Presentation is loading. Please wait.

Presentation is loading. Please wait.

Agenda Database Overview Oracle Audit/Security/Control.

Similar presentations

Presentation on theme: "Agenda Database Overview Oracle Audit/Security/Control."— Presentation transcript:


2 Agenda Database Overview Oracle Audit/Security/Control

3 Objectives Your objectives Magic Disk Database Control Objectives
Frank W. Lyons

4 Terminology Database A set of data Tablespaces
Logical division of a database Files datafile Instances Also known as a server Table, columns and datatypes

5 Columns The characteristics of a column are made up of two parts: its datatype and its length. For columns using the NUMBER datatype, the additional characteristics of precision and scale can be specified. Precision determines the number of significant digits and Scale determines the placement of the decimal point

6 The Database Language Structure Query Language (SQL)
Data Definition Language DDL Create, Drop, Alter Data Manipulation Language DML Select, Insert, Update, Delete Data Control Language DCL Grant, Revoke

7 Database Structure Obtain the Data Structure Diagram
Customer Table Warehouse Table Order Table The data structure diagram provides all the tables and columns

8 Tables Tables owned by the user SYS are called the data dictionary tables Dictionary tables provide a system catalog that the database uses to manage itself The database maintains the relationship between table by using referential integrity

9 Database Structure Object Dependencies Database Tablespace
This is the file name under the operating system Table Index Synonym View Synonym

10 Databases A database is a set of data.
Oracle provides the ability to store and access data in a manner consistent with a defined model known as the Relational Model.

11 Tablespaces A tablespace is a logical division of a database
Each tablespace is constituted of one or more files, called datafiles, on a disk. A datafile can belong to one and only one tablespace

12 Tablespaces To prevent users from creating objects in the SYSTEM tablespace, any quotas on SYSTEM, which could give a user the ability to create objects in the SYSTEM tablespace, must be revoked: alter user Frank quota 0 on SYSTEM When you create a new user via the create user command, you can specify a default tablespace: create user Frank identified by excellence default tablespace Human_Resources

13 Tablespaces SYSTEM Data Dictionary DATA Standard-operation tables
DATA_2 Static tables used during standard operation INDEXES Indexes for the standard operation tables INDEXES_2 Indexes for the static tables RBS Standard operation rollback segment RBS_2 Specialty rollback segments used for data loads TEMP Standard operation temporary segments TEMP_USER Temporary segments created by a user TOOLS RDBMS tools tables TOOLS_1 Indexes for RDBMS tools tables USERS User objects, in development databases

14 Instance In order to access the data in the database, Oracle uses a set of background processes that are shared by all users. A database instance (also known as a server) is a set of memory structures and background processes that access a set of database files.

15 Views Views appear to be a table containing columns and is queried in the same manner that a table is queried Views do not use physical storage to store data Views can not be indexed.

16 Typical Authentication Pyramid
Application Logon Reporting Tool Database Accountability lessens as you move down the pyramid Data

17 Where Are the Application Controls?
Direct access usually by-passes application controls User profiling is normally only used within the application Views of reporting data could be incorporated Summarized data could be used to reduce sensitivity

18 Relational Data Storage
Employee Table

19 Views Based on User Profile
View of the Commercial Division Security is based on data value

20 Reduced Data Sensitivity
Employee Locator View Security is based on columns selected

21 Summarized Views View Summarized by Division

22 Access Type Difference
Id and Passwords User Profiles Accountability and audit ability

23 Data Access Application interfaces Reporting Tools Direct access

24 ID and Password Controls
Where is the ID and Password Stored for verification? How is the password stored? Is the same user ID used for multiple applications? Is the password stored in multiple locations?

25 User Profiles Profiles allow access according to job responsibilities
Division Position Security Clearance

26 User Profiles Controls
Who creates and modifies the user profile? What audit trails are in place for profile changes? What approvals are required for changes to the user profile? What is the notification process for job responsibility changes?

27 Accountability and Auditability
Is the user id translated to a high powered id during application access to the data? Does the application record read access? When data is inserted, modified, or deleted is the change logged? If there is a log who is reviewing the log?

28 ID Translation Used to prevent users from accessing data directly
Prevents authentication by the database management system Creates tuning and monitoring challenges

29 Reporting Tools and Direct Access
Ad-hoc reporting User flexibility Less labor to support user reporting requirements Checks and balance to insure information accuracy

30 Separate Reporting Database
On-line Database Synchronization can be done real time or on intervals

31 Advantages of Separate Reporting Databases
Design for reporting efficiencies On-line environment not impacted by the reporting workload Data can be summarized to reduce data sensitivity Multiple reporting databases can be defined to limit access to sensitive information

32 Disadvantages of Separate Reporting Databases
Extra storage and processor resources are required Extra labor resources are required to support replication process Special controls needed for direct access authority Read activity needs to be logged for audit ability

33 Reporting Tools Reporting Tool View of Data Reporting Database
Reporting tools can limit access by column, data value, or through summarization.

