An Oracle White Paper August 2010. Oracle Database Auditing: Performance Guidelines



Similar documents
An Oracle White Paper July Introducing the Oracle Home User in Oracle Database 12c for Microsoft Windows

All About Oracle Auditing A White Paper February 2013

An Oracle White Paper June Oracle Database Firewall 5.0 Sizing Best Practices

G Cloud 7 Pricing Document

An Oracle White Paper June Security and the Oracle Database Cloud Service

G Cloud 7 Pricing Document

Oracle Database Auditing Performance Guidelines

An Oracle White Paper June High Performance Connectors for Load and Access of Data from Hadoop to Oracle Database

An Oracle Technical White Paper June Oracle VM Windows Paravirtual (PV) Drivers 2.0: New Features

An Oracle White Paper February Oracle Data Integrator 12c Architecture Overview

An Oracle White Paper November Oracle Business Intelligence Standard Edition One 11g

Performance with the Oracle Database Cloud

An Oracle White Paper May Distributed Development Using Oracle Secure Global Desktop

An Oracle Communications White Paper December Serialized Asset Lifecycle Management and Property Accountability

An Oracle Benchmarking Study February Oracle Insurance Insbridge Enterprise Rating: Performance Assessment

An Oracle White Paper July Oracle Linux and Oracle VM Remote Lab User Guide

An Oracle White Paper January Using Oracle's StorageTek Search Accelerator

An Oracle White Paper May Oracle Audit Vault and Database Firewall 12.1 Sizing Best Practices

ORACLE VM MANAGEMENT PACK

An Oracle White Paper March Managing Metadata with Oracle Data Integrator

How To Load Data Into An Org Database Cloud Service - Multitenant Edition

An Oracle White Paper June, Provisioning & Patching Oracle Database using Enterprise Manager 12c.

An Oracle White Paper September Oracle Database and the Oracle Database Cloud

An Oracle White Paper March Oracle s Single Server Solution for VDI

An Oracle White Paper October BI Publisher 11g Scheduling & Apache ActiveMQ as JMS Provider

An Oracle White Paper May Exadata Smart Flash Cache and the Oracle Exadata Database Machine

An Oracle White Paper September Advanced Java Diagnostics and Monitoring Without Performance Overhead

An Oracle White Paper May Oracle Database Cloud Service

Oracle SQL Developer Migration

An Oracle White Paper January Oracle Database Firewall

Driving Down the High Cost of Storage. Pillar Axiom 600

APPLICATION MANAGEMENT SUITE FOR SIEBEL APPLICATIONS

Fine Grained Auditing In Oracle 10G

An Oracle White Paper April How to Install the Oracle Solaris 10 Operating System on x86 Systems

An Oracle White Paper April, Effective Account Origination with Siebel Financial Services Customer Order Management for Banking

ORACLE INFRASTRUCTURE AS A SERVICE PRIVATE CLOUD WITH CAPACITY ON DEMAND

An Oracle White Paper June RESTful Web Services for the Oracle Database Cloud - Multitenant Edition

An Oracle Technical Article November Certification with Oracle Linux 6

Oracle Insurance General Agent Hardware and Software Requirements. Version 8.0

Top Ten Reasons for Deploying Oracle Virtual Networking in Your Data Center

An Oracle White Paper February Rapid Bottleneck Identification - A Better Way to do Load Testing

An Oracle White Paper July Oracle Desktop Virtualization Simplified Client Access for Oracle Applications

Oracle Whitepaper April Security and the Oracle Database Cloud Service

APPLICATION MANAGEMENT SUITE FOR ORACLE E-BUSINESS SUITE APPLICATIONS

An Oracle White Paper August Automatic Data Optimization with Oracle Database 12c

Managed Storage Services

An Oracle White Paper September Oracle WebLogic Server 12c on Microsoft Windows Azure

An Oracle White Paper January Oracle Database Firewall

An Oracle White Paper September Directory Services Integration with Database Enterprise User Security

An Oracle Technical Article March Certification with Oracle Linux 7

An Oracle White Paper August Oracle VM 3: Application-Driven Virtualization

An Oracle White Paper June Oracle Linux Management with Oracle Enterprise Manager 12c

October Oracle Application Express Statement of Direction

An Oracle White Paper May Creating Custom PDF Reports with Oracle Application Express and the APEX Listener

Oracle Fusion Applications Splitting Topology from Single to Multiple Host Servers

Oracle Directory Services Integration with Database Enterprise User Security O R A C L E W H I T E P A P E R F E B R U A R Y

