Presentation is loading. Please wait.

Presentation is loading. Please wait.

1. Real-World Deployment and Best Practices with Oracle Advanced Security Kurt Lysy, Principal Product Manager, Oracle Database Security Matthew Stewart,

Published byErica Watson Modified over 8 years ago

Similar presentations

Presentation on theme: "1. Real-World Deployment and Best Practices with Oracle Advanced Security Kurt Lysy, Principal Product Manager, Oracle Database Security Matthew Stewart,"— Presentation transcript:

1 1

2 Real-World Deployment and Best Practices with Oracle Advanced Security Kurt Lysy, Principal Product Manager, Oracle Database Security Matthew Stewart, Director, Information Security, Robert Morris University

3 3 Program Agenda Oracle Defense-in-Depth Solutions Oracle Advanced Security Overview Robert Morris University Presentation Q&A

4 4 Oracle Database Security Defense-in-Depth Access Control Oracle Database Vault Oracle Label Security Oracle Advanced Security Oracle Secure Backup Oracle Data Masking Encryption and Masking Auditing and Monitoring Oracle Audit Vault Oracle Configuration Management Oracle Total Recall Oracle Database Firewall Blocking and Logging 4

5 5 5 Oracle Advanced Security Transparent Data Encryption (TDE) Disk Backups Exports Off-Site Facilities Efficient encryption of all application data Built-in key lifecycle management No application changes required Works with Exadata V2 Works with Oracle Advanced Compression Application

6 6 6 Oracle Advanced Security Key Features Network Encryption Strong Authentication RMAN / TDE Fully Encrypted Database Backups to Disk Hardware Security Module Master Key Oracle Wallet Encrypted Exports

7 7 7 Oracle Advanced Security Creating Encrypted Tablespaces

8 8 8 Oracle Advanced Security Configuring TDE Column Encryption

9 9 Robert Morris UniversityPresentation

10 About Robert Morris University Pittsburgh 1921 5000 | 15:1 Students from nearly every state and 40 countries from Brazil to Vietnam. 93 percent of our graduates get jobs in their field within six months of graduation D-1 Sports The "Financier of the American Revolution." He isn’t as famous as his friend George Washington, but without Robert Morris, the American colonies’ bold attempt to throw off British rule never could have succeeded.

11 IT Sec at RMU The mission of RMU's Information Security team is to deliver an information security program that helps to safeguard the University's information and assets while maintaining an open educational environment that is compliant with regulatory standards. To accomplish this mission, the Information Security team has many goals including assess current policies and procedures, develop new policies to protect University resources, assist in establishing and strengthening technical baselines to protect university technical assets, react to incidents that endanger the Institute's information, proactively assess and monitor for possible security weaknesses, and educate the University community about relevant security threats. IT Team of 20 Security Team of 2  With a tight budget

12 IT Sec at RMU Many Responsibilities Including:  Information Security Security Assessments Intrusion Analysis Secure Network Design Incident Response Firewall Architectures Vulnerability Assessment Training/Instruction Policy Development Records Retention Change Management Negotiations /Procurement Computer Forensics Data Loss Prevention Encryption Web Application Security Database Security Audit/Compliance End Point Security Patch Management Network Access Control Antivirus/Anti-Spyware Content Management SIEM

13 Threats against RMU Hackers Insiders Students Malware Phishing Physical Theft Access Mistakes Feb 2007 Ohio State University. Database compromise at least 14,000 staff data compromised. Another separate incident in Feb. had 3,500 students data compromised Aug 2008 Laptop With Social Security Numbers Stolen From University of Pittsburgh June 2010 a bot infection compromised 15,806 Social Security numbers, stored in a university database at Penn State University

14 Federal PA and Other FERPA HIPAA GLBA Red Flags PA Breach and notification Mass. Law Ch. 93H PCI Compliance NCAA Government Regulations

15 Where We Were We were in pretty bad shape…… Oracle 8.1 Poor patch cycles Too much access to way too many people No web input sanitization Very open…………Very Vulnerable

16 Layered Security Approach Layer #1 – Proactive Software Assurance  Applications: Web/Database Layer #2 - Blocking Attacks: Network-Based  Firewalls, Email Filtering Layer #3 - Blocking Attacks: Host-Based  Antivirus, Secure Configurations Layer #4 - Eliminating Security Vulnerabilities  Scanning, Patch Management Layer #5 - Safely Supporting Authorized Users  Encryption, Data Leak Prevention Layer #6 - Tools to Manage Security & Maximize Effectiveness  Training, Organizational Memberships and Awareness ***Diversity is amongst ALL layers***

17 Where We Are Moving to Oracle Database 11g on 64-bit Enterprise Linux Oracle Advanced Security Patch management process Input sanitization Reduced access…. Not perfect yet but good progress Web defenses

18 Where We Are Oracle Adv. Security provides us with  Network Encryption  Encryption of data in motion  Transparent Data Encryption (TDE)  Encryption of data at rest  Tablespace TDE  Strong authentication (certificate-based authentication)