34 Web Access Reporting Tools can push static or dynamic information
Design should balance performance differences with flexibility Security at the data level needs to be well understood so that access is based on data sensitivity and job responsibilities

35 Application Recovery Code is normally static
Code changes should be installed on well defined intervals Recovery usually requires reboot of application server Corrupted application files can be restored from the last copy

36 Database Recovery Data is a constantly changing resource
Rebooting the database server causes the database system to recovery any in-flight units of work Restoring data from backup requires the database logs to be applied to the data in order to restore data consistency

37 Database Logs Data Identification (Record Header) Before Image of Data
After Image of Data

38 Log Contains All Data Modifications
User Activity Database Log Database

39 Backout Due to Abort or Abend
User Activity Database Log Database Aborted Unit of Work Log Records are read to backout the changes to the data

40 Protecting Database Log
Critical Recovery Resource Contains Sensitive Information Needed for on-site and off-site recovery Log shipping often done for off-site recovery

41 Log Shipping Database Log Database On-site Off-site Database Log Copy

42 Criteria for Server Selection in the Database Environment
Stability Security Recoverability Performance

43 Key Points Application access controls are by-passed through most reporting interfaces Security design MUST be centered on the data and incorporated in each interface Data and application recovery have key differences and need special considerations

44 Key Points Security should be designed around the DATA
All interface points must be reviewed Data recoverability needs differ between application and data Database logs contain sensitive information

45 Oracle

46 Identify Risks Default Users Operating System configuration
Database server configuration Listener process Privileges Database links Patches

47 Init.ora Database startup file
This file is read during the instance startup and may be modified by the DBA. Any modifications to this file will not take affect until the next startup that uses this file

48 Init.ora In the default directory configuration, the init.ora file is stored in a directory named /orasw/app/oracle/admin/instance_name/pfile The init.ora file does not list the names of the datafiles or online redo log files for the database as these are stored in the data dictionary. Init.ora does list the names of the control files for the database

49 Config.ora A second configuration file is typically used to store the settings of variables that do not change after database creation Such as the database block size In order for the config.ora settings to be used, the file must be listed as an include file via the IFILE parameter in the instance’s init.ora file

50 Procedures A procedure is a block of PL/SQL statements that is stored in the data dictionary and is called by applications Stored procedures help to enforce data security

51 Functions Functions, like procedures are blocks of code that are stored in the database. Function are capable of returning values to the calling program

52 Packages Packages are used to arrange procedures and functions into logical groupings Packages have a public and private elements Private elements may include procedures called by other procedures within the package Source code for the functions, procedures, and packages are stored in the data dictionary tables

53 Triggers Triggers are procedures that are executed when a specified database event takes place against a specified table Used as part of referential integrity Used to enforce additional security Used to enhance the available auditing options

54 Triggers Two types of triggers Statement triggers
Fire once for each triggering statement Row triggers Fire once for each row in a table affected by the statement For each type a BEFORE trigger and AFTER trigger can be created Triggering events include inserts, updates, and deletes

55 Synonyms To completely identify a database object such as a table or a view, the host machine name, the server instance name, the object’s owner, and the object’s name must be specified Synonyms reduce this effort Public synonyms are shared by all users Synonyms can provide pointers for tables, views, procedures, functions, packages, and sequences

56 Database Life Cycles Planning Creating Monitoring Tuning Securing

57 Operating system configuration
Use file system security to protect the DBMS software and data files (Only allow the Oracle user and Oracle group access to the files) Turn off all operating system functionality/services that are not required by the DATABASE SERVER (mail,ftp,telnet) Turn on O/S level auditing and review the audit log daily Secure the backup of the database Audit regularly

58 Database System Configuration
Remove non-essential users and enforce password management (see appendix) Change the default passwords on accounts Do not allow development in a production database/server Secure the development database (may contain production data) Keep the software up to date and patched

59 Database System Configuration Oracle Database - Physical Structures
When a backup of a database occurs, the backup software is making copies of the physical structures of an Oracle instance. Physical Structures stored in the operating system Control File Online Redo Log Data File INIT.ORA SPFILE (Oracle9i) ORACLE_HOME (Oracle software) Backup destination

