An Oracle White Paper January 2011. Oracle Database Firewall



Similar documents
An Oracle White Paper January Oracle Database Firewall

An Oracle White Paper June Oracle Database Firewall 5.0 Sizing Best Practices

An Oracle White Paper April Oracle Audit Vault and Database Firewall

An Oracle White Paper May Oracle Audit Vault and Database Firewall 12.1 Sizing Best Practices

An Oracle White Paper July Introducing the Oracle Home User in Oracle Database 12c for Microsoft Windows

An Oracle White Paper February Oracle Data Integrator 12c Architecture Overview

An Oracle White Paper March Managing Metadata with Oracle Data Integrator

An Oracle White Paper June Security and the Oracle Database Cloud Service

An Oracle Communications White Paper December Serialized Asset Lifecycle Management and Property Accountability

An Oracle White Paper November Oracle Business Intelligence Standard Edition One 11g

The Oracle Mobile Security Suite: Secure Adoption of BYOD

White Paper. Protecting Databases from Unauthorized Activities Using Imperva SecureSphere

Oracle SQL Developer Migration

An Oracle White Paper September Oracle Database and the Oracle Database Cloud

ORACLE VM MANAGEMENT PACK

An Oracle White Paper October Oracle Data Integrator 12c New Features Overview

An Oracle White Paper November Leveraging Massively Parallel Processing in an Oracle Environment for Big Data Analytics

An Oracle White Paper December The Value of Diameter Signaling in Security and Interworking Between 3G and LTE Networks

An Oracle White Paper May Distributed Development Using Oracle Secure Global Desktop

An Oracle White Paper Dec Oracle Access Management Security Token Service

G Cloud 7 Pricing Document

An Oracle White Paper September Directory Services Integration with Database Enterprise User Security

An Oracle White Paper February Integration with Oracle Fusion Financials Cloud Service

An Oracle White Paper December Implementing Enterprise Single Sign-On in an Identity Management System

An Oracle White Paper June Oracle Database 11g: Cost-Effective Solutions for Security and Compliance

G Cloud 7 Pricing Document

APPLICATION MANAGEMENT SUITE FOR SIEBEL APPLICATIONS

An Oracle White Paper August Oracle Database Auditing: Performance Guidelines

WEBLOGIC SERVER MANAGEMENT PACK ENTERPRISE EDITION

Oracle Directory Services Integration with Database Enterprise User Security O R A C L E W H I T E P A P E R F E B R U A R Y

An Oracle White Paper May 2011 BETTER INSIGHTS AND ALIGNMENT WITH BUSINESS INTELLIGENCE AND SCORECARDS

An Oracle White Paper October An Integrated Approach to Fighting Financial Crime: Leveraging Investments in AML and Fraud Solutions

An Oracle White Paper April, Effective Account Origination with Siebel Financial Services Customer Order Management for Banking

An Oracle White Paper January Using Oracle's StorageTek Search Accelerator

An Oracle White Paper July Oracle Desktop Virtualization Simplified Client Access for Oracle Applications

FAQ: How to create Effective Messages

Oracle Whitepaper April Security and the Oracle Database Cloud Service

An Oracle White Paper May Oracle Database Cloud Service

An Oracle White Paper December Tutor Top Ten List: Implement a Sustainable Document Management Environment

APPLICATION MANAGEMENT SUITE FOR ORACLE E-BUSINESS SUITE APPLICATIONS

March Oracle Business Intelligence Discoverer Statement of Direction

An Oracle White Paper October BI Publisher 11g Scheduling & Apache ActiveMQ as JMS Provider

An Oracle White Paper June Security and Compliance with Oracle Database 12c

An Oracle White Paper November Upgrade Best Practices - Using the Oracle Upgrade Factory for Siebel Customer Relationship Management

An Oracle White Paper June Tackling Fraud and Error

An Oracle White Paper June, Provisioning & Patching Oracle Database using Enterprise Manager 12c.