19 Where We Are At-rest data encryption feature only in Oracle Database 11g Based on block level encryption that encrypts on writes and decrypts on reads Data is encrypted/decrypted at the I/O (block) level and not in memory (unlike TDE column encryption, which performs the encryption in the PGA of the server process) Only encryption penalty is associated with I/O, so encryption performance overall is better than for TDE column encryption SQL access paths are unchanged and all data types are supported (could be some I/O penalty assigned by the CBO, however)

20 How Did We Get There? Week 1, 2 days:  SSCP kickoff meeting : Overview of network encryption and TDE  Identified application data to be encrypted  Ran healthcheck script in upgrade environment  Create initial draft of TDE tablespace encryption functional use cases Week 2, 2 days:  Deployed TDE tablespace encryption in upgrade environment  Performed use case testing of TDE tablespace encryption Week 3, 4 days:  Complete deployment of TDE tablespace encryption  Deploy network encryption in upgrade environment  Perform use case testing of network encryption  Knowledge transfer sessions

21 Performance Testing The approach taken for each four test queries was to take event 10046 level 12 SQL traces within SQL Plus using the procedure DBMS_SYSTEM.SET_EV, followed by running each generated tracefile through TKPROF. The level 12 SQL traces were performed in each of the three test configurations. The applications team identified a set of five core test application queries that would be tested and performance compared across the configurations:  student registration via Patriot client  checksheet batch processing  IRSE load processing  nightly processing  catalog course search

22 Performance Testing Results (secs)

23 Where We Are Going ASO Audit Vault Databas e Vault Data Masking

24 24 What is the Security Pack? A team of deployment security experts to assist customers with going live with our database security products Products that we assist with: – Advanced Security, Database Vault, Audit Vault, Label Security, Database Firewall Customer agrees to be a reference Have your Oracle account rep nominate you for this valuable program!

25 25 More Oracle Database Security Presentations Monday: – 12:30 pm: Making a Business Case for Information SecurityMS 300 – 3:30 pm: Oracle Database 11g Release 2 Security: Defense-in-Depth MS 103 Tuesday: – 12:30 pm: Real-World Deployment and Best Practices : Oracle Audit Vault MS 104 – 2:00 pm: Real-World Deployment and Best Practices : Oracle Advanced Security MS 300 – 3:30 pm: Database Security Event Management : Oracle Audit Vault and ArcSight MS 300 – 5:00 pm: Real-World Deployment and Best Practices :Oracle Database Vault MS 303 Wednesday: – 10:00 am: Protect Data and Save Money: Aberdeen MS 306 – 11:30 am: Preventing Database Attacks With Oracle Database FirewallMS 306 – 4:45 pm: Centralized Key Management and Performance :Oracle Advanced Security MS 306 Thursday: – 10:30 am: Deploying Oracle Database 11g Securely on Oracle SolarisMS 104 MS = Moscone South

26 26 Oracle Database Security Hands-on-Labs Monday: – Database Vault 11:00AM | Marriott Marquis, Salon 10 / 11 Check Availability – Database Vault 5:00PM | Marriott Marquis, Salon 10 / 11 Check Availability Tuesday: – Database Security 11:00AM | Marriott Marquis, Salon 10 / 11 Check Availability Thursday – Advanced Security 12:00PM | Marriott Marquis, Salon 10 / 11 Check Availability – Audit Vault 1:30PM | Marriott Marquis, Salon 10 / 11 Check Availability

27 27 Oracle Database Security Demo Grounds Moscone West Oracle Database Firewall Oracle Database Vault Oracle Label Security Oracle Audit Vault Oracle Advanced Security Oracle Database 11g Release2 Security Exhibition Hours Monday, September 209:45 a.m. - 5:30 p.m. Tuesday, September 219:45 a.m. - 5:30 p.m. Wednesday, September 229:00 a.m. - 4:00 p.m.

28 28 For More Information oracle.com/database/security search.oracle.com database security

29 29 Q & A

Download ppt "1. Real-World Deployment and Best Practices with Oracle Advanced Security Kurt Lysy, Principal Product Manager, Oracle Database Security Matthew Stewart,"

Similar presentations

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any.

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any.
Security for Mobile Devices

Security for Mobile Devices
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
1. Real-World Deployment and Best Practices with Oracle Database Vault at Customers: Ross Stores Covidien Kamal Tbeileh Sr. Principal Product Manager,

1. Real-World Deployment and Best Practices with Oracle Database Vault at Customers: Ross Stores Covidien Kamal Tbeileh Sr. Principal Product Manager,
The twenty-four/seven database Oracle Database Security David Yahalom Senior database consultant

The twenty-four/seven database Oracle Database Security David Yahalom Senior database consultant
Oracle Database Security

Oracle Database Security
Miss Scarlet with a lead pipe, in the library Players: 3 to 6 Contents: Clue game board, six suspect tokens, six murder weapons, 21 cards, secret envelope,

Miss Scarlet with a lead pipe, in the library Players: 3 to 6 Contents: Clue game board, six suspect tokens, six murder weapons, 21 cards, secret envelope,
Current Security Threats WMO CBS ET-CTS Toulouse, France 26-30 May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
Information & Communication Technologies 08 2014 NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.

Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.

Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Quantitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Quantitative.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.

Similar presentations

Ads by Google