Oracle数据库安全.ppt

10Copyright 2005,Oracle.All rights reserved.Implementing Oracle Database Security10-2Copyright 2005,Oracle.All rights reserved.ObjectivesAfter completing this lesson,you should be able to do the following:Describe your DBA responsibilities for securityImplement security by applying the principle of least privilegeManage default user accounts Implement standard password security featuresDescribe database auditingDescribe Virtual Private Database(VPD)10-3Copyright 2005,Oracle.All rights reserved.Industry Security RequirementsLegal:Sarbanes-Oxley Act(SOX)Health Information Portability and Accountability Act(HIPAA)California Breach LawUK Data Protection ActAuditing10-5Copyright 2005,Oracle.All rights reserved.Separation of ResponsibilitiesUsers with DBA privileges must be trusted.Consider:Abuse of trustAudit trails protect the trusted position.DBA responsibilities must be shared.Accounts must never be shared.The DBA and the system administrator must be different people.Separate operator and DBA responsibilities.10-6Copyright 2005,Oracle.All rights reserved.Database SecurityA secure system ensures the confidentiality of the data that it contains.There are several aspects of security:Restricting access to data and servicesAuthenticating usersMonitoring for suspicious activity10-8Copyright 2005,Oracle.All rights reserved.Principle of Least PrivilegeInstall only required software on the machine.Activate only required services on the machine.Give OS and database access to only those users that require access.Limit access to the root or administrator account.Limit access to the SYSDBA and SYSOPER accounts.Limit users access to only the database objects required to do their jobs.10-9Copyright 2005,Oracle.All rights reserved.REVOKE EXECUTE ON UTL_SMTP,UTL_TCP,UTL_HTTP,UTL_FILE FROM PUBLIC;O7_DICTIONARY_ACCESSIBILITY=FALSEREMOTE_OS_AUTHENT=FALSEApplying the Principle of Least PrivilegeProtect the data dictionary:Revoke unnecessary privileges from PUBLIC:Restrict the directories accessible by users.Limit users with administrative privileges.Restrict remote database authentication:10-11Copyright 2005,Oracle.All rights reserved.Managing Default User AccountsDBCA expires and locks all accounts,except:SYSSYSTEMSYSMANDBSNMPFor a manually created database,lock and expire any unused accounts.10-12Copyright 2005,Oracle.All rights reserved.UserPassword aging and expiration Password complexity verificationSetting up profilesImplementing Standard Password Security FeaturesPassword historyAccount locking10-14Copyright 2005,Oracle.All rights reserved.Supplied Password Verification Function:VERIFY_FUNCTIONThe supplied password verification function enforces these password restrictions:The minimum length is four characters.The password cannot be the same as the username.The password must have at least one alphabetic,one numeric,and one special character.The password must differ from the previous password by at least three letters.Tip:Use this function as a template to createyour own customized password verification.10-15Copyright 2005,Oracle.All rights reserved.Creating a Password Profile10-16Copyright 2005,Oracle.All rights reserved.Assigning Users to a Password ProfileSelect Administration Schema Users&Privileges Users.10-17Copyright 2005,Oracle.All rights reserved.Where We AreComparing security aspectsApplying the principle of least privilegeManaging default user accountsImplementing standard password security featuresCreating and using password profilesAuditingVirtual Private Database(VPD)10-18Copyright 2005,Oracle.All rights reserved.Monitoring for Suspicious ActivityMonitoring or auditing must be an integral part of your security procedures.Review the following:Mandatory auditingStandard database auditingValue-based auditingFine-grained auditing(FGA)DBA auditing10-19Copyright 2005,Oracle.All rights reserved.Enterprise Manager Audit Page10-20Copyright 2005,Oracle.All rights reserved.Audit trailParameter file(2)Specify audit options.Generate audit trail.(3)Review auditinformation.(4)Maintain audit trail.Standard Database AuditingDBAUser(1)Enable database auditing.executes command.DatabaseOS or XML audit trailAudit optionsServerprocess10-21Copyright 2005,Oracle.All rights reserved.Uniform Audit TrailsDBA_AUDIT_TRAILDBA_FGA_AUDIT_TRAILDBA_COMMON_AUDIT_TRAILEXTENDED_TIMESTAMP,PROXY_SESSIONID,GLOBAL_UID,INSTANCE_NUMBER,OS_PROCESS,TRANSACTIONID,SCN,SQL_BIND,SQL_TEXTSTATEMENTID,ENTRYIDAUDIT_TRAIL=DB,EXTENDED10-22Copyright 2005,Oracle.All rights reserved.Enhanced Enterprise User AuditingStandard auditUSERNAMEGLOBAL_UIDFine-grained auditDB_USERGLOBAL_UIDStandard auditUSERNAMEFine-grained auditDB_USERExclusive schemaShared schema10-23Copyright 2005,Oracle.All rights reserved.Value-Based AuditingUsers change is made.Trigger fires.Audit record is created by the trigger.And it is inserted into an audit trail table.A user makes a change.10-25Copyright 2005,Oracle.All rights reserved.Fine-Grained Auditing Monitors data access on the basis of contentAudits SELECT,INSERT,UPDATE,DELETE,and MERGECan be linked to a table or view,to one or more columnsMay fire a procedureIs administered with the DBMS_FGA packageemployeesPolicy:AUDIT_EMPS_SALARYSELECT name,salary FROM employees WHERE department_id=10;10-26Copyright 2005,Oracle.All rights reserved.FGA