60 Database System Configuration Oracle Database/Physical Structures
Control File Contains information about the instance and all of it’s external files. Used by Oracle to know if a data file needs recovery. Audit view: V$CONTROLFILE Online Redo Log Keeps track of all the transactional activity that makes changes to the database. Audit view: V$LOGFILE

61 Database System Configuration Oracle Database/Physical Structures
Data File Associated with a single tablespace. Oracle server creates a data file for a tablespace by allocating the specified amount of disk storage + a small overhead. Can contain data segment (table), index segment (primary keys, unique constraints or tuning indexes), rollback and temporary segments. Audit view DBA_DATA_FILES INIT.ORA Used by the Oracle instance to configure how much of the OS resources will be used by the instance. Parameters can be placed here for optional processes Audit view V$PARAMETER

62 Database System Configuration Oracle Database/Physical Structures
Data File Audit view DBA_DATA_FILES SQL> select file_name from dba_data_files order by file_name Control File Audit view: V$CONTROLFILE SQL> select * from v$controlfile; Online Redo Log Audit view: V$LOGFILE SQL> select * from v$logfile order by group#

63 Database System Configuration Oracle Database/Physical Structures
INIT.ORA Audit view V$PARAMETER SQL> select name,value from v$parameter License/version Audit view v$version SQL> select * from v$version

64 Privileges Third party application owner will typically have the ‘DBA’ role granted to them This is needed for installs/upgrades of software, but typically can be removed for day to day activities SELECT ANY TABLE privilege should not be allowed on any ‘end user’

65 Privileges SELECT ANY TABLE privilege gives users the ability to select from ANY table including SYS.USER$ and SYS.LINK$ These tables will show passwords

66 Privileges Audit Checklist
SQL> select privilege privilege_granted, grantee,admin_option from sys.dba_sys_privs where not exists (select 'x' from sys.dba_users where username = grantee) order by privilege_granted,admin_option;

67 Privileges Audit Checklist

68 Database Link Used to connect one database to another
The Database link contains: USER ACCOUNT TO CONNECT TO THE TARGET DATABASE LOCAL USERNAME AND PASSWORD (HARD CODED) or pass through authentication CONNECT STRING (Oracle / SQLNET/ NET8) Audit view: dba_db_links

69 Oracle NET / NET8 /SQL*NET LISTENER Configuration
Server Client Server 4 sqlplus User Listener On port 3 1 listener.ora DB1 tnsnames.ora/sqlnet.ora 2

70 Oracle NET / NET8 /SQL*Net
LISTENER Oracle NET enables communications between partners in a distributed transaction Applies to client/server or server/server environment. During the life of a connection, resolves all differences between the internal data representations and/or character sets of the computer. Net8 has been renamed to Oracle NET for 9i

71 Harden the Listener Process
The configuration file for the listener is LISTENER.ORA. LISTENER.ORA resides on the server and defines… Listener name, a database can have multiple listeners The network listener address The SID of the database for which it listens Parameters that influence the network listener’s behavior, including tracing, timeout and logging and password

72 Harden the Listener Process
Prevent unauthorized administration of the Oracle Listener by: ADMIN_RESTRICTIONS_listener_name=ON Use a password on all listeners At the lsnrctl prompt enter change_password

73 Oracle NET / Net8 /SQL*NET
Configuration Oracle Names Network service that provides centralized name resolution to Oracle clients and servers. Consists of one or more administrative regions, each having a single installation of the Oracle Network Manager tool. Oracle Network Manager enables the administrator to administer the following in it’s administrative region… All database listeners Global database links Clients, interchanges and Names Servers.

74 Oracle NET/ NET8 / SQL*Net
Configuration Oracle Names (continued) Clients do not need a TNSNAMES.ORA file if an Oracle Names Server is used. If a TNSNAMES.ORA file is created, the client may use it to resolve the service name before resolving it through the Names Server. Clients have a SQLNET.ORA file that identifies Oracle Names Server. This file can reference a file on a server so that it doesn’t have to change if the Names Server changes.

