Professional Documents
Culture Documents
June 2013
Introduction ....................................................................................... 3
Oracle Database 12c Security ........................................................... 4
Locating and Cataloging Your Sensitive Data .................................... 4
Monitoring the Configuration of Sensitive Databases......................... 5
Configuration Scanning ................................................................. 5
Auditing Sensitive Operations ........................................................ 5
Protecting Against Database Bypass Threats .................................... 6
Advanced Security TDE................................................................. 6
Protecting Data in Non-Production Environments .............................. 7
Data Masking ................................................................................ 7
Limiting Sensitive Data Exposure in Applications .............................. 8
Advanced Security Data Redaction ............................................... 8
Protecting Against Common Threats ................................................. 8
Database Vault Privileged Account Controls.................................. 9
Database Vault Command Controls............................................. 10
Audit Vault and Database Firewall Detective Controls ................. 10
Audit Vault and Database Firewall SQL Injection Prevention ....... 10
Building More Secure Applications .................................................. 11
Database Vault Privilege Analysis ............................................... 11
Code Based Access Control ........................................................ 11
Real Application Security ............................................................. 12
Data Classification for Government and Defense Applications ........ 12
Label Security Access Control ..................................................... 12
Security and Compliance with Oracle Database 12c
Introduction
The need to secure data is driven by an expanding privacy and regulatory environment coupled
with an increasingly dangerous world of hackers, organized crime, and other groups intent on
stealing valuable data. The security picture is complicated even more by the rapid expansion of
access to the Internet, an unprecedented understanding of technology, increasing economic
competition, and the push to achieve greater efficiencies through consolidation and cloud
computing. Information targeted for attack has included citizen data, intellectual property,
credit card data, financial information, government data, and competitive bids. Attack
methodologies include hacking of privileged user accounts, exploitation of application
vulnerabilities, media theft, and other sophisticated attacks collectively known as advanced
persistent threats or APT. In response to the increasing threat to data, regulations have been put
in place that include the numerous U.S. State privacy laws, Payment Card Industry Data Security
Standard (PCI-DSS), the U.K Data Protection Act, and the Korean Act on Protection of
Personal Data, to name a few.
To better understand the importance of database security one needs to consider the potential
sources of vulnerability.
Threats that target the operating system can circumvent the database by accessing raw data
files, bypassing application security, access controls inside the database, network security, and
encrypted drives.
Proliferation of production data beyond the controls of the production environment expand
the scope of compliance and increase the risk to data.
Privacy related information by be exposed to individuals without a true need-to-know due to
an oversight in the development process or the complexity of modifying legacy application
modules.
Privileged user accounts and over privileged applications may become targets for highly
specialized attacks or the source of insider threats.
Ad-hoc access to application data by privileged accounts may violate internal policies,
regulatory mandates, service level agreements, as well as expose data to external attacks.
Application bypass through SQL injection can expose large amounts of sensitive data to
attackers or unauthorized users.
Configuration drift or changes that create deviation from internal deployment standards and
security best practices can result in audit findings, impact business continuity, and increased
security risks.
3
Security and Compliance with Oracle Database 12c
4
Security and Compliance with Oracle Database 12c
Configuration Scanning
Configuration monitoring and the prevention of configuration drift is an important part of the
security deployment architecture. Oracle Enterprise Manage Database Lifecycle Management
Pack can be used to scan databases for numerous security related settings, including checks for
default passwords. Monitoring database accounts, managing privilege entitlements, enforcing
password complexity, and maintaining a secure configuration are all part of the monitoring
process. Proactive assessment of key compliance areas such as security, configuration, and
storage help identify areas of vulnerabilities and areas where best practices are not being
followed. Important components of Oracle Enterprise Manager Database Lifecycle
Management include out-of-the-box policy checks as well as the ability to define custom
configuration checks.
5
Security and Compliance with Oracle Database 12c
6
Security and Compliance with Oracle Database 12c
Data Masking
Oracle Data Masking provides end to end automation for provisioning test databases from
production in compliance with regulations. Sensitive information such as credit card or social
security numbers can be replaced and used for development and testing without expanding the
security perimeter. This reduces the number of database systems that need to be monitored for
compliance and security.
