporting 3

Why a Database Firewall? Customers need first line of defence to monitor and protect against existing and emerging threats Hackers breach databases from the web exploiting vulnerabilities in applications Stolen credentials exploited for unauthorized use Application Database Firewall Database 4

Oracle Database Firewall Differenciator Network packet Header (adderess) Payload (body/data) Trailer (footer) DB FW works with body Application Database Firewall Database 5

The cost of inaccuracy 0.0001% false negative rate: 26 successful attacks per day...it only takes one... 3,000 transactions per second 260 million transactions per day 0.001% false positive rate: 260 false positives per day 7,800 audit errors per month 6

Oracle Database Firewall First Line of Defense Monitor database activity and block unauthorized database access Highly accurate SQL grammar based analysis to enforce normal activity Built-in and custom compliance reports for SOX, PCI, and other regulations 7

Heterogeneous Database Support RDBMS platforms supported Oracle 8i, 9i, 10g, 11g MS-SQL 2000, 2005, 2008 Sybase 12.5.3 to 15 SQL Anywhere v10 DB2 for LUW Grammar engine Separate dialects of SQL 8

<Insert Picture Here> Oracle Database Firewall The Components 9

Oracle Database Firewall Basic Components Database Firewall Blocks unauthorized traffic Monitors access Database Firewall (HA Mode) Remote/Local Monitor Forwards network traffic Database Firewall Management Server Reports, archives repository Firewall mgmt, policy mgmt Alerts, integration Policy Analyzer Creates security policies Runs on Windows desktop 10

DB Firewall In-Line Deployment Application Servers Monitor Block Database Clients Oracle Database Firewall SQL traffic is inspected and verified against policy Also known as a Bridge or transparent bridge Sometimes only option if out-of-band ports are not available 11

Certified network kards Card Type Vendor Copper 10/100/1000 Interface Masters Niagara 32264 Fiber 10/100/1000 (SX and LX) for PCI-x Interface Masters Niagara 2282 (Dual) Interface Masters Niagara 2283 (Quad) Fiber 10/100/1000 (SX and LX) for PCI-e Interface Masters Niagara 2285 (Dual) Interface Masters Niagara 2284 (Quad) Fiber 10G (PCI-E) Interface Masters Niagara 32710 (Dual) 12

DB Firewall Out-Of-Line Deployment Monitor Block Application Servers Database Clients Oracle Database Firewall Also known as SPAN or Span port or Mirrored or Tap SQL logging and reporting only Easy to deploy, no risk of impacting databases or applications 13

DB Firewall Remote Monitoring Deployment Applicatio n Servers Oracle Database Firewall Monitor Block Remote Monitoring Agent Database Clients 14

DB Firewall Proxy-Mode Deployment Applicatio n Servers Monitor Block Oracle Database Firewall Database Clients 15

Oracle Database Firewall Host Based Monitors Two types of Monitors: Remote Monitor (spy) Local Monitor (don t work with network communication, works with local session, SSH session, keyboard, console Must be connected to the Oracle Database Firewall Optional and not required in most enterprise deployments 16

Oracle Database Firewall Remote Monitor Runs on the server operating system. Sends database transactions to Oracle Database Firewall Supported platforms is by OS -- and then by the RDBMS platforms that DBFW support: Linux AIX Unix Solaris SQL Log 17

Oracle Database Firewall Local Monitor Resides inside a database Monitors local / non-network access. Does not record duplicated statements, only record last statement Supported platforms are: Oracle 9i 11g MS-SQL 2005, 2008 Sybase 12.5.3 to 15 SQL Log Local session Application Adhoc tool SSH session Keyboard access 18

Oracle Database Firewall User Role Auditing Entitlement Reports User names User roles and privileges Last changed, changed by whom and when Automated and transparent User role auditing can be run ad-hoc or scheduled Report on user roles and privileges Deltas since the last report Workflow Changes can be marked as accepted or refused 19

Oracle Database Firewall Stored Procedure Auditing Stored procedure contents Its not enough to know a procedure was run, it is important to know what SQL was executed when the procedure is called. Stored procedure reports Name Content Threat rating (injection risk, system tables etc). Stored procedure type (DML, DDL, DCL, SELECT etc) Last changed, changed by whom and when Automated and transparent Stored procedure audit can be run adhoc or scheduled Workflow Changes can be marked as accepted or refused 20

<Insert Picture Here> Oracle Database Firewall accuracy 21

Policy Engines Why is Accuracy Important? 3,000 transactions per second = 260 Million per day 0.001% false positive rate = 7,800 audit errors per month High performance run-time matching ensure only appropriate SQL interactions are sent to a database. False positives detects when it should not False negatives avoid detection 0.0001% False Negative Rate Result In 26 Potential Attacks Per Day! 2011 Oracle Corporation 22

Issues with Regular Expresssions Fails to understand meaning, motives and intentions of SQL when you just use strings and text Good Statement SELECT * from dvd_stock where [catalog-no] = 'PHE8131' and location = 1 Bad Statement SQL injecton SELECT * from dvd_stock where [catalogno] = '' union select cardno, customerid, 0 from DVD_Orders --' and location = 1 2011 Oracle Corporation 23

