Agenda

About This Presentation

Title:

Agenda

Description:

The init.ora file does not list the names of the datafiles or online redo log ... Synonyms ... Synonyms can provide pointers for tables, views, procedures, ... – PowerPoint PPT presentation

Number of Views:84

Avg rating:3.0/5.0

Slides: 162

Provided by: IPNS

Category:

more less

Transcript and Presenter's Notes

Title: Agenda

1
(No Transcript)
2
Agenda

Database Overview
Oracle Audit/Security/Control

3
Objectives

Your objectives
Magic Disk
Database Control Objectives
Frank W. Lyons
Entellusfl_at_aol.com
407-774-8397

4
Terminology

Database
A set of data
Tablespaces
Logical division of a database
Files
datafile
Instances
Also known as a server
Table, columns and datatypes

5
Columns

The characteristics of a column are made up of
two parts its datatype and its length.
For columns using the NUMBER datatype, the
additional characteristics of precision and scale
can be specified. Precision determines the
number of significant digits and Scale determines
the placement of the decimal point

The Database Language

Structure Query Language (SQL)
Data Definition Language
DDL
Create, Drop, Alter
Data Manipulation Language
DML
Select, Insert, Update, Delete
Data Control Language
DCL
Grant, Revoke

7

Database Structure

Obtain the Data Structure Diagram

Customer Table
Warehouse Table
Order Table
The data structure diagram provides all the
tables and columns
8
Tables

Tables owned by the user SYS are called the data
dictionary tables
Dictionary tables provide a system catalog that
the database uses to manage itself
The database maintains the relationship between
table by using referential integrity

9

Database Structure

Object Dependencies

Database
This is the file name under the operating system
Tablespace
Table
Index
Synonym
View
Synonym
10
Databases

A database is a set of data.
Oracle provides the ability to store and access
data in a manner consistent with a defined model
known as the Relational Model.

11
Tablespaces

A tablespace is a logical division of a database
Each tablespace is constituted of one or more
files, called datafiles, on a disk. A datafile
can belong to one and only one tablespace

12

Tablespaces

To prevent users from creating objects in the
SYSTEM tablespace, any quotas on SYSTEM, which
could give a user the ability to create objects
in the SYSTEM tablespace, must be revoked
alter user Frank quota 0 on SYSTEM
When you create a new user via the create user
command, you can specify a default tablespace
create user Frank identified by excellence
default tablespace Human_Resources

13

Tablespaces

SYSTEM Data Dictionary
DATA Standard-operation tables
DATA_2 Static tables used during standard
operation
INDEXES Indexes for the standard operation
tables
INDEXES_2 Indexes for the static tables
RBS Standard operation rollback segment
RBS_2 Specialty rollback segments used for data
loads
TEMP Standard operation temporary segments
TEMP_USER Temporary segments created by a user
TOOLS RDBMS tools tables
TOOLS_1 Indexes for RDBMS tools tables
USERS User objects, in development databases

14
Instance

In order to access the data in the database,
Oracle uses a set of background processes that
are shared by all users.
A database instance (also known as a server) is a
set of memory structures and background processes
that access a set of database files.

15
Views

Views appear to be a table containing columns and
is queried in the same manner that a table is
queried
Views do not use physical storage to store data
Views can not be indexed.

16
Typical Authentication Pyramid

Application Logon

Reporting Tool
Database
Accountability lessens as you move down the
pyramid
Data
17
Where Are the Application Controls?

Direct access usually by-passes application
controls
User profiling is normally only used within the
application
Views of reporting data could be incorporated
Summarized data could be used to reduce
sensitivity

18
Relational Data Storage
Employee Table
19
Views Based on User Profile
View of the Commercial Division
Security is based on data value
20
Reduced Data Sensitivity
Employee Locator View
Security is based on columns selected
21
Summarized Views
View Summarized by Division
22
Access Type Difference

Id and Passwords
User Profiles
Accountability and audit ability

23
Data Access

Application interfaces
Reporting Tools
Direct access

24
ID and Password Controls

Where is the ID and Password Stored for
verification?
How is the password stored?
Is the same user ID used for multiple
applications?
Is the password stored in multiple locations?

25
User Profiles

Profiles allow access according to job
responsibilities
Division
Position
Security Clearance

26
User Profiles Controls

Who creates and modifies the user profile?
What audit trails are in place for profile
changes?
What approvals are required for changes to the
user profile?
What is the notification process for job
responsibility changes?

27
Accountability and Auditability

Is the user id translated to a high powered id
during application access to the data?
Does the application record read access?
When data is inserted, modified, or deleted is
the change logged?
If there is a log who is reviewing the log?