An Oracle White Paper June Creating an Oracle BI Presentation Layer from Imported Oracle OLAP Cubes

How To Use An Orgs.Org Database With An Orgorora Cloud Management Pack For Database (For Cloud)

Comparing Session Border Controllers to Firewalls with SIP Application Layer Gateways in Enterprise Voice over IP and Unified Communications Scenarios

Migrating Non-Oracle Databases and their Applications to Oracle Database 12c O R A C L E W H I T E P A P E R D E C E M B E R

Top Ten Reasons for Deploying Oracle Virtual Networking in Your Data Center

An Oracle White Paper November Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime

Oracle Fusion Middleware

ORACLE FINANCIAL SERVICES ANALYTICAL APPLICATIONS INFRASTRUCTURE

Oracle s Solution for Secure Remote Workers. Providing Protected Access to Enterprise Communications

An Oracle White Paper December Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance

How To Load Data Into An Org Database Cloud Service - Multitenant Edition

OpenLDAP Oracle Enterprise Gateway Integration Guide

Oracle Enterprise Manager

June, 2015 Oracle s Siebel CRM Statement of Direction Client Platform Support

An Oracle White Paper September Oracle WebLogic Server 12c on Microsoft Windows Azure

Using Symantec NetBackup with VSS Snapshot to Perform a Backup of SAN LUNs in the Oracle ZFS Storage Appliance

ORACLE CLOUD MANAGEMENT PACK FOR ORACLE DATABASE

Manage Oracle Database Users and Roles Centrally in Active Directory or Sun Directory. Overview August 2008

An Oracle White Paper May Creating Custom PDF Reports with Oracle Application Express and the APEX Listener

An Oracle White Paper December Integrating Oracle Enterprise Single Sign-On Suite Plus with Strong Authentication

Oracle Financial Management Analytics

The new Manage Requisition Approval task provides a simple and user-friendly interface for approval rules management. This task allows you to:

An Oracle Technical White Paper June Oracle VM Windows Paravirtual (PV) Drivers 2.0: New Features

Monitoring and Diagnosing Production Applications Using Oracle Application Diagnostics for Java. An Oracle White Paper December 2007

The Yin and Yang of Enterprise Project Portfolio Management and Agile Software Development: Combining Creativity and Governance

Oracle s BigMachines Solutions. Cloud-Based Configuration, Pricing, and Quoting Solutions for Enterprises and Fast-Growing Midsize Companies

An Oracle White Paper February Rapid Bottleneck Identification - A Better Way to do Load Testing

Oracle Data Integrator 12c (ODI12c) - Powering Big Data and Real-Time Business Analytics. An Oracle White Paper October 2013

Oracle SQL Developer Migration. An Oracle White Paper September 2008

An Oracle White Paper February Centralized vs. Distributed SIP Trunking: Making an Informed Decision

A Framework for Implementing World-Class Talent Management. The highest performing businesses are re-focusing on talent management

Oracle Enterprise Manager

An Oracle White Paper August Higher Security, Greater Access with Oracle Desktop Virtualization

Managed Storage Services

Migration Best Practices for OpenSSO 8 and SAM 7.1 deployments O R A C L E W H I T E P A P E R M A R C H 2015

Driving Down the High Cost of Storage. Pillar Axiom 600

An Oracle White Paper July Accelerating Database Infrastructure Using Oracle Real Application Clusters 11g R2 and QLogic FabricCache Adapters

ORACLE MANAGED FILE TRANSFER

An Oracle Best Practice Guide April Best Practices for Implementing Contact Center Experiences

An Oracle White Paper March Integrating the SharePoint 2007 Adapter with WebCenter Spaces ( & )

An Oracle White Paper June High Performance Connectors for Load and Access of Data from Hadoop to Oracle Database

An Oracle White Paper January Access Certification: Addressing & Building on a Critical Security Control

An Oracle White Paper September Advanced Java Diagnostics and Monitoring Without Performance Overhead

Oracle Fusion Applications Splitting Topology from Single to Multiple Host Servers

An Oracle White Paper June RESTful Web Services for the Oracle Database Cloud - Multitenant Edition

