15 November 2012

Is your Data secure!

Oracle Database Security solutions can help to secure your data.

As you all know Cyber crime is on the rise and phishing on the web and rootkits and hacking are common these days. But not only your passwords and personal information is in risk of being stolen, also your Enterprise Data in your Databases is in risk of being compromised and stolen by all kinds of criminal elements.

Forrester recommends a comprehensive database security strategy should comprise of
three key pillars.

Foundation Pillar Comprises Of 
1) Discovery, 
2) Classification,
3) AAA, And Patch Management

Without understanding where and how your sensitive data is used, data security can be very challenging. The foundation pillar stresses on discovery and classification of sensitive data and having a robust authentication, authorization, and access control framework. In addition, all critical databases should be patched on a regular basis to eliminate known vulnerabilities. Understanding which databases contain sensitive data is a key requirement for any database security strategy. Enterprises should take a complete and ongoing inventory of all databases, including production and nonproduction, and ensure authentication, authorization, and access control is enabled for all critical databases. To establish a strong database security foundation, enterprises should use:
  •        Database discovery and classification that provides information on which databases to focus.
  • ·       Authentication, authorization, and access control for database access.
  • ·       Patch management that protects against known vulnerabilities.

SQL injection as a hacking technique is widely used and mostly due to faulty or sloppy programming. Can you afford to figure out which PL/SQL procedures and SQL queries lack bind variables and are subject to potential SQL injection and have all your Data in your Database compromised?
If your answer is no to this question, then take a look at the Oracle solutions to protect your DATA. Below you can find an overview video with all the security solutions for your enterprise that can help you protect your DATA.

As you can see in de figure below it is really important to protect your DATA as two third of all data recides in Databases, making this new Oracle technology more valuable then ever.
As already said hacking and criminal web behavior is becoming more of a problem then ever, even small businesses and individuals are targeted, as more and more things are done online:

And threats are not coming only from the outside, also fraudulent behavior from your workforce is becoming a concern to think about:

SQL Injection explained:

And the number of compliance regulations grows and companies start legging behind in conforming to these law imposed regulations:

There is a smart and quick solution to this however the Oracle Security solution, which is consisting of multiple facets, like the Database Firewall, the Audit Vault, Label Security, Data Masking amongst other features, as can be seen in the figure below:

How does all of this work in a overview easy to understand way, well the things you like to prevent from malicious hackers to do are the things listed below:

How unauthorized users are prevented to gain access to data that is not meant for their eyes the figure below explains how this is prevented.

You can control access to Data in the Database as follows:

Role based access control or classification of Data for certain users to allow access to that data.


Control users access to DATA with the Oracle Audit Vault:

And track changes to DATA with the Total Recall facility in the Oracle Database, for Critical Data with the Flashback Archive feature from Oracle Database 11gR2.

Here is a small video that explains Oracle Database Auditing: Oracle Database Audit Vault:

And here is a demo on Oracle Database Vault:

For more info please contact DBA Consulting at:
Drs. Albert Spijkers
DBA Consulting
web:              http://www.dbaconsulting.nl
blog:              http://drsalbertspijkers.blogspot.com/
profile:           http://nl.linkedin.com/pub/drs-albert-spijkers/13/b4a/7a8
Facebook :     http://www.facebook.com/DBA-Consulting
email: albertspijkers@dbaconsulting.nl

0 reacties:

Post a Comment