Policydbms_fga.add_policy(object_schema=HR,object_name=EMPLOYEES,policy_name=audit_emps_salary,audit_condition=department_id=10,audit_column=SALARY,handler_schema=secure,handler_module=log_emps_salary,enable=TRUE,statement_types=SELECT);SELECT name,job_id FROM employees;SELECT name,salary FROM employees WHERE department_id=10;SECURE.LOG_ EMPS_SALARYemployeesDefines:Audit criteriaAudit actionIs created with DBMS_FGA.ADD_POLICY10-28Copyright 2005,Oracle.All rights reserved.Audited DML Statement:ConsiderationsRecords are audited if FGA predicate is satisfied and relevant columns are referenced.DELETE statements are audited regardless of any specified columns.MERGE statements are audited with the underlying INSERT or UPDATE generated statements.UPDATE hr.employeesSET salary=10WHERE commission_pct=90;UPDATE hr.employeesSET salary=10WHERE employee_id=111;10-29Copyright 2005,Oracle.All rights reserved.FGA GuidelinesTo audit all statements,use a null condition.Policy names must be unique.The audited table or view must already exist when you create the policy.If the audit condition syntax is invalid,an ORA-28112 error is raised when the audited object is accessed.If the audited column does not exist in the table,no rows are audited.If the event handler does not exist,no error is returned and the audit record is still created.10-30Copyright 2005,Oracle.All rights reserved.DBA AuditingUsers with the SYSDBA or SYSOPER privileges can connect when the database is closed:Audit trail must be stored outside the database.Connecting as SYSDBA or SYSOPER is always audited.Enable additional auditing of SYSDBA or SYSOPER actions with audit_sys_operations.Control audit trail with audit_file_dest.10-31Copyright 2005,Oracle.All rights reserved.Maintaining the Audit TrailThe audit trail should be maintained.Follow best practice guidelines:Review and store old recordsPrevent storage problemsAvoid loss of records 10-32Copyright 2005,Oracle.All rights reserved.Quiz:What Is Audited?Type of AuditWhat Is Audited?What Is in the Audit Trail?Standard database auditingValue-based auditingFine-grained auditing(FGA)Match the following text,“A”to“What is Audited?”,and“T”to“What is in the Audit Trail?”.A1:Data changed by DML statementsA2:SQL statements(insert,update,delete,select,and merge)based on content)A3:Privilege use including object accessT1:Fixed set of data including the SQL statementT2:Fixed set of dataT3:N/A10-33Copyright 2005,Oracle.All rights reserved.Where We AreComparing security aspectsApplying the principle of least privilegeManaging default user accountsImplementing standard password security featuresDescribing auditing:Mandatory auditingStandard database auditingValue-based auditingFine-grained auditingDBA auditingVirtual Private Database(VPD)10-34Copyright 2005,Oracle.All rights reserved.Virtual Private Database:OverviewVirtual Private Database(VPD)consists of:Fine-grained access controlSecure application contextVPD uses policies to add conditions to SQL statements that protect sensitive data.VPD provides row-level access control.Application attributes defined inside an application context are used by fine-grained access policies.10-35Copyright 2005,Oracle.All rights reserved.VPD ExampleBusiness rule:Employees outside the HR department are only allowed to see their own EMPLOYEES record.A salesman enters the following query:SELECT*FROM EMPLOYEES;The function implementing the security policy returns the predicate employee_id=my_emp_id and the database rewrites the query and executes the following:SELECT*FROM EMPLOYEESWHERE employee_id=my_emp_id;10-36Copyright 2005,Oracle.All rights reserved.Creating a Column-Level Policy BEGIN dbms_rls.add_policy(object_schema=hr,object_name=employees,policy_name=hr_policy,function_schema=hr,policy_function=hrsec,statement_types=select,insert,sec_relevant_cols=salary,commission_pct);END;/10-37Copyright 2005,Oracle.All rights reserved.Column-Level VPD:ExampleStatements are not always rewritten.Consider a policy protecting the SALARY and COMMISSION_PCT columns of the EMPLOYEES table.The fine-grained access control is:Not enforced for this query:Enforced for these queries:SQL SELECT last_name,salary 2 FROM employees;SQL SELECT last_name FROM employees;SQL SELECT*FROM employees;10-38Copyright 2005,Oracle.All rights reserved.Security UpdatesOracle posts security alerts on the Oracle Technology Network Web site at:http:/ database administrators and developers can also subscribe to be notified about critical security alerts via e-mail by clicking the“Subscribe to Security Alerts Here”link.10-39Copyright 2005,Oracle.All rights reserved.Applying Security PatchesUse the Critical Patch Update process.Apply all security patches and workarounds.Contact the Oracle security products team.10-40Copyright 2005,Oracle.All rights reserved.SummaryIn this lesson,you should have learned how to:Describe your DBA responsibilities for securityApply the principle of least privilegeManage default user accounts Implement standard password security featuresDescribe database auditingDescribe Virtual Private Database(VPD)10-41Copyright 2005,Oracle.All rights reserved.Practice Overview:Implementing Oracle Database SecurityThis practice covers the following topics:Expiring passwords every 60 daysLocking accounts after a grace period of 10 daysNot allowing the reuse of passwords for 1,800 daysForcing accounts to lock for 10 minutes after four failed login attempts