March Oracle Business Intelligence Discoverer Statement of Direction

An Oracle White Paper August Oracle VM 3: Server Pool Deployment Planning Considerations for Scalability and Availability

An Oracle White Paper June Creating an Oracle BI Presentation Layer from Imported Oracle OLAP Cubes

APPLICATION MANAGEMENT SUITE FOR ORACLE E-BUSINESS SUITE APPLICATIONS

All About Oracle Auditing Everything You Need to Know

An Oracle White Paper August Higher Security, Greater Access with Oracle Desktop Virtualization

An Oracle Technical White Paper November Oracle Solaris 11 Network Virtualization and Network Resource Management

An Oracle White Paper June Introduction to Determinations Engines

An Oracle White Paper February Integration with Oracle Fusion Financials Cloud Service

An Oracle Technical White Paper May How to Configure Kaspersky Anti-Virus Software for the Oracle ZFS Storage Appliance

A Framework for Implementing World-Class Talent Management. The highest performing businesses are re-focusing on talent management

An Oracle White Paper July Accelerating Database Infrastructure Using Oracle Real Application Clusters 11g R2 and QLogic FabricCache Adapters

THE NEW BUSINESS OF BUSINESS LEADERS. Hiring and Onboarding

An Oracle White Paper May 2011 BETTER INSIGHTS AND ALIGNMENT WITH BUSINESS INTELLIGENCE AND SCORECARDS

An Oracle Technical Article October Certification with Oracle Linux 5

WEBLOGIC SERVER MANAGEMENT PACK ENTERPRISE EDITION

Oracle Fusion Middleware

ORACLE OPS CENTER: VIRTUALIZATION MANAGEMENT PACK

Oracle Primavera Gateway

WebSphere MQ Oracle Enterprise Gateway Integration Guide

An Oracle White Paper September Oracle Database Smart Flash Cache

An Oracle White Paper December Tutor Top Ten List: Implement a Sustainable Document Management Environment

An Oracle Best Practice Guide April Best Practices for Knowledgebase and Search Effectiveness

Load Testing Hyperion Applications Using Oracle Load Testing 9.1

An Oracle White Paper December Advanced Network Compression

Oracle Audit in a Nutshell - Database Audit but how?

An Oracle White Paper June How to Install and Configure a Two-Node Cluster

Oracle Cloud Platform. For Application Development

An Oracle White Paper January Oracle Database 12c: Full Transportable Export/Import

SIX QUESTIONS TO ASK ANY VENDOR BEFORE SIGNING A SaaS E-COMMERCE CONTRACT

OpenLDAP Oracle Enterprise Gateway Integration Guide

An Oracle White Paper November Leveraging Massively Parallel Processing in an Oracle Environment for Big Data Analytics

SaaS Data Architecture. An Oracle White Paper Oct 2008

An Oracle White Paper November Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime

Oracle TimesTen In-Memory Database on Oracle Exalogic Elastic Cloud

An Oracle White Paper June Tackling Fraud and Error

Deploying Oracle Database 12c with the Oracle ZFS Storage Appliance

Migrating Non-Oracle Databases and their Applications to Oracle Database 12c O R A C L E W H I T E P A P E R D E C E M B E R

Oracle s BigMachines Solutions. Cloud-Based Configuration, Pricing, and Quoting Solutions for Enterprises and Fast-Growing Midsize Companies

An Oracle White Paper July Oracle Primavera Contract Management, Business Intelligence Publisher Edition-Sizing Guide

An Oracle White Paper June Oracle Database 11g: Cost-Effective Solutions for Security and Compliance

Oracle Utilities Customer Care and Billing Release Utility Reference Model Process Customer Request For Literature and Forms

An Oracle White Paper March Oracle Transparent Data Encryption for SAP

An Oracle White Paper March Integrating the SharePoint 2007 Adapter with WebCenter Spaces ( & )

Transcription:

An Oracle White Paper August 2010 Oracle Database Auditing: Performance Guidelines