75 Oracle NET / NET8 /SQL*NET
Configuration 1 Client 3 2 4 Names Server Server

76 Oracle NET/ NET8 /SQL*Net
Audit checklist Listener password protected Is ADMIN_RESTRICTION turned on Is a protocol.ora in place for node checking How is tnsnames protected ONAMES is used, this adds an additional server to be audited

77 Oracle listener Audit checklist
Set up the listener with password Set up a strong password Protect the listener .ora file (this is where the password is kept)

78 Patches Audit checklist
Verify patches using the V$VERSION view Keep informed on the latest security patches Have a policy on how quickly a critical security patch should be applied Oracle rates severity of patches one is most severe

79 Alerts (Subscribe to security alerts )
Patches Alerts (Subscribe to security alerts  ) PDFBuffer Overflows in EXTPROC of Oracle Database ServerAlert #57, Rev 2, 07August 2003 PDFBuffer Overflow Vulnerability in Oracle E-Business SuiteAlert #56, Rev 1, 23 July 2003 PDFUnauthorized Disclosure of Information in Oracle E-Business SuiteAlert #55, Rev 1, 23 July 2003 PDFBuffer Overflow in Net Services for Oracle Database ServerAlert #54, Rev 2, 30 April 2003 PDFReport Review Agent Vulnerability in Oracle E-Business SuiteAlert #53, Rev 1, 10 April 2003 PDFTwo Security Vulnerabilities in Oracle9i Application ServerAlert #52, Rev 3, Updated 03 March 2003 PDFBuffer Overflow in ORACLE executable of Oracle9i Database ServerAlert #51, Rev 6, Updated 18 April 2003 PDFBuffer Overflow in Oracle9i Database ServerAlert #50, Rev 6, Updated 18 April 2003

80 Oracle's built-in tools USERS / SCHEMAS
Security Domain Defines the security settings that Apply to the user Authentication Mechanism Database Operating system Network Privileges—Direct/Indirect (via roles)

81 Oracle's built-in tools USERS / Database SCHEMAS
Authentication Mechanism Database– passwords are kept internally in a database table encrypted Operating system—Passwords are kept in the operating system

82 Oracle's tools to purchase
Authentication Mechanism using Oracle Advanced Security option Network– Uses third party network authentication services (like Kerberos and SESAME) Token Devices, one time passwords are used to authenticate Biometrics Devices, use physical features of users to authenticate Advanced Encryption Standard (AES) AES is symmetric block cipher AES-128,AES-192 and AES-256

83 Oracle's built-in tools USERS / Database SCHEMAS
Predefined users Sys/change_on_install (super user in Oracle,schema for Oracle dictionary tables) System/manager (Owner of internal tables used by Oracle tools) Scott/tiger (created by demo files, sometimes left in production) Note: 9i passwords are custom, unless you create the Database using the Database creation assistant in batch mode Additional users defined later in the Oracle9i section

84 Oracle's built-in tools Password File to authenticate DBAs
A password file for DBAs is optional and can be setup using the ORAPWD password utility. The password file will restrict administration privilege to only the users who know the password and have been granted a special role. The roles are SYSDBA and SYSOPER.

85 Oracle's built-in tools Two special roles SYSOPER/SYSDBA

86 Oracle's built-in tools
SYSDBA Contains all system privileges with ADMIN OPTION, and the SYSOPER system privilege; CREATE DATABASE and time-based recovery. Listing Password File Members Audit view: V$PWFILE_USERS will show all users that have been granted SYSDBA and SYSOPER system privileges for a database.

87 Oracle's built-in tools ADMINISTERING PRIVILEGES
Two types of privileges: System– Enables users to perform ADMIN type activities in the database OBJECT– Enables users to access and manipulate objects

88 Oracle's built-in tools SYSTEM PRIVILEGES
Administering privileges System– 80 system privileges The ANY keyword means that the user has the privilege for any schema. The GRANT command is used to add a privilege to a user or group of users GRANT CREATE SESSION to smith; GRANT CREATE SESSION to smith with ADMIN OPTION; The REVOKE command deletes the privilege REVOKE CREATE SESSION to smith;

89 Oracle's built-in tools SYSTEM PRIVILEGES
Administering privileges—Displaying System Privileges DATABASE LEVEL SESSION LEVEL DBA_SYS_PRIVS SESSION_PRIVS Grantee Privilege Privilege Admin option

90 Oracle's built-in tools OBJECT PRIVILEGES
OBJECT SQL STATEMENT Allowed ALTER   ALTER object (table or sequence)   DELETE DELETE FROM object (table or view)   EXECUTE EXECUTE object (procedure or function). References to public package variables   INDEX CREATE INDEX ON object (tables only)   INSERT INSERT INTO object (table or view)   REFERENCES CREATE or ALTER TABLE statement defining a FOREIGN KEY integrity constraint on object (tables only)   SELECT   SELECT...FROM object (table, view, or snapshot). SQL statements using a sequence  

91 Oracle's built-in tools DISPLAYING OBJECT PRIVILEGES
DBA_TAB_PRIVS DBA_COL_PRIVS Grantee Grantee Owner Owner Table_name Table_name Grantor Column_name Privilege Grantor grantable  Privilege Grantable