28
ID Translation

Used to prevent users from accessing data
directly
Prevents authentication by the database
management system
Creates tuning and monitoring challenges

29
Reporting Tools and Direct Access

Ad-hoc reporting
User flexibility
Less labor to support user reporting requirements
Checks and balance to insure information accuracy

30
Separate Reporting Database
Reporting Database
On-line Database
Synchronization can be done real time or on
intervals
31
Advantages of Separate Reporting Databases

Design for reporting efficiencies
On-line environment not impacted by the reporting
workload
Data can be summarized to reduce data sensitivity
Multiple reporting databases can be defined to
limit access to sensitive information

32
Disadvantages of Separate Reporting Databases

Extra storage and processor resources are
required
Extra labor resources are required to support
replication process
Special controls needed for direct access
authority
Read activity needs to be logged for audit ability

33
Reporting Tools
Reporting Tool View of Data
Reporting Database
Reporting tools can limit access by column, data
value, or through summarization.
34
Web Access

Reporting Tools can push static or dynamic
information
Design should balance performance differences
with flexibility
Security at the data level needs to be well
understood so that access is based on data
sensitivity and job responsibilities

35
Application Recovery

Code is normally static
Code changes should be installed on well defined
intervals
Recovery usually requires reboot of application
server
Corrupted application files can be restored from
the last copy

36
Database Recovery

Data is a constantly changing resource
Rebooting the database server causes the database
system to recovery any in-flight units of work
Restoring data from backup requires the database
logs to be applied to the data in order to
restore data consistency

37
Database Logs
Data Identification (Record Header)
Before Image of Data
After Image of Data
38
Log Contains All Data Modifications
User Activity
Database Log
Database
39
Backout Due to Abort or Abend
User Activity
Database Log
Database
Aborted Unit of Work
Log Records are read to backout the changes to
the data
40
Protecting Database Log

Critical Recovery Resource
Contains Sensitive Information
Needed for on-site and off-site recovery
Log shipping often done for off-site recovery

41
Log Shipping
Off-site
Database Log Copy
42
Criteria for Server Selection in the Database
Environment

Stability
Security
Recoverability
Performance

43
Key Points

Application access controls are by-passed through
most reporting interfaces
Security design MUST be centered on the data and
incorporated in each interface
Data and application recovery have key
differences and need special considerations

44
Key Points

Security should be designed around the DATA
All interface points must be reviewed
Data recoverability needs differ between
application and data
Database logs contain sensitive information

Oracle

46
Identify Risks

Default Users
Operating System configuration
Database server configuration
Listener process
Privileges
Database links
Patches

47
Init.ora

Database startup file
This file is read during the instance startup and
may be modified by the DBA. Any modifications to
this file will not take affect until the next
startup that uses this file

48

Init.ora

In the default directory configuration, the
init.ora file is stored in a directory named
/orasw/app/oracle/admin/instance_name/pfile
The init.ora file does not list the names of the
datafiles or online redo log files for the
database as these are stored in the data
dictionary.
Init.ora does list the names of the control files
for the database

49
Config.ora

A second configuration file is typically used to
store the settings of variables that do not
change after database creation
Such as the database block size
In order for the config.ora settings to be used,
the file must be listed as an include file via
the IFILE parameter in the instances init.ora
file

50
Procedures

A procedure is a block of PL/SQL statements that
is stored in the data dictionary and is called by
applications
Stored procedures help to enforce data security

51
Functions

Functions, like procedures are blocks of code
that are stored in the database.
Function are capable of returning values to the
calling program

52
Packages

Packages are used to arrange procedures and
functions into logical groupings
Packages have a public and private elements
Private elements may include procedures called by
other procedures within the package
Source code for the functions, procedures, and
packages are stored in the data dictionary tables

53
Triggers

Triggers are procedures that are executed when a
specified database event takes place against a
specified table
Used as part of referential integrity
Used to enforce additional security
Used to enhance the available auditing options

54

Triggers

Two types of triggers
Statement triggers
Fire once for each triggering statement
Row triggers
Fire once for each row in a table affected by the
statement
For each type a BEFORE trigger and AFTER trigger
can be created
Triggering events include inserts, updates, and
deletes

55
Synonyms

To completely identify a database object such as
a table or a view, the host machine name, the
server instance name, the objects owner, and the
objects name must be specified
Synonyms reduce this effort
Public synonyms are shared by all users
Synonyms can provide pointers for tables, views,
procedures, functions, packages, and sequences

56

Database Life Cycles

Planning
Creating
Monitoring
Tuning
Securing
Auditing

57
Operating system configuration

Use file system security to protect the DBMS
software and data files (Only allow the Oracle
user and Oracle group access to the files)
Turn off all operating system functionality/servic
es that are not required by the DATABASE SERVER
(mail,ftp,telnet)
Turn on O/S level auditing and review the audit
log daily
Secure the backup of the database
Audit regularly

58
Database System Configuration

Remove non-essential users and enforce password
management (see appendix)
Change the default passwords on accounts
Do not allow development in a production
database/server
Secure the development database (may contain
production data)
Keep the software up to date and patched

59
Database System Configuration Oracle Database -
Physical Structures

When a backup of a database occurs, the backup
software is making copies of the physical
structures of an Oracle instance.
Physical Structures stored in the operating
system
Control File
Online Redo Log
Data File
INIT.ORA
SPFILE (Oracle9i)
ORACLE_HOME (Oracle software)
Backup destination