Introduction Database auditing has become increasingly important as threats to applications become more sophisticated. In fact, the use of Oracle database auditing has steadily increased over the past decade and today is mandatory in many organizations. Surveys conducted with the Independent Oracle User Group (IOUG) have consistently shown over 50% of the respondents use some level of native Oracle database auditing. Database auditing is generally used to: Provide proof of monitoring internal controls to auditors Provide reports on changes to the database environment to auditors Act as a deterrent to unauthorized activity Assist with investigations of data breaches or other suspicious activity Detect when an attempt is made to bypass a security control Database auditing monitors and records activity that occurs in the database. Oracle database auditing has been enhanced with each successive release of the database and today provides highly customizable auditing that can be fine tuned to specific security requirements. Oracle9i Database introduced the Fine Grained Auditing (FGA) feature, enabling audit policies to be associated with application tables. Oracle Database 11g enhancements include the ability to audit based on connection factors such as IP address and new built-in manageability features that eliminate the storage and administration costs associated with audit data on the production server. Perhaps the most common question that arises when it comes to any security solution is What about performance overhead? This is especially true in the case of commercial organizations where response times and availability impact the bottom line. As with any security control, database auditing does require additional system resources. This paper helps you estimate impact on application throughput and CPU usage when enabling auditing policies in the Oracle database. To understand the impact of Oracle database auditing, let s first review how Oracle auditing is configured. 1

Database Auditing Overview Oracle auditing can be divided into two basic categories: standard auditing and FGA. Standard auditing provides the ability to audit based on user, privileges, schemas objects, and statements. For example, it can be based on a specific type of SQL statement (create, alter, update, delete, ). FGA provides the ability to audit access to specific application table columns conditionally based on factors such as IP address or the program name used to connect to the database. Starting with Oracle Database 11g, the Oracle Database Configuration Assistant (DBCA) can automatically configure Oracle recommended minimum audit settings for compliance and internal controls. These audit settings are associated with important security relevant SQL statements and privileges and are listed in the Oracle security documentation. After creating a database with DBCA, the database will audit the following privileges and SQL statements by default: ALTER ANY PROCEDURE CREATE ANY TABLE GRANT ANY OBJECT PRIVILEGE ALTER ANY TABLE CREATE EXTERNAL JOB GRANT ANY PRIVILEGE ALTER DATABASE CREATE PUBLIC DATABASE GRANT ANY ROLE LINK ALTER PROFILE CREATE SESSION PROFILE ALTER SYSTEM CREATE USER PUBLIC SYNONYM ALTER USER DATABASE LINK ROLE AUDIT SYSTEM DROP ANY PROCEDURE SYSTEM AUDIT CREATE ANY JOB DROP ANY TABLE SYSTEM GRANT CREATE ANY DROP PROFILE LIBRARY CREATE ANY PROCEDURE DROP USER Table 1 Oracle Database 11g Default Audit Settings Oracle Database Audit Trails The Oracle database can write audit records to a database table or an operating system file. If you choose to write the audit record to an operating system file, you can direct it to be text based, XML formatted, or written directly to the SYSLOG on Unix and Linux or the Event Viewer on Windows. The Oracle database OS audit files can be text based with an extension of.aud or XML format with an extension of.xml. 2

Configuring the Oracle Database Audit Trail The database parameters (<sid>init.ora) that direct standard audit records are as follows: Parameter Value Description audit_trail DB Write the standard audit content to sys.aud$ table DB, EXTENDED OS XML XML, EXTENDED Write standard audit content to sys.aud$ along with the SQL text and bind variable content that was executed for that SQL Write the standard audit content to text files Write the standard audit content and FGA audit content to an XML formatted file Write the standard audit content and FGA content to an XML formatted file along with SQL text and bind variable content. audit_sys_operations TRUE/FALSE Audits all top-level SYSDBA and SYSOPER activity. These audit records are only written to OS files irregardless of the audit_trail parameter setting. audit_syslog_level <FACILITY_CLAUSE. PRIORITY_CLAUSE> Provides level information for the syslog. audit_file_dest <OS_DIRECTORY> Specifies the OS directory location to write the OS and XML audit files Table 2 Oracle Database Auditing Parameters FGA enables you to create policies that define specific conditions that must take place for the audit to occur. To add and remove fine-grained auditing, you use the DBMS_FGA package. An FGA audit policy allows you to apply it to the specific operations or objects you want to monitor. FGA enables you to monitor data access based on session context or data values. FGA can provide: Boolean condition check. If the Boolean condition you specify is true, for example, a table being accessed on a Saturday, then the audit takes place SQL text and bind variables that triggered the audit Extra protection to sensitive columns. You can audit specific relevant columns that may hold sensitive information, such as salaries or social security numbers Event handler feature to execute additional processing 3