Application and Database Security with F5 BIG-IP ASM and IBM InfoSphere Guardium

Microsoft Active Directory Oracle Enterprise Gateway Integration Guide

A Comprehensive Solution for API Management

Introduction. Automated Discovery of IT assets

An Oracle White Paper March Oracle s Single Server Solution for VDI

The Benefits of a Unified Enterprise Content Management Platform

Transcription:

An Oracle White Paper January 2011 Oracle Database Firewall

Introduction... 1 Oracle Database Firewall Overview... 2 Oracle Database Firewall... 2 White List for Positive Security Enforcement... 3 Black List for Negative Security Enforcement... 4 Exception List Security Enforcement... 4 Host-Based Monitors... 4 Oracle Database Firewall Management Server... 5 Policy Management... 5 Reporting... 5 User Role Auditing... 6 Stored Procedure Auditing... 6 Integration with F5 BIG IP ASM... 7 Integration with ArcSight... 7 Conclusion... 7 Oracle Database Firewall

Introduction While there will continue to be much publicized cases of lost or stolen laptops containing personally identifiable information (PII), attempts to steal large amounts of information through attacks on servers is becoming increasingly common. In fact the recently published 2010 Data Breach Investigations Report published by the Verizon Risk Team showed that 98% of data breached came from servers 1. Launching successful attacks on larger repositories can result in a more lucrative payday for the perpetrator and it goes without saying that application environments, data warehouses and database in general are becoming larger and more critical to business operations and thus pose a tempting target. While it is true that organized crime has become a major player in data breaches, insiders still account for a substantial number of data breaches. The 2010 Data Breach Investigations Report also noted that privilege misuse and hacking were the most common ways breaches occurred and frequently leveraged lost or stolen credentials and application SQL Injection vulnerabilities to gain unauthorized access. Securing data on servers requires multiple layers of protection spanning both technical and administrative functions. Without question simple preventive measures such as disabling unused accounts and prohibiting shared administrative accounts go a long way toward raising the security bar. In addition, solutions such as encryption and privileged user controls inside the database play an important part in securing applications. Those solutions, however, do not monitor the SQL sent to the database over the trusted connection path. Oracle Database Firewall enables perimeter security controls, providing a first line of defense around Oracle and non-oracle databases. 1 2010 Data Breach Investigations Report (Verizon Business) 1

Oracle Database Firewall Overview Oracle Database Firewall is an active, real-time database firewall solution that provides white list, black list and exception list policies, intelligent and accurate alerts, and monitoring with very low management and administrative costs. Oracle Database Firewall is independent of the database configuration and operation. This independent boundary of protective shielding helps reduce the risk of data loss and helps organizations manage an ever changing landscape of regulations. Figure 1 - Oracle Database Firewall Unlike traditional SQL firewalls that relied on identifying out-of-policy SQL using strategies such as regular expressions, string matching, and schema comparison, Oracle Database Firewall delivers intelligent database firewall security, enabling policies to be set and adapted quickly and accurately. Organizations can choose to deploy Oracle Database Firewall in blocking mode as a database policy enforcement system to protect their database assets, or to just monitor database activity for supplemental auditing and compliance purposes. Oracle Database Firewall monitors data access, enforces access policies, highlights anomalies and helps protect against network based attacks originating from outside or inside. Attacks based on SQL injection can be blocked by comparing SQL against the approved white list of application SQL. Oracle Database Firewall is unique and offers organizations a first line of defense, protecting databases from threats and helping meet regulatory compliance requirement. Oracle Database Firewall Oracle Database Firewall is installed on the network either on a bridge or a span port and monitors every SQL transaction request. SQL statements are processed using powerful grammar-based analysis engine that decomposes and categorizes the SQL. In addition to purely looking at the SQL statement, policies can evaluate factors such as IP address, time, and program name. 2

Figure 2 - Oracle Database Firewall Deployment Topology A single Oracle Database Firewall can monitor and protect many databases at once. Oracle Database Firewall can be deployed in multiple scenarios: In-line network blocking mode and out-of-band passive network monitoring. In-line means that the SQL traffic is passed through the Oracle Database Firewall and inspected before it is forwarded to the database or blocked. Out-of-band means that the SQL traffic is copied to Oracle Database Firewall while at the same time the SQL is sent directly to the database usually by mean of a span port. These can be used simultaneously for different databases. Heterogeneous, multi-database, enforcement. For example, one device can support Oracle 8i, Oracle Database 10g and Oracle Database 11g databases simultaneously, as well as SQL Server and Sybase databases. Combined deployments. In-line and/or out-of-band Oracle Database Firewall deployment can be combined with a local server-side, monitor-only agent for local connections. Oracle Database Firewall can be deployed a high availability configuration. It is recommended that two firewalls be deployed so that SQL monitoring is not interrupted. White List for Positive Security Enforcement Oracle Database Firewall enforces zero-defect database security policies using a white list security model. The white list policy is a set of approved SQL statements that can be sent to the database. Oracle Database Firewall compares SQL traffic with the approved white list and then based upon the policy, it chooses to block, substitute or alert on the SQL statement. The Oracle Database Firewall baseline can be configured to block all out-of-policy events. This can be implemented as Block the SQL statement Modify the request using SQL statement substitution Alert on all out of policy SQL statements, in addition to blocking or in lieu of 3

In many cases, the best solution is to apply statement substitution. Statement substitution provides a means of making Oracle Database Firewall transparent to detection by hackers and is more transparent to the existing application. In simple terms statement substitution is the process of taking an out-of-policy statement and changing it for a new statement that will not return any data. TABLE 1. EXAMPLES OF ORACLE DATABASE FIREWALL SQL STATEMENT SUBSTITUTION ORIGINAL STATEMENT (FRAUDULENT) SUBSTITUTED STATEMENT DATABASE RESPONSE (RESULT) SELECT * FROM tbl_users; SELECT * FROM tbl_users WHERE 'a' = 'b'; No record found. DROP TABLE tbl_accounts; SELECT * FROM aaabbbccc; Error. Table not known. UPDATE tbl_accounts SET accounts = '123' WHER user = 'Fred'; SELECT DUAL SET 'Fred'; Error. Incorrect Syntax. Black List for Negative Security Enforcement In addition to the white list, positive security enforcement model, Oracle Database Firewall also supports a black list model that enables policies to specify blocking of specific SQL statements. As with white list policies, black list policies can be configured to allow specific statements based on factors such as IP address, time of day and program. Exception List Security Enforcement Exception lists policies supplement white list and black list policies by allowing specific policies to be created for specific activities. For example, exception list policies could be used to enable a remote administrator to diagnose a particular application performance issue. Host-Based Monitors Oracle Database Firewall also provides very lightweight host-based monitors or agents that monitor databases. The host monitor sends the information to the Oracle Database Firewall for monitoring, logging and alerting purposes. The characteristics and operation of the Oracle Database Firewall monitors are listed in the Table 1. TABLE 2. CHARACTERISTICS AND OPERATION OF ORACLE DATABASE FIREWALL MONITORS MONITOR TYPE OPERATION METHODS Remote Monitor Software monitor (agent) installed on the host operating system. Agent monitors specified network traffic bound for one or many database schemas or catalogs. Captures SQL transactions and sends back traffic to the Oracle Database Firewall for real-time alerting, post-event compliance, and monitoring reports. A Remote Monitor is used when the Oracle Database Firewall cannot be deployed in front of the database host to capture incoming SQL. 4

Local Monitor Additional tables are installed into the monitored databases to capture SQL traffic that originates from sources that have direct access to the database, such as console users or batch jobs that run on the database server. The Oracle Database Firewall collects the data by querying the database at regular intervals, and then uses the data in the same manner as statements originating from database clients. Depending on the design of the policy, the statements may be logged and/or produce alerts. Figure 3 - Oracle Database Firewall Local Monitor Oracle Database Firewall Management Server The Oracle Database Firewall Management Server centrally manages Oracle Database Firewall policies, consolidates data from the Oracle Database Firewalls, stores database activity data, and provides dozens of out-of-the-box reports. Policy Management Oracle Database Firewall delivers simple and easy to use policy management tools that build upon the powerful strengths of the SQL grammar-based analysis approach. Oracle Database Firewall can define a white list of approved SQL language for a given database and define a positive security model. Oracle Database Firewall policy management groups queries together that have the same effect on the database. Oracle Database Firewall allows factors such as IP addresses, client programs, and time of day to be associated with SQL. When the Oracle Database Firewall policy management uses factors on the network, fine-grained and powerful policies can be built to determine when, where, and how changes in a production environment occur. Reporting Oracle Database Firewall ships with dozens of predefined reports that can be used for Sarbanes-Oxley (SOX), Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GBLA) and other privacy and compliance regulations. Oracle Database Firewall records all available details about events and makes all of the 5