60
Database System Configuration Oracle
Database/Physical Structures

Control File
Contains information about the instance and all
of its external files.
Used by Oracle to know if a data file needs
recovery.
Audit view VCONTROLFILE
Online Redo Log
Keeps track of all the transactional activity
that makes changes to the database.
Audit view VLOGFILE

61
Database System Configuration Oracle
Database/Physical Structures

Data File
Associated with a single tablespace.
Oracle server creates a data file for a
tablespace by allocating the specified amount of
disk storage a small overhead.
Can contain data segment (table), index segment
(primary keys, unique constraints or tuning
indexes), rollback and temporary segments.
Audit view DBA_DATA_FILES
INIT.ORA
Used by the Oracle instance to configure how much
of the OS resources will be used by the instance.
Parameters can be placed here for optional
processes
Audit view VPARAMETER

62
Database System Configuration Oracle
Database/Physical Structures

Data File
Audit view DBA_DATA_FILES
SQLgt select file_name from dba_data_files
order by file_name
Control File
Audit view VCONTROLFILE
SQLgt select from vcontrolfile
Online Redo Log
Audit view VLOGFILE
SQLgt select from vlogfile
order by group

63
Database System Configuration Oracle
Database/Physical Structures

INIT.ORA
Audit view VPARAMETER
SQLgt select name,value from vparameter
License/version
Audit view vversion
SQLgt select from vversion

64
Privileges
Third party application owner will typically have
the DBA role granted to them This is needed
for installs/upgrades of software, but typically
can be removed for day to day activities SELECT
ANY TABLE privilege should not be allowed on any
end user
65
Privileges

SELECT ANY TABLE privilege gives users the
ability to select from ANY table
including SYS.USER and SYS.LINK
These tables will show passwords

66
Privileges Audit Checklist
SQLgt select privilege privilege_granted,
grantee,admin_option from
sys.dba_sys_privs where not
exists (select
'x' from sys.dba_users where username
grantee) order by privilege_granted,admin_o
ption
67
Privileges Audit Checklist
PRIVILEGE_GRANTED GRANTEE
ADM --------------------------------------------
----- --- QUERY REWRITE AROLE
NO QUERY REWRITE DBA
YES RESTRICTED SESSION DBA
YES SELECT ANY
DICTIONARY OEM_MONITOR NO
SELECT ANY DICTIONARY DBA
YES SELECT ANY TABLE DBA YES SELECT
ANY TABLE IMP_FULL_DATABASE NO
68
Database Link

Used to connect one database to another
The Database link contains
USER ACCOUNT TO CONNECT TO THE TARGET DATABASE
LOCAL USERNAME AND PASSWORD
(HARD CODED) or pass through authentication
CONNECT STRING (Oracle / SQLNET/ NET8)
Audit view dba_db_links

69
Oracle NET / NET8 /SQLNET LISTENER Configuration
Server
Client
70
Oracle NET / NET8 /SQLNet LISTENER

Oracle NET enables communications between
partners in a distributed transaction
Applies to client/server or server/server
environment.
During the life of a connection, resolves all
differences between the internal data
representations and/or character sets of the
computer.
Net8 has been renamed to Oracle NET for 9i

71
Harden the Listener Process

The configuration file for the listener is
LISTENER.ORA.
LISTENER.ORA resides on the server and defines
Listener name, a database can have multiple
listeners
The network listener address
The SID of the database for which it listens
Parameters that influence the network listeners
behavior, including tracing, timeout and
logging and password

72
Harden the Listener Process

Prevent unauthorized administration of the Oracle
Listener by
ADMIN_RESTRICTIONS_listener_nameON
Use a password on all listeners
At the lsnrctl prompt enter change_password

73
Oracle NET / Net8 /SQLNET Configuration

Oracle Names
Network service that provides centralized name
resolution to Oracle clients and servers.
Consists of one or more administrative regions,
each having a single installation of the Oracle
Network Manager tool.
Oracle Network Manager enables the administrator
to administer the following in its
administrative region
All database listeners
Global database links
Clients, interchanges and Names Servers.

74
Oracle NET/ NET8 / SQLNet Configuration

Oracle Names (continued)
Clients do not need a TNSNAMES.ORA file if an
Oracle Names Server is used.
If a TNSNAMES.ORA file is created, the client may
use it to resolve the service name before
resolving it through the Names Server.
Clients have a SQLNET.ORA file that identifies
Oracle Names Server. This file can reference a
file on a server so that it doesnt have to
change if the Names Server changes.

