The need for more sophisticated controls on access to sensitive data is becoming increasingly important as organizations address emerging security requirements around data consolidation, privacy and compliance. There are many examples of data breaches which have been perpetrated using stolen credentials, SQL injection or by insiders who are authorized to access the system and its data. Currently, hot topic news in Denmark is, where a popular week-magazine received sensitive information about famous people, from a highly trusted person, working for the Nordic provider of payment card transactions. Unfortunately this incident is not unