Scribd Logo
Upload

Welcome to Scribd!

  • Les 09 Security

    Uploaded by

    cr.preteco
    1 views8 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    1 views8 pages

    Les 09 Security

    Uploaded by

    cr.preteco

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 8

    9

    Securing Oracle Audit Vault

    Copyright © 2010, Oracle and/or its affiliates. All rights reserved.


    Oracle Audit Vault: Security Components
    Audit Vault Agent Audit Vault Server

    OC4J OC4J

    HTTP(S)
    Database client Management Database client
    commands
    Configuration/management Config/management tools
    tools

    Logs
    Logs

    Collectors
    Audit
    DBAUD OSAUD repository
    Oracle*Net
    Audit trail data
    Collector attributes

    Source
    Oracle*Net
    Agent username/ password Policy provision
    Source username/password AV admin username/password
    Source username/password

    9-2 Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
    Integration with Oracle Database Vault

    • The Audit Vault Server database is protected by Oracle


    Database Vault features.
    • Database Vault is used to:
    – Prevent access to audit data by privileged users
    – Prevent unauthorized changes to the Audit Vault Server
    database
    – Set access controls

    9-3 Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
    Managing Users and Roles
    in the Audit Vault Server
    • Manage Oracle Database users in Audit Vault
    • Manage Audit Vault Server users and roles

    AV Admin

    AV Auditor

    9-4 Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
    Audit Vault Database Users

    • Audit Vault Administrator


    – Name specified during installation
    – Granted AV_ADMIN role
    • Audit Vault Auditor
    – Name specified during installation
    – Granted AV_AUDITOR role

    9-5 Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
    Audit Vault Database Users

    AVSYS user
    • Created during installation of the Audit Vault Server
    • Owns all Audit Vault objects
    • Default tablespace: SYSAUX
    • Should not be unlocked

    9-6 Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
    Understanding Audit Vault Usage

    Auditor Audit
    AV (internal) AV AV audit Admin
    reports alerts policies

    Monitor, detect, alert, and report (AV_AUDITOR)

    Audit
    Vault

    AV AV
    AV Admin Admin
    Admin AV
    Security

    Administration and management (AV_ADMIN)

    9-7 Copyright © 2010, Oracle and/or its affiliates. All rights reserved.
    Using Oracle Advanced
    Security Option Encryption
    Encrypt the data that travels across the network from the Audit
    Vault database sources and the Audit Vault Server.

    Source Agent

    9-8 Copyright © 2010, Oracle and/or its affiliates. All rights reserved.

    You might also like