75
Oracle NET / NET8 /SQLNET Configuration
3
Names Server
76
Oracle NET/ NET8 /SQLNet Audit checklist

Listener password protected
Is ADMIN_RESTRICTION turned on
Is a protocol.ora in place for node checking
How is tnsnames protected
ONAMES is used, this adds an additional server to
be audited

77
Oracle listener Audit checklist

Set up the listener with password
Set up a strong password
Protect the listener .ora file (this is where the
password is kept)

78
Patches Audit checklist
Verify patches using the VVERSION view Keep
informed on the latest security
patches http//otn.oracle.com/deploy/security/aler
ts.htm Have a policy on how quickly a critical
security patch should be applied Oracle rates
severity of patches one is most severe
79
Patches
Alerts (Subscribe to security alerts ) PDFBuffer
Overflows in EXTPROC of Oracle Database
ServerAlert 57, Rev 2, 07August 2003PDFBuffer
Overflow Vulnerability in Oracle E-Business
SuiteAlert 56, Rev 1, 23 July 2003PDFUnauthorize
d Disclosure of Information in Oracle E-Business
SuiteAlert 55, Rev 1, 23 July 2003PDFBuffer
Overflow in Net Services for Oracle Database
ServerAlert 54, Rev 2, 30 April 2003PDFReport
Review Agent Vulnerability in Oracle E-Business
SuiteAlert 53, Rev 1, 10 April 2003PDFTwo
Security Vulnerabilities in Oracle9i Application
ServerAlert 52, Rev 3, Updated 03 March
2003PDFBuffer Overflow in ORACLE executable of
Oracle9i Database ServerAlert 51, Rev 6, Updated
18 April 2003PDFBuffer Overflow in Oracle9i
Database ServerAlert 50, Rev 6, Updated 18 April
2003
80
Oracle's built-in toolsUSERS / SCHEMAS
Security Domain Defines the security settings
that Apply to the user Authentication
Mechanism Database Operating system Network Pri
vilegesDirect/Indirect (via roles)
81
Oracle's built-in toolsUSERS / Database SCHEMAS
Authentication Mechanism Database passwords
are kept internally in a database table
encrypted Operating systemPasswords are kept
in the operating system
82
Oracle's tools to purchase

Authentication Mechanism using
Oracle Advanced Security option
Network Uses third party network
authentication services (like Kerberos and
SESAME)
Token Devices, one time passwords are used to
authenticate
Biometrics Devices, use physical features of
users to authenticate
Advanced Encryption Standard (AES)
AES is symmetric block cipher
AES-128,AES-192 and AES-256

83
Oracle's built-in toolsUSERS / Database SCHEMAS
Predefined users Sys/change_on_install (super
user in Oracle,schema for Oracle dictionary
tables) System/manager (Owner of internal tables
used by Oracle tools) Scott/tiger (created by
demo files, sometimes left in production) Note
9i passwords are custom, unless you create the
Database using the Database creation assistant in
batch mode Additional users defined later in the
Oracle9i section
84
Oracle's built-in tools Password File to
authenticate DBAs
A password file for DBAs is optional and can be
setup using the ORAPWD password utility. The
password file will restrict administration
privilege to only the users who know the password
and have been granted a special role. The
roles are SYSDBA and SYSOPER.
85
Oracle's built-in toolsTwo special roles
SYSOPER/SYSDBA
SYSOPER Permits you to perform STARTUP,
SHUTDOWN, ALTER DATABASE OPEN/MOUNT,
ALTER DATABASE BACKUP, ARCHIVE LOG, and RECOVER,
and includes the RESTRICTED SESSION privilege.
86
Oracle's built-in tools
SYSDBA Contains all system privileges with ADMIN
OPTION, and the SYSOPER system privilege CREATE
DATABASE and time-based recovery. Listing
Password File Members Audit view VPWFILE_USERS
will show all users that have been granted
SYSDBA and SYSOPER system privileges for a
database.
87
Oracle's built-in toolsADMINISTERING PRIVILEGES
Two types of privileges System Enables users
to perform ADMIN type activities in the
database OBJECT Enables users to access and
manipulate objects
88
Oracle's built-in toolsSYSTEM PRIVILEGES
Administering privileges System 80 system
privileges The ANY keyword means that the user
has the privilege for any schema. The GRANT
command is used to add a privilege to a user or
group of users GRANT CREATE SESSION to
smith GRANT CREATE SESSION to smith with ADMIN
OPTION The REVOKE command deletes the
privilege REVOKE CREATE SESSION to smith
89
Oracle's built-in toolsSYSTEM PRIVILEGES
Administering privilegesDisplaying System
Privileges DATABASE LEVEL SESSION
LEVEL DBA_SYS_PRIVS SESSION_PRIVS Grantee Priv
ilege Privilege Admin option
90
Oracle's built-in toolsOBJECT PRIVILEGES
OBJECT SQL STATEMENT Allowed ALTER ALTER
object (table or sequence) DELETE DELETE FROM
object (table or view) EXECUTE EXECUTE object
(procedure or function). References to public
package variables INDEX CREATE INDEX ON
object (tables only) INSERT INSERT INTO
object (table or view) REFERENCES CREATE or
ALTER TABLE statement defining a FOREIGN KEY
integrity constraint on object (tables only)
SELECT SELECT...FROM object (table, view, or
snapshot). SQL statements using a sequence
91
Oracle's built-in toolsDISPLAYING OBJECT
PRIVILEGES
DBA_TAB_PRIVS DBA_COL_PRIVS Grantee Grantee Ow
ner Owner Table_name Table_name Grantor Col
umn_name Privilege Grantor grantable Privile
ge Grantable
92
Oracle's built-in toolsUSERS / Database SCHEMAS
Restriction privilege system by enabling
O7_DICTIONARY_ACCESSIBILITYFALSE This
prevents users with the system ANY from being
able to execute against the SYS schema The
default is TRUE This allows the user with the
ANY privilege to execute against the SYS schema
93
Oracle's built-in toolsAdministering privileges
A role is a database entity that is a named
group of privileges. It is unique within the
database and not owned by a user. A role can be
authenticated by a password. Special role
SELECT_CATALOG_ROLE, which enable access to the
data dictionary
94
Oracle's built-in toolsPredefined roles
ROLENAME DESCRIPTION
CONNECT Provided for
backward RESOURCE compatibility DBA All
systems privileges w/admin EXP_FULL_DATABASE Priv
ileges to export the DB IMP_FULL_DATABASE Privil
eges to Import the DB DELETE_CATALOG_ROLE Delete
privileges on dictionary EXECUTE_CATALOG_ROLE Exe
cute privilege on dictionary SELECT_CATALOG_ROLE
Select privilege dictionary tables PUBLIC Role
that all users have
95
Oracle's built-in toolsDisplaying information on
roles
DATABASE ROLE VIEW DESCRIPTION DBA_ROLES All
roles which exist in the DB DBA_ROLE_PRIVS Roles
granted to users and roles ROLE_ROLE_PRIVS Role
s which are granted to roles DBA_SYS_PRIVS Syste
m privileges grated to users and
roles ROLE_SYS_PRIVS System privileges granted
to roles ROLE_TAB_PRIVS Table privileges
granted to roles SESSION_ROLES Roles which the
user currently has enabled
96
Oracle's built-in toolsPROFILES used for
password management