92 Oracle's built-in tools USERS / Database SCHEMAS
Restriction privilege system by enabling O7_DICTIONARY_ACCESSIBILITY=FALSE This prevents users with the system ‘ANY’ from being able to execute against the SYS schema The default is TRUE This allows the user with the ‘ANY’ privilege to execute against the SYS schema

93 Oracle's built-in tools Administering privileges
A role is a database entity that is a named group of privileges. It is unique within the database and not owned by a user. A role can be authenticated by a password. Special role SELECT_CATALOG_ROLE, which enable access to the data dictionary

94 Oracle's built-in tools Predefined roles
ROLENAME DESCRIPTION ============================================== CONNECT Provided for backward RESOURCE compatibility DBA All systems privileges w/admin EXP_FULL_DATABASE Privileges to export the DB IMP_FULL_DATABASE Privileges to Import the DB DELETE_CATALOG_ROLE Delete privileges on dictionary EXECUTE_CATALOG_ROLE Execute privilege on dictionary SELECT_CATALOG_ROLE Select privilege dictionary tables PUBLIC Role that all users have

95 Oracle's built-in tools Displaying information on roles
DATABASE ROLE VIEW DESCRIPTION DBA_ROLES All roles which exist in the DB DBA_ROLE_PRIVS Roles granted to users and roles ROLE_ROLE_PRIVS Roles which are granted to roles DBA_SYS_PRIVS System privileges grated to users and roles ROLE_SYS_PRIVS System privileges granted to roles ROLE_TAB_PRIVS Table privileges granted to roles SESSION_ROLES Roles which the user currently has enabled

96 Oracle's built-in tools PROFILES used for password management
A PROFILE is a named set of limits for passwords and system resources Are assigned to users Can become the default for all users Can be enabled or disabled

97 Oracle's built-in tools PROFILES
A PROFILE is a named set of limits for passwords And system resources CPU time I/O operations IDLE time (inactive time measured in minutes) Connect time (measured in minutes) Memory space Concurrent sessions Passwords aging and expiration Password history Password complexity verification Account locking

98 Oracle's built-in tools PROFILES management
Create a profile CREATE PROFILE end_user_prof LIMIT SESSIONS_PER_USER 1 IDLE_TIME 60 CONNECT TIME 600; Modify a profile ALTER PROFILE end_user_prof limit IDLE_TIME 10; Remove a profile DROP PROFILE end_user_prof; DROP PROFILE end_user_prof CASCADE;

99 Oracle's built-in tools PROFILES management
Associate a user to a profile ALTER USER smith PROFILE end_user_prof; Resource limits must be enable to enforce profile limits, This does not include password management. Two ways to enable: ALTER SYSTEM SET RESOURCE_LIMIT=TRUE 1. Modify the init.ora file and set RESOURCE_LIMIT=TRUE, 2. Restart the instance

100 Oracle's built-in tools PROFILES displaying resource limits
DBA_USERS Profile username DBA_PROFILES Profile Resource_name Resource_type Limit Join the views DBA_USERS and DBA_PROFILES To display the resource limits

101 Oracle's built-in tools PASSWORD MANAGEMENT
PARAMETER DESCRIPTION FAILED_LOGIN_ATTEMPTS Number of failed login attempts before lockout PASSWORD_LOCK_TIME Number of days password will remain locked upon password expiring PASSWORD_LIFE_TIME Lifetime of password measured in days PASSWORD_GRACE_TIME Grace period in days for changing the password, after it has expired

102 Oracle's built-in tools PASSWORD MANAGEMENT
PARAMETER DESCRIPTION PASSWORD_REUSE_TIME Number of days before a password can be reused PASSWORD_REUSE_MAX Maximum number of times a password can be reused PASSWORD_VERIFY_FUNCTION PL/SQL package that makes a complexity check before a password is assigned Note: The script utlpwdmg.sql must be run in the SYS schema to enable

103 Oracle's built-in tools PASSWORD MANAGEMENT
VERIFY_FUNCTION Minimum length of four characters Password not equal to user name Password must have at least one alpha, numeric,special character Password must differ from the last password by three characters

104 Oracle's built-in tools PASSWORD MANAGEMENT

105 Oracle's built-in tools Displaying PROFILES information
DBA_PROFILES Profile Resource_name Resource_type =PASSWORD limit

106 Auditing the Database Audit a specific user
Audit for a specific statement Audit for a specific statement on a schema user Audit to know what happens on your database Audit failed logon attempts Audit to know who changed what and when