Important considerations in masking include the ability to maintain referential relationships
between application tables after the masking process has taken place. Application records that
span application tables and are linked by a given column need to have those values consistently
replaced across the related tables. Data Masking discovers these relationships and masks all
related data elements automatically while preserving referential relationships. The combination
of sensitive data columns and the associated primary key-foreign key relationships are stored in
an Application Data Model in the Oracle Enterprise Manager repository. Data Masking ships
with pre-defined accelerators for Oracle Applications that can discover the metadata
relationships in existing Oracle Fusion Applications and Oracle E-Business Suite applications
and create Application Data Models to store these relationships.
Data Masking provides a centralized library with out-of-the-box mask formats for common types
of sensitive data, such as credit card numbers, phone numbers, national identifiers (social security
number for U.S., national insurance number for U.K.). By leveraging the Format Library in Data
Masking, enterprises can apply data privacy rules to sensitive data across enterprise-wide
databases from a single source and thus, ensure consistent compliance with regulations.
Enterprises can also extend this library with their own mask formats to meet their specific data
privacy and application requirements.
Once the work of associating masking definitions with application attributes is complete, the
formats and data associations can be saved in the Application Data Model and re-executed when
test, development or partners need a refresh of data. Oracle Data Masking Pack can support
masking of data in heterogeneous databases, such as IBM DB2 and Microsoft SQLServer,
through the use of Oracle Database Gateways.
7
Security and Compliance with Oracle Database 12c
8
Security and Compliance with Oracle Database 12c
addition, SQL injection vulnerabilities within applications have been frequent points of attack.
These vulnerabilities can be even harder to detect and block because they are commonly passed
through to the database by applications using credentials that are trusted.
Protecting against these common types of attacks requires a defense-in-depth approach. The
depth of the security controls required will depend on the application and sensitivity of the data.
For example, while privileged user controls may be vital on production systems, they most likely
are less applicable on test and development systems where sensitive data has been masked or
swapped out with production “like” data. At the same time, multiple preventive controls may be
applicable on highly sensitive systems, while a subset may be applicable on less sensitive systems.
In addition, some controls may be applicable to both Oracle and non-Oracle databases, while
others may only be available in the Oracle database.
9
Security and Compliance with Oracle Database 12c
10
Security and Compliance with Oracle Database 12c
analysis, enables organizations to minimize false alerts, and only collect data that is important.
Database Firewall events are logged to the Audit Vault Server enabling reports to span
information observed on the network alongside audit data.
Security controls can be customized with in-line monitoring and blocking on some databases and
monitoring only on other databases. The Database Firewall can be deployed in-line, out-of-
band, or in proxy mode to work with the available network configurations. For monitoring
remote servers, the Audit Vault Agent on the database server can forward the network traffic to
the Database Firewall. Delivered as a soft appliance, a single Audit Vault Server can consolidate
audit logs and firewall events from thousands of databases. Both Audit Vault Server and the
Database Firewall can be configured in a HA mode for fault tolerance.
11
Security and Compliance with Oracle Database 12c
is invoked, the privileges associated with the granted role will be available in the runtime context
of the stored program unit.
12
Security and Compliance with Oracle Database 12c
13
Security and Compliance with Oracle Database 12c
Conclusion
Perimeter firewalls are insufficient in today’s world of ubiquitous Internet access, technology
awareness, and global economic competition. The push toward data consolidation and cloud
computing combined with an ever-changing regulatory landscape require solutions to be highly
transparent and cost effective to deploy. Securing databases requires a defense-in-depth
approach spanning preventive, detective, and administrative controls. Attack vectors targeting
privileged accounts inside and outside the database, application vulnerabilities, and data in test
and development environments are just a few of the reasons why security must be moved closer
to the data. Perimeter firewalls must be supplemented with additional controls that are aligned
with the sensitivity of the data, its location, its environment, applicable regulations and business
impact should the data be lost, stolen, or used for unauthorized purposes.
14
Security and Compliance with Oracle Database
12c
June 2013
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only and the
contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other
Oracle Corporation
warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or
World Headquarters
fitness for a particular purpose. We specifically disclaim any liability with respect to this document and no contractual obligations are
500 Oracle Parkway
formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any
Redwood Shores, CA 94065
means, electronic or mechanical, for any purpose, without our prior written permission.
U.S.A.
Worldwide Inquiries: Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective
Fax: +1.650.506.7200
oracle.com 0109