A PROFILE is a named set of limits for passwords
and system resources
Are assigned to users
Can become the default for all users
Can be enabled or disabled

97
Oracle's built-in toolsPROFILES

A PROFILE is a named set of limits for passwords
And system resources
CPU time
I/O operations
IDLE time (inactive time measured in minutes)
Connect time (measured in minutes)
Memory space
Concurrent sessions
Passwords aging and expiration
Password history
Password complexity verification
Account locking

98
Oracle's built-in toolsPROFILES management
Create a profile CREATE PROFILE end_user_prof
LIMIT SESSIONS_PER_USER 1 IDLE_TIME 60 CONNECT
TIME 600 Modify a profile ALTER PROFILE
end_user_prof limit IDLE_TIME 10 Remove a
profile DROP PROFILE end_user_prof DROP PROFILE
end_user_prof CASCADE
99
Oracle's built-in toolsPROFILES management

Associate a user to a profile
ALTER USER smith
PROFILE end_user_prof
Resource limits must be enable to enforce profile
limits,
This does not include password management.
Two ways to enable
ALTER SYSTEM SET RESOURCE_LIMITTRUE
1. Modify the init.ora file and set
RESOURCE_LIMITTRUE,
2. Restart the instance

100
Oracle's built-in toolsPROFILES displaying
resource limits
DBA_USERS Profile username
DBA_PROFILES Profile Resource_name Resource_type L
imit
Join the views DBA_USERS and DBA_PROFILES To
display the resource limits
101
Oracle's built-in toolsPASSWORD MANAGEMENT
PARAMETER DESCRIPTION FAILED_LOGIN_ATTEMPTS Nu
mber of failed login attempts before
lockout PASSWORD_LOCK_TIME Number of days
password will remain locked upon password
expiring PASSWORD_LIFE_TIME Lifetime of
password measured in days PASSWORD_GRACE_TIM
E Grace period in days for changing the
password, after it has expired
102
Oracle's built-in toolsPASSWORD MANAGEMENT
PARAMETER DESCRIPTION PASSWORD_REUSE_TIME Numb
er of days before a password can be
reused PASSWORD_REUSE_MAX Maximum number of
times a password can be reused PASSWORD_VERI
FY_FUNCTION PL/SQL package that makes a
complexity check before a password is
assigned Note The script utlpwdmg.sql must
be run in the SYS schema to enable
103
Oracle's built-in toolsPASSWORD MANAGEMENT

VERIFY_FUNCTION
Minimum length of four characters
Password not equal to user name
Password must have at least one alpha,
numeric,special character
Password must differ from the last password by
three characters

104
Oracle's built-in toolsPASSWORD MANAGEMENT
CREATE PROFILE passwd_mgt FAILED_LOGIN_ATTEMPTS
3 PASSWORD_LIFE_TIME 30 PASSWORD_REUSE_TIME
30 PASSWORD_VERIFIY_FUNCTION verify_function PA
SSWORD_GRACE_TIME 5
105
Oracle's built-in toolsDisplaying PROFILES
information
DBA_PROFILES Profile Resource_name Resource_type
PASSWORD limit
106
Auditing the Database

Audit a specific user
Audit for a specific statement
Audit for a specific statement on a schema user
Audit to know what happens on your database
Audit failed logon attempts
Audit to know who changed what and when

107
Auditing the Database

Audit by session or access
Audit by successful or not successful status
Audit with discretion
Audit actions
Alter, audit,comment,create,delete,execute,
grant,index,insert,lock,read,reference,rename,sele
ct,update,write