107 Auditing the Database Audit by session or access
Audit by successful or not successful status Audit with discretion Audit actions: Alter, audit,comment,create,delete,execute, grant,index,insert,lock,read,reference,rename,select,update,write

108 Auditing the Database syntax
AUDIT {statement|system_priv} BY user BY SESSION|ACCESS WHENEVER {NOT} SUCCESSFUL; NOTE: BY SESSION will create only one audit record Per session BY ACCESS will create a record for each auditable activity

109 Auditing the Database(cont)
Audit to know what happens on your database High level of unsuccessful logins Audit through the middle tier Audit the user statement Audit the audit table

110 Auditing the Database connect internal (Oracle8i)
NT Systems:  On NT Systems you can see auditing for INTERNAL in the event viewer. The INTERNAL connections are written to the operating system audit trail .  Unix Systems:  On Unix Systems the INTERNAL connections are logged to special log files stored in the $Oracle_HOME/rdbms/audit directory.

111 Auditing the Database SYSDBA/SYSOPER
Initialization parameter AUDIT_SYS_OPERATIONS=TRUE Will write all activities to an O/S audit log

112 Auditing the Database(cont)
TIPS on auditing Run reports on a daily basis Truncate the audit table on a daily basis Use whenever not successful option (whenever you can) Use the by session clause Auditing is now optimized (statements are parsed once for execution and audit Set default audit options May need to create an alarm facility

113 Auditing the Database(cont)
TIPS on auditing Oracle preserves the identify of the user on the middle tier and can capture the user id of who logged into the database via the TP monitor This means that oracle can audit the true user who initiated the transaction and the user who logged into the database (TP monitor) Protect the audit trail AUDIT delete ON sys.aud$ BY ACCESS Only the DBA or SECURITY personnel should Have the DELETE_CATALOG_ROLE

114 Auditing the Database Views to the AUDIT Table

115 Audit/Security Approach
Account Security Object Privileges System Level Roles and Privileges

116 Audit/Security Approach
Create User Username Password Default Tablespace Temporary Tablespace Quota (on Tablespaces) Profile Assigns a profile to the user, if none is specified, then the default profile is used. Profiles are used to restrict the usage of system resources and to enforce password management rules. The default is set to UNLIMITED resource consumption

117 Audit/Security Approach
System Level Privileges ANY and PUBLIC are not synonymous. A PUBLIC object is accessible to all users in a database; all other objects are privately owned. The ANY option allows you to create private objects in other users’ schemas There are eight system level roles provided with Oracle Connect EXP_FULL_DATABASE Resource Select_Catalog_Role DBA Execute_Catalog_Role IMP_FULL_DATABASE Delete_Catalog_Role

118 Audit/Security Approach

119 Audit/Security Approach
Object Level Privileges Grants Grant with grant option Privileges SELECT INSERT UPDATE DELETE ALTER INDEX REFERENCES EXECUTE READ

120 Audit/Security Approach
Dictionary Views DBA_ROLES Names of roles and their password status DBA_ROLE_PRIVS Users who have been granted roles DBA_SYS_PRIVS Users who have been granted system privileges DBA_TAB_PRIVS Users who have been granted privileges on tables DBA_COL_PRIVS Users who have been granted privileges on columns ROLE_ROLE_PRIVS Roles that have been granted to other roles ROLE_SYS_PRIVS System privileges that have been granted to roles ROLE_TAB_PRIVS Table privileges that have been granted to roles

121 Audit/Security Approach
Password Security During Logins When you connect to a database server from a client machine, or from one database to another via a database link, Oracle transmits the password you enter in an unencrypted format unless you specify otherwise. As of Oracle8, you can set parameters that forces Oracle to encrypt the password values prior to transmitting them. To enable password encryption, set the following parameters: On the client set the ORA_ENCRYPT_LOGIN parameter in your sqlnet.ora file to TRUE On the server set the DBLINK_ENCRYPT_LOGIN parameter in your init.ora file to TRUE Shut down and restart the database

122 Audit/Security Approach
Password Password specified for a user account or a role are stored in an encrypted version in the data dictionary Setting the same password for two different accounts will result in different encryption For all passwords, the encrypted value is 16 characters long and contains numbers and capital letters. When a password is entered during a user validation, that password is encrypted, and the encryption that is generated is compared to the one in the data dictionary for that account, if they match, then the password is correct and the authorization succeeds.

