Professional Documents
Culture Documents
Kamal Tbeileh, Principal Product Manager, Oracle Database Security Andreas Becker, Principal Member, Oracle/SAP Development
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracles products remains at the sole discretion of Oracle.
Agenda
Database Vault Overview
Realms, Command Rules, and Separation Of Duty
Database Vault Best Practices Database Vault Performance Numbers Feedback and Questions
EM Data Masking Oracle Database 11g TDE Tablespace Encryption Oracle Audit Vault
Oracle Database 9i
Oracle8i
Oracle Label Security Proxy authentication Enterprise User Security Virtual Private Database (VPD)
Database Encryption API Strong Authentication Oracle7 Native Network Encryption Database Auditing Government customer
Protection Realms
Multi-Factor Authorization
Command Rules
Separation of Duty
HR DBA views Fin. data Eliminates security risks from server consolidation
HR HR HR DBA
HR Realm
Fin Realm
Realms can be easily applied to existing applications with minimal performance impact
Example #2:
Limiting connection from non-application server IP addresses
Plan: Pilot program with ~5 pilot customers until end of 2008 2009: DBV Certification for SAP Generally Available
SAP NetWeaver with SAP Kernel Release 7.00+ SAP BR*Tools Release 7.00 Patchlevel 36+
Adapt certain database parameters that were changed during DBV installation
os_authent_prefix, remote_os_authent
Start EM DB Control:
% emctl start dbconsole
Default Realms
Oracle Database Vault Account Management Oracle Database Vault Oracle Data Dictionary Oracle Enterprise Manager
SAP Realms
SAP Protection Realm for ABAP Stack SAP Protection Realm for Java Stack SAP Application Administration Realm for SAP BRTools SAP Application Credential Protection Realm SAP Application Protection Realm for SAP Admin Roles
Database Vault audit events are protected Reports show any attempted violations
9.2.0.8:
Hardware profile: Sun Solaris 9 Sparc, 64 bit on Sun4800-6 Sun-Fire server 8 CPUs 4 GB of RAM Number of users: 20 dedicated users with multiple connections each Ramp up to over 400 concurrent database connections
Summary
Learn More
SAP Service Marketplace site Visit: http://service.sap.com/oracle-download Oracle Technical Information, Demos, Software Visit OTN: otn.oracle.com -> products -> database -> security and compliance