108
Auditing the Databasesyntax

AUDIT statementsystem_priv
BY user
BY SESSIONACCESS
WHENEVER NOT SUCCESSFUL
NOTE
BY SESSION will create only one audit record
Per session
BY ACCESS will create a record for each auditable
activity

109
Auditing the Database(cont)

Audit to know what happens on your database
High level of unsuccessful logins
Audit through the middle tier
Audit the user statement
Audit the audit table

110
Auditing the Database connect internal (Oracle8i)

NT Systems On NT Systems you can see auditing
for INTERNAL in the event viewer. The INTERNAL
connections are written to the operating system
audit trail .
Unix Systems On Unix Systems the INTERNAL
connections are logged to special log files
stored in the Oracle_HOME/rdbms/audit directory.

111
Auditing the Database SYSDBA/SYSOPER

Initialization parameter
AUDIT_SYS_OPERATIONSTRUE
Will write all activities to an O/S audit log

112
Auditing the Database(cont)

TIPS on auditing
Run reports on a daily basis
Truncate the audit table on a daily basis
Use whenever not successful option (whenever you
can)
Use the by session clause
Auditing is now optimized (statements are parsed
once for execution and audit
Set default audit options
May need to create an alarm facility

113
Auditing the Database(cont)

TIPS on auditing
Oracle preserves the identify of the user on the
middle tier and can capture the user id of who
logged into the database via the TP monitor
This means that oracle can audit the true user
who initiated the transaction and the user who
logged into the database (TP monitor)
Protect the audit trail
AUDIT delete ON sys.aud BY ACCESS
Only the DBA or SECURITY personnel should
Have the DELETE_CATALOG_ROLE

114
Auditing the DatabaseViews to the AUDIT Table

ALL_DEF_AUDIT_OPTS
AUDIT_ACTIONS
DBA_AUDIT_EXISTS
DBA_AUDIT_OBJECT
DBA_AUDIT_SESSION
DBA_AUDIT_STATEMENT
DBA_AUDIT_TRAIL
DBA_OBJ_AUDIT_OPTS
DBA_PRIV_AUDIT_OPTS
DBA_STMT_AUDIT_OPTS

115
Audit/Security Approach

Account Security
Object Privileges
System Level Roles and Privileges

116

Audit/Security Approach

Create User
Username
Password
Default Tablespace
Temporary Tablespace
Quota (on Tablespaces)
Profile
Assigns a profile to the user, if none is
specified, then the default profile is used.
Profiles are used to restrict the usage of system
resources and to enforce password management
rules. The default is set to UNLIMITED resource
consumption

117
Audit/Security Approach

System Level Privileges
ANY and PUBLIC are not synonymous. A PUBLIC
object is accessible to all users in a database
all other objects are privately owned. The ANY
option allows you to create private objects in
other users schemas
There are eight system level roles provided with
Oracle
Connect
EXP_FULL_DATABASE
Resource
Select_Catalog_Role
DBA
Execute_Catalog_Role
IMP_FULL_DATABASE Delete_Catalog_Role

118
Audit/Security Approach

User Profile
SESSION_PER_USER
CPU_PER_SESSION
CPU_PER_CALL
CONNECT_TIME
IDLE_TIME
LOGICAL_READS_PER_SESSION
LOGICAL_READS_PER_CALL
PRIVATE_SGA
COMPOSITE_LIMIT
FAILED_LOGIN_ATTEMPTS
PASSWORD_LIFE_TIME
PASSWORD_REUSE_TIME
PASSWORD_REUSE_MAX
PASSWORD_LOCK-TIME
PASSWORD_GRACE_TIME
PASSWORD_VERIFY_FUNCTION

119
Audit/Security Approach

Object Level Privileges
Grants
Grant with grant option
Privileges
SELECT
INSERT
UPDATE
DELETE
ALTER
INDEX
REFERENCES
EXECUTE
READ

120
Audit/Security Approach

Dictionary Views
DBA_ROLES Names of
roles and their password status
DBA_ROLE_PRIVS Users who have
been granted roles
DBA_SYS_PRIVS Users who have
been granted system privileges
DBA_TAB_PRIVS Users who have
been granted privileges on tables
DBA_COL_PRIVS Users who have
been granted privileges on columns
ROLE_ROLE_PRIVS Roles that have
been granted to other roles
ROLE_SYS_PRIVS System privileges
that have been granted to roles
ROLE_TAB_PRIVS Table privileges
that have been granted to roles

121
Audit/Security Approach

Password Security During Logins
When you connect to a database server from a
client machine, or from one database to another
via a database link, Oracle transmits the
password you enter in an unencrypted format
unless you specify otherwise. As of Oracle8, you
can set parameters that forces Oracle to encrypt
the password values prior to transmitting them.
To enable password encryption, set the following
parameters
On the client set the ORA_ENCRYPT_LOGIN
parameter in your sqlnet.ora file to TRUE
On the server set the DBLINK_ENCRYPT_LOGIN
parameter in your init.ora file to TRUE
Shut down and restart the database

122

Audit/Security Approach

Password
Password specified for a user account or a role
are stored in an encrypted version in the data
dictionary
Setting the same password for two different
accounts will result in different encryption
For all passwords, the encrypted value is 16
characters long and contains numbers and capital
letters.
When a password is entered during a user
validation, that password is encrypted, and the
encryption that is generated is compared to the
one in the data dictionary for that account, if
they match, then the password is correct and the
authorization succeeds.