123 Audit/Security Approach
Passwords Knowing how the database stores passwords is important because it adds new options to account security. To query the Username and Password fields from DBA_USERS select Username, /*Username*/ Password */Encrypted password*/ from DBA_USERS where Username is (‘Lyons’)

124 Audit/Security Approach
Becoming Another User Since the encrypted password can be set, you can temporarily take over any account and then set it back to its original password without ever knowing the account’s password. This capability allows you to become another user Query DBA_USERS to determine the current encrypted password to the account Generate the alter user command that will be needed to reset the encrypted password to its current value after you are done Spool the alter user command to a file Change the user’s password Access the user’s account Run the file containing the alter user command to reset the user’s encrypted password to its original value.

125 Database Determine Permission Levels
Do not give direct table level permissions to an end user No - Select (Query from “Hell”), Update, Insert, Delete Instead, use stored procedures Better yet, do not let user know how to sign on to the database application Authenticate the user and then supply a new password that they do not even know about. In this way the user must first authenticate to the application and cannot go around this authentication process to access the database

126 Privileges and Roles Access to an object owned by another account
Privilege must have been granted Privileges such as insert, select, update, and delete Privileges can be granted to users, groups, roles, or to Public Roles are groups of privileges Use roles to grant system level privileges such as create table

127 Role Definitions System Level Roles Connect Resource DBA
User Defined System Level Roles

128 Role Definitions Connect Role
Gives users privileges beyond just creating sessions in the database. In addition to the Create Session system privilege, the Connect role gives the users the following system privileges Alter Session Create Cluster Create Database Link Create Sequence Create Synonym Create Table Create View

129 Role Definitions Resource Role
The resource role has the following system privileges Create Cluster Create Index Create Procedure Create Sequence Create Table Create Trigger Create Type

130 Role Definitions DBA Role
The DBA role has all system privileges with admin option, which means that the DBA can grant the system privileges to any other user

131 Auditing The database has the ability to audit all actions that take place within it. Audit records may be written to either the SYS.AUD$ or the operating system’s audit trail. The ability to use the operating system’s audit trail is operating system-dependent Three different types of actions may be audited: Login attempts, Object accesses and Database actions The database’s default functionality is to record both successful and unsuccessful commands To enable auditing in a database, the init.ora file for the database must contain an entry for the AUDIT_TRAIL parameter.

132 Auditing The AUDIT_TRAIL values are: NONE - Disable auditing
DB Enables auditing, writing to the SYS.AUD$ table OS Enables auditing, writing to the operating system’s audit trails

133 Auditing Audit command
Can be issued regardless of the setting of the AUDIT_TRAIL parameter. They will not be activated unless the database is started using an init.ora AUDIT_TRAIL value that enables auditing If you elect to store the audit records in the SYS.AUD$ table, then that table’s records should be periodically archived and the table should then be truncated. Since it is the data dictionary, this table is in the SYSTEM tablespace and may cause space problems if its records are not periodically cleaned out. You can grant DELETE_CATLOG_ROLE to a user to give the user the ability to delete from the SYS.AUD$ table. Every attempt to connect to the database can be audited. The command to begin auditing of login attempts is: audit session audit session whenever successful audit session whenever not successful

134 Audit Features Establish minimum audit standards Login/Logoffs
Adding of New Users Adding Users to Groups All Grants and Revokes Remember that auditing takes up much storage and processing time

135 Trace Files Each of the background processes running in an instance has a trace file associated with it. The trace file will contain information about significant events encountered by the background process In addition, Oracle maintains a file called the alert log The alert log records the commands and command results of major events. This includes, tablespace creations, redo log switches, recovery operations, and database startups

136 Alert Log The alert log is a vital source of information for day-to-day operations Trace files are most useful when attempting to discover the cause of a major failure.

137 Database Constraints A table can have constraints placed upon it
A constraint is applied to a table and every row in the table must satisfy the conditions specified in the constraint definition

138 Database DBMS Journal Redo Logs
SVRMGR program for Database Administration tasks Performs backup of the redo logs SQL COMMIT statements Used by application programs Backup is on-line

139 Backup/Recovery Backup and Recovery Options Export/Import
Offline Backups Online Backups

140 Users A user account is not a physical structure in the database
Users own the database objects The user SYS owns the data dictionary tables The user SYSTEM owns views that access the data dictionary tables for use by the rest of the users in the database

141 Users User accounts can be connected to an operating system
This allows the user to enter only one password to obtain access to the operating system and the database

142 Database Responsibility for the Security Officer Should Perform:
All Grants and Revokes Review Security and Audit Logs Maintain a copy of Audit Logs for the Auditors

143 Exposures Clear text transmission over the network
Connect ID and Access ID for application Direct connection to the database from the desktop

144 Securing the SQL* Plus Tool
PRODUCT_PROFILE table to provide product-level Security for oracle products and augment user-level  Security With this table, you can enforce security on a per-user basis and restrict certain SQL and SQL*plus commands.