Can you Tune Regular Expressions? union is bad when it appears near select u(?:nion\b.{1,100}?\bselect "(?:\b(?:(?:s(?:elect\b(?:.{1,100}?\b(?:(?:length count top)\b.{1,100}?\bfrom f rom\b.{1,100}?\bwhere).*?\b(?:d(?:ump\b.*\bfrom ata_type) (?:to_(?:numbe cha) inst)r)) p_(?:(?:addextendedpro sqlexe)c (?:oacreat prepar)e execute(?:sql)? ma kewebtask) ql_(?:longvarchar variant)) xp_(?:reg(?:re(?:movemultistring ad) del ete(?:value key) enum(?:value key)s addmultistring write) e(?:xecresultset numd sn) (?:terminat dirtre)e availablemedia loginconfig cmdshell filelist makecab n tsec) u(?:nion\b.{1,100}?\bselect tl_(?:file http)) group\b.*\bby\b.{1,100}?\bh aving d(?:elete\b\w*?\bfrom bms_java) load\b\w*?\bdata\b.*\binfile (?:n?varcha tbcreato)r)\b i(?:n(?:to\b\w*?\b(?:dump out)file sert\b\w*?\binto ner\b\w*?\bjo in)\b (?:f(?:\b\w*?\(\w*?\bbenchmark null\b) snull\b)\w*?\() a(?:nd\b?(?:\d{1,10} [\'\"][^=]{1,10}[\'\"])?[=<>]+ utonomous_transaction\b) o(?:r\b?(?:\d{1,10} [\'\"][^=]{1,10}[\'\"])?[=<>]+ pen(?:rowset query)\b) having\b?(?:\d{1,10} [\'\"][^=]{1,10}[\'\"])?[=<>]+ print\b\w*?\@\@ cast\b\w*?\() (?:;\W*?\b(?:shutdown drop) \@\@version)\ b '(?:s(?:qloledb a) msdasql dbo)') [Source: ModSecurity, Web Application Firewall, February 2009] Is this comprehensible or manageable? 2011 Oracle Corporation 24

False Positive and False Negative union is NOT universally bad when next to this select environment SELECT lastname from boys union SELECT lastname from girls union without saying it uni/* */on u/* */nion char(117,110,105,111,110) u n i o n 2011 Oracle Corporation 25

Understanding SQL SQL is an language with about 400 key words and a strict grammar structure UPDATE tbl_users SET comments = The user has asked for another account_no, SELECT id, username, and wishes password, to be billed acccount_no for services FROM between tbl_users 1/2/2009 WHERE and username 2/2/2009, = Bill and wants AND account_no to know where BETWEEN the invoice 1001000 should AND 1001012; be sent to. She will select the new service level agreement to run from 3/7/2009 next month WHERE id = A15431029 ; KEY WORDS SCHEMA DATA OPERATORS When the grammar of the language is understood, organizing the SQL into clusters reduces policy errors Cluster 1 : SELECT * FROM certs WHERE cert-type = '18 Cluster 2: SELECT * FROM dvd_stock WHERE catalog-no = 'PHE8131' and location = 1 When a SQL is not in a cluster, you can identify it as out-ofpolicy and apply rules to log, block, or pass it 2011 Oracle Corporation 26

Summary - understanding SQL Regular expressions Pattern matching does not understand SQL intention Can generate false positives and non-detection High maintenance Oracle Database Firewall Clusters are deterministic and provide accurate policy application Speed of lookup is constant in the number of clusters in the policy By understanding the SQL grammar, SQL injection and other out-of-policy SQL are detected as anomalies 27

<Insert Picture Here> Database Firewall reporting 28

Oracle Database Firewall Reporting Database Firewall log data consolidated into reporting database Dozens of built in reports that can be modified and customized Database activity and privileged user reports Entitlements reporting for database attestation and audit Supports demonstrating controls for PCI, SOX, HIPAA, etc. Logged SQL statements can be sanitized of sensitive PII data 29

Oracle Database Firewall Reporting Oracle Database Firewall Oracle Database Firewall Oracle Database Firewall Database Firewall log data consolidated into reporting database Over 130 built in reports that can be modified and customized Entitlements reporting for database attestation and audit Database activity and privileged user reports Supports demonstrating PCI, SOX, HIPAA/HITECH, etc. controls 30

Oracle Database Firewall Key Features Highly Accurate Unique and powerful SQL recognition technology 100% language based Uses grammatical analysis Highly Performant and Scalable Semantic clustering provides high-speed processing Scales per platform, rather than just adding platforms Manageability Fewer boxes to deploy and manage Database Firewall Local/Remote Monitors do not need to be upgraded if the RDBMS platform or OS is patches. No need to sign-on to individual Database Firewalls to administer. 31

Demonstrate Internal Controls Privacy and Compliance Reporting Over 100 pre-defined audit reports Create new reports and customize existing ones Report can be distributed to the security and compliance staff without human and/or DBA intervention Published reporting schema for customers to use their favorite reporting tools Flexible policies White list, Black list, and Exception policies User, Schema,. Factors such as IP addresses, OS users New queries, queries by SQL category etc 32

For More Information search.oracle.com Database security or oracle.com/database/security 33 33

34 34

35 35

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information