123

Audit/Security Approach

Passwords
Knowing how the database stores passwords is
important because it adds new options to account
security.
To query the Username and Password fields from
DBA_USERS
select
Username, /Username/
Password /Encrypted password/
from DBA_USERS
where Username is (Lyons)

124

Audit/Security Approach

Becoming Another User
Since the encrypted password can be set, you can
temporarily take over any account and then set it
back to its original password without ever
knowing the accounts password. This capability
allows you to become another user
Query DBA_USERS to determine the current
encrypted password to the account
Generate the alter user command that will be
needed to reset the encrypted password to its
current value after you are done
Spool the alter user command to a file
Change the users password
Access the users account
Run the file containing the alter user command to
reset the users encrypted password to its
original value.

125
Database

Determine Permission Levels
Do not give direct table level permissions to an
end user
No - Select (Query from Hell), Update, Insert,
Delete
Instead, use stored procedures
Better yet, do not let user know how to sign on
to the database application
Authenticate the user and then supply a new
password that they do not even know about. In
this way the user must first authenticate to the
application and cannot go around this
authentication process to access the database

126
Privileges and Roles

Access to an object owned by another account
Privilege must have been granted
Privileges such as insert, select, update, and
delete
Privileges can be granted to users, groups,
roles, or to Public
Roles are groups of privileges
Use roles to grant system level privileges such
as create table

127
Role Definitions

System Level Roles
Connect
Resource
DBA
User Defined System Level Roles

128

Role Definitions

Connect Role
Gives users privileges beyond just creating
sessions in the database. In addition to the
Create Session system privilege, the Connect role
gives the users the following system privileges
Alter Session
Create Cluster
Create Database Link
Create Sequence
Create Synonym
Create Table
Create View

129

Role Definitions

Resource Role
The resource role has the following system
privileges
Create Cluster
Create Index
Create Procedure
Create Sequence
Create Table
Create Trigger
Create Type

130

Role Definitions

DBA Role
The DBA role has all system privileges with admin
option, which means that the DBA can grant the
system privileges to any other user

131
Auditing

The database has the ability to audit all actions
that take place within it. Audit records may be
written to either the SYS.AUD or the operating
systems audit trail. The ability to use the
operating systems audit trail is operating
system-dependent
Three different types of actions may be audited
Login attempts, Object accesses and Database
actions
The databases default functionality is to record
both successful and unsuccessful commands
To enable auditing in a database, the init.ora
file for the database must contain an entry for
the AUDIT_TRAIL parameter.

132
Auditing

The AUDIT_TRAIL values are
NONE - Disable auditing
DB - Enables auditing, writing to the
SYS.AUD table
OS - Enables auditing, writing to the
operating systems audit trails

133
Auditing

Audit command
Can be issued regardless of the setting of the
AUDIT_TRAIL parameter. They will not be
activated unless the database is started using an
init.ora AUDIT_TRAIL value that enables auditing
If you elect to store the audit records in the
SYS.AUD table, then that tables records should
be periodically archived and the table should
then be truncated. Since it is the data
dictionary, this table is in the SYSTEM
tablespace and may cause space problems if its
records are not periodically cleaned out. You
can grant DELETE_CATLOG_ROLE to a user to give
the user the ability to delete from the SYS.AUD
table.
Every attempt to connect to the database can be
audited. The command to begin auditing of login
attempts is
audit session
audit session whenever successful
audit session whenever not successful

134

Audit Features

Establish minimum audit standards
Login/Logoffs
Adding of New Users
Adding Users to Groups
All Grants and Revokes
Remember that auditing takes up much storage and
processing time

135
Trace Files

Each of the background processes running in an
instance has a trace file associated with it.
The trace file will contain information about
significant events encountered by the background
process
In addition, Oracle maintains a file called the
alert log
The alert log records the commands and command
results of major events. This includes,
tablespace creations, redo log switches, recovery
operations, and database startups

136
Alert Log

The alert log is a vital source of information
for day-to-day operations
Trace files are most useful when attempting to
discover the cause of a major failure.