145 Securing the SQL* Plus Tool
 SQL*plus commands: EDIT EXECUTE EXIT GET HOST (or your operating system’s alias for HOST, such as $ on VMS and ! on UNIX) QUIT RUN SAVE SET (Spool start SQL commands: Alter analyze audit connect create delete Drop grant insert lock NOAUDIT rename revoke Select set role set transaction truncate update

146 Securing the SQL* Plus Tool Recommended commands to restrict
Commands reason HOST allows user access to a operating-system prompt SET ROLE allows a user to set a new security role GRANT allows a user to grant privileges NOAUDIT allows a user to turn off auditing You should restrict access to the PRODUCT_PROFILE

147 Oracle Security Checklist
Revoke unnecessary privileges from PUBLIC ROLE Revoke all unnecessary privileges and roles from the database server PUBLIC is the default role granted to every user Privileges include EXECUTE on various powerful packages that may potentially be misused include: UTL_SMTP This package permits arbitrary mail messages to be sent from one arbitrary user to another arbitrary user.

148 Oracle Security Checklist
Revoke unnecessary privileges from PUBLIC ROLE UTL_TCP This package permits outgoing network connections to be established by the database server to any receiving (or waiting) network service. UTL_HTTP This package allows the database server to request and retrieve data via HTTP. Granting this package to PUBLIC may permit data to be sent via HTML forms to a malicious web site.

149 Oracle Security Checklist
Revoke unnecessary privileges from PUBLIC ROLE UTL_FILE If configured improperly, this package allows text level access to any file on the host operating system. Even when properly configured, this package does not distinguish between its calling applications with the result that one application with access to UTL_FILE may write arbitrary data into the same location that is written to by another application.

150 Oracle Security Checklist
Revoke unnecessary privileges from PUBLIC ROLE DBMS_RANDOM Is used to encrypt stored data. encrypted data may be non-recoverable if the keys are not securely generated Do not assign “all permissions” to any database server run-time facility Oracle Java Virtual Machine (OJVM) Grant specific permissions to the explicit document root file paths for such facilities that may execute files and packages outside the database server. call dbms_java.grant_permission('SCOTT', '','<<ALL FILES>>','read');

151 Oracle Security Checklist
Authenticate clients properly Remote authentication is a security feature provided by Oracle9i such that if turned on (TRUE), it defers authentication of users to the remote client connecting to an Oracle database. configuration parameter in the following manner: REMOTE_OS_AUTHENT = FALSE will be more secure RESTRICT NETWORK ACCESS Utilize a firewall Keep the database server behind a firewall. Oracle9i’ s network infrastructure, Oracle Net (formerly known as Net8 and SQL*Net), offers support for a variety of firewalls from various vendors. Supported proxy-enabled firewalls

152 Oracle Tools Virtual Private Database/label security
Attach security policies at the Table or View level, allows for easy integration to existing systems. One to many policies per Table. Different policies for different type of accesses (SELECT,UPDATE..).

153 Oracle Security Checklist
Virtual Private Database using application contexts. User-definable can allow security based on categories (Employee number, Cost Center). These contexts are used in the security policy function. Access to session primitives (information about a user session) using USERENV application context

154 Oracle Tools Oracle Enterprise Manger Application Security, Inc
Security Manager Application Security, Inc APPLICATION VULNERABILITY ASSESSMENT AppDetective™ Network-based vulnerability assessment tool that rates the security strength of applications within your network. Armed with a revolutionary security methodology together with an extensive knowledgebase of application vulnerabilities, AppDetective™ will locate, examine, report, and help fix your security holes and miss-configurations at your command.

DbEncrypt™ Easy-to-use, affordable, and effective security solution for encrypting column and row data within the database. Provided with DbEncrypt™ are encryption algorithms, templates, and an intuitive point-and-click interface. APPLICATION INTRUSION DETECTION AppRadar™ Intrusion detection solution strictly for application-specific attacks and malicious behavior. As a complementary solution to existing intrusion detection systems, AppRadar™ empowers organizations with a real-time security solution able to thwart attacks and malicious behavior against all of your mission-critical enterprise applications.

156 Oracle Security checklist
Important web sites

157 Summary Oracle was built to be secure
Audit at the database, network, and server level Takes time and is complex Limited tools available Requires outages for patches

158 Checklist Predefined Users

159 Checklist Predefined Users

160 Checklist Predefined Users

161 Checklist Predefined Users

Download ppt "Agenda Database Overview Oracle Audit/Security/Control."

Similar presentations

Ads by Google