event attributes available for detailed or summary reporting. Oracle Database Firewall reports can be customized and new reports added. Reports can be scheduled and customized to include summary information such as totals, averages, percentages, top 10, and bottom 10. Summary informationn can operate on parameters that include numbers, strings, and dates and can reference pre-defined statistical, arithmetic, or even user-defined operations. All reports can be scheduled to run at predefined intervals or on an ad-hoc basis. All scheduled reports can be emailed to address lists or to public folders in email systems like Microsoft exchange or IBM Louts notes. Report formats are PDF or native Excel. User Role Auditing Oracle Database Firewall User Role Auditing (URA) allows customers to audit and approve changes to user roles in the databases on a specified database server. Oracle Database Firewall connects to the database server at scheduled intervals and determines which changes or additions (if any) have been made to view: Changes made to database roles and privileges When the changes were detected W Changes are pending approval Using the administration console it is also possible to monitor changes and examine a history of previous approvals. Stored Procedure Auditing Oracle Database Firewall Stored Procedure Audit (SPA) provides auditing functions to determine the contents and statess of stored procedures on each protected database. The SPA functionality connects to the database server and retrieves informationn about stored procedures. A stored procedure audit reveals the following data on each stored procedure: Fully qualified name and owner 6

Type of stored procedure, date created, last modified, details of any modification Action of stored procedure (DML, DCL, DDL, DML etc.) Threat rating based on key SQL grammar such as SYSTEM, UPDATE, etc. With SPA, any changes to the stored procedures are detected and the actual change is highlighted in precise detail and automated reports can be scheduled for distribution to interested parties. Integration with F5 BIG IP ASM Oracle Database Firewall integrates with F5 BIG-IP Application Security Manager using a plug-in connector. The combination of Oracle Database Firewall and F5 BIG-IP Application Security Manager enables security and monitoring for both applications and databases within an enterprise. If you are also using the BIG-IP ASM interface, and an attack originates from the internet, Database Firewall provides the actual IP address and application user of the attacking Web client. This feature enables you to pinpoint the source of the internet-based attack. You can configure the integration by using the Database Firewall Administration Console. Integration with ArcSight The ArcSight Security Information Event Management (SIEM) system is a centralized system for logging, analyzing, and managing log messages from different sources. ArcSight SIEM enables Oracle Database Firewall to provide full details of security alerts or other selected event types, including the message text, priority and IP address of any attacker. Conclusion Securing data on servers requires multiple layers of protection spanning both technical and administrative functions. Oracle Database Firewall delivers intelligent database firewall security, enabling policies to be set based on SQL grammar-based analysis approach. Oracle Database Firewall validates application SQL against white list, black list and exception list policies, and to prevent SQL injection from reaching the database to begin with. Oracle Database Firewall provides dozens of outof-the-box reports that assist with a wide range of privacy and compliance regulations, including SOX, HIPAA and PCI. Flexible deployment options include inline blocking and out-of-band passive monitoring of network SQL traffic. Oracle Database Firewall enables perimeter security controls, which strengthen database security by providing a first line of defense against threats originating from both outside and inside the organization. 7

January 2011 Oracle Corporation World Headquarters 500 Oracle Parkway Redwood Shores, CA 94065 U.S.A. Worldwide Inquiries: Phone: +1.650.506.7000 Fax: +1.650.506.7200 oracle.com Copyright 2011, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. UNIX is a registered trademark licensed through X/Open Company, Ltd. 0410

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information