Audit Trail Management It is important to manage your audit records properly in order to ensure efficient performance and disk space management. The DBMS_AUDIT_MGMT package enables you to efficiently manage your audit trail records by providing the following capabilities. Perform cleanup operations on all audit trail types. Audit trails can be cleaned based on the Last Archive Timestamp value. The Last Archive Timestamp represents the timestamp of the most recent audit record that was securely archived. Move the database audit trail tables out of the SYSTEM tablespace. This improves overall database performance by reducing the load on the SYSTEM tablespace and dedicates an optimized tablespace for audit records. Manage your operating system and XML audit files. You can define properties like the maximum size and age of an audit file. This enables you to keep the file sizes of OS and XML audit files in check. For optimal performance, Oracle recommends the following auditing best practices for auditing when writing to database tables and OS files. Optimize Space Management - create an audit specific, user-defined tablespace, for example AUDSYS, with pre-created sized (1GB) extents for audit trail tables. Load Distribution - move audit trail tables, sys.aud$ and sys.fga_log$ to this new user-defined tablespace. Reduce number of OS audit files - set larger file-size (100MB) for OS audit files using the DBMS_AUDIT_MGMT package. Performance Testing Results To demonstrate the resources used by the Oracle database with auditing turned on, testing was performed based on the destination where the audit records are being written (database table sys.aud$ or operating system file (OS)) with a TPC-C like workload generating approximately 250 audit records per second. A TPC-C like workload is used since it provides standardized OLTP database activity for complex application environments. The workload is characterized by simultaneous execution of multiple transaction types that span breadth of complexity that are common across all industries. Machine Configuration The Oracle Database Release 11.2.0.1 was installed on hardware with the following configuration: 4 x 3.40 GHz Xeon CPUs 4 GB memory x86_64 Linux The database also included the following patches: 4

Remove Oracle database OS flush call after every XML audit write and rely on the Operating System to flush the writes to disk. (9078032) Remove XML Index file. (8880803) Audit Performance Overhead To simulate a real-world scenario, a standard workload was created to use 50% of system resource before auditing was initiated. For each test run, the following results were recorded: Throughput: Additional time used by the transaction after auditing was turned on Additional CPU Usage: Measured additional CPU after auditing was turned on For standard database auditing, a test was created to generate approximately 250 audit records per second using the Oracle database standard audit command. Audit Trail Setting Additional Throughput Time Additional CPU Usage OS 1.39% 1.75% XML 1.70% 3.51% XML, Extended 3.70% 5.26% DB 4.57% 8.77% DB, Extended 14.09% 15.79% Table 3 Oracle Database 11.2.01 Standard Audit Trail with 50% CPU System Load For FGA, a test was created to generate approximately 200 audit records per second using the DBMS_FGA package. The condition of the audit policy creates an audit record when an UPDATE or SELECT occurs on the TPCC.ORDL table and the client_identifier value is equal to NULL. dbms_fga.add_policy ( object_schema => 'TPCC', object_name => 'ORDL', policy_name => 'Config_A', audit_condition => 'SYS_CONTEXT(''USERENV'',''CLIENT_IDENTIFIER'') IS NULL', statement_types => 'UPDATE, SELECT', audit_trail => DBMS_FGA.XML +DBMS_FGA.EXTENDED); 5

Audit Trail Setting Additional Throughput Time Additional CPU Usage XML 3.66% 4.35% XML, Extended 4.62% 9.09% DB 6.60% 11.11% DB, Extended 9.61% 20% Table 4 Oracle Database 11.2.01 Fine Grained Audit Trail with 50% CPU System Load Based on the results, it shows that writing audit records to OS files, whether that be character based or XML based, has the least impact to system resources. As part of the test, 200+ audit records per second were generated. In general, this is a higher number of audit records than most environments generate. When writing less than 200 audit record per second, you will use less system resources. Results can vary from system to system and should be tested in your environment. Conclusion Threats to applications have become more sophisticated and database auditing plays an important part not only in helping detect suspicious behavior but providing proof of controls to auditors. Oracle database auditing has minimal impact on performance even for very high audit trail loads. For optimal performance, Oracle recommends writing database audit records to the operating system (OS) and setting larger file sizes for the OS audit files. Oracle security documentation provides best practice recommendations on minimal audit settings for both compliance and internal controls. Auditing inside the database, should be part of your defense-in-depth architecture. 6

Oracle Database Auditing: Performance Guidelines August 2010 Author: Tammy Bednar Contributing Authors: Oracle Corporation World Headquarters 500 Oracle Parkway Redwood Shores, CA 94065 U.S.A. Copyright 2010, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Worldwide Inquiries: Phone: +1.650.506.7000 Fax: +1.650.506.7200 oracle.com AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. UNIX is a registered trademark licensed through X/Open Company, Ltd. 0110

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information