137
Database Constraints

A table can have constraints placed upon it
A constraint is applied to a table and every row
in the table must satisfy the conditions
specified in the constraint definition

138
Database

DBMS Journal Redo Logs
SVRMGR program for Database Administration tasks
Performs backup of the redo logs
SQL COMMIT statements
Used by application programs
Backup is on-line

139
Backup/Recovery

Backup and Recovery Options
Export/Import
Offline Backups
Online Backups

140
Users

A user account is not a physical structure in the
database
Users own the database objects
The user SYS owns the data dictionary tables
The user SYSTEM owns views that access the data
dictionary tables for use by the rest of the
users in the database

141
Users

User accounts can be connected to an operating
system
This allows the user to enter only one password
to obtain access to the operating system and the
database

142
Database

Responsibility for the Security Officer
Should Perform
All Grants and Revokes
Review Security and Audit Logs
Maintain a copy of Audit Logs for the Auditors

143
Exposures

Clear text transmission over the network
Connect ID and Access ID for application
Direct connection to the database from the desktop

144
Securing the SQL Plus Tool

PRODUCT_PROFILE table to provide product-level
Security for oracle products and augment
user-level Security
With this table, you can enforce security on a
per-user basis and restrict certain SQL and
SQLplus commands.

145
Securing the SQL Plus Tool

SQLplus commands
EDIT EXECUTE EXIT GET HOST (or your operating
systems alias for HOST, such as on VMS and !
on UNIX)
QUIT RUN SAVE SET (Spool start
SQL commands
Alter analyze audit connect create delete
Drop grant insert lock NOAUDIT rename revoke
Select set role set transaction truncate update

146
Securing the SQL Plus ToolRecommended commands
to restrict

Commands reason
HOST allows user access to a operating-system
prompt
SET ROLE allows a user to set a new security
role
GRANT allows a user to grant privileges
NOAUDIT allows a user to turn off auditing
You should restrict access to the PRODUCT_PROFILE

147
Oracle Security Checklist

Revoke unnecessary privileges from PUBLIC ROLE
Revoke all unnecessary privileges and roles from
the database server
PUBLIC is the default role granted to every user
Privileges include EXECUTE on various powerful
packages that may potentially be misused include
UTL_SMTP
This package permits arbitrary mail messages to
be sent from one arbitrary user to another
arbitrary user.

148
Oracle Security Checklist

Revoke unnecessary privileges from PUBLIC ROLE
UTL_TCP
This package permits outgoing network connections
to be established by the database server to any
receiving (or waiting) network service.
UTL_HTTP
This package allows the database server to
request and retrieve data via HTTP. Granting this
package to PUBLIC may permit data to be sent via
HTML forms to a malicious web site.

149
Oracle Security Checklist

Revoke unnecessary privileges from PUBLIC ROLE
UTL_FILE
If configured improperly, this package allows
text level access to any file on the host
operating system. Even when properly configured,
this package does not distinguish between its
calling applications with the result that one
application with access to UTL_FILE may write
arbitrary data into the same location that is
written to by another application.

150
Oracle Security Checklist

Revoke unnecessary privileges from PUBLIC ROLE
DBMS_RANDOM
Is used to encrypt stored data.
encrypted data may be non-recoverable if the keys
are not securely generated
Do not assign all permissions to any database
server run-time facility
Oracle Java Virtual Machine (OJVM)
Grant specific permissions to the explicit
document root file paths for such facilities that
may execute files and packages outside the
database server.
call dbms_java.grant_permission('SCOTT',
'SYSjava.io.FilePermission','ltltALL
FILESgtgt','read')

151
Oracle Security Checklist

Authenticate clients properly
Remote authentication is a security feature
provided by Oracle9i such that if turned on
(TRUE), it defers authentication of users to the
remote client connecting to an Oracle database.
configuration parameter in the following manner
REMOTE_OS_AUTHENT FALSE will be more secure
RESTRICT NETWORK ACCESS
Utilize a firewall
Keep the database server behind a firewall.
Oracle9i s network infrastructure, Oracle Net
(formerly known as Net8 and
SQLNet), offers support for a variety of
firewalls from various vendors. Supported
proxy-enabled firewalls

152
Oracle Tools

Virtual Private Database/label security
Attach security policies at the Table or View
level, allows for easy integration to existing
systems.
One to many policies per Table.
Different policies for different type of accesses
(SELECT,UPDATE..).

153
Oracle Security Checklist

Virtual Private Database using application
contexts.
User-definable can allow security based on
categories (Employee number, Cost Center). These
contexts are used in the security policy
function.
Access to session primitives (information about a
user session) using USERENV application context

154
Oracle Tools

Oracle Enterprise Manger
Security Manager
Application Security, Inc
http//www.appsecinc.com/products/
APPLICATION VULNERABILITY ASSESSMENT
AppDetective Network-based vulnerability
assessment tool that rates the security strength
of applications within your network. Armed with a
revolutionary security methodology together with
an extensive knowledgebase of application
vulnerabilities, AppDetective will locate,
examine, report, and help fix your security holes
and miss-configurations at your command.

155
Oracle Tools

DATABASE ENCRYPTION
DbEncrypt Easy-to-use, affordable, and
effective security solution for encrypting column
and row data within the database. Provided with
DbEncrypt are encryption algorithms, templates,
and an intuitive point-and-click interface.
APPLICATION INTRUSION DETECTION
AppRadar Intrusion detection solution strictly
for application-specific attacks and malicious
behavior. As a complementary solution to existing
intrusion detection systems, AppRadar empowers
organizations with a real-time security solution
able to thwart attacks and malicious behavior
against all of your mission-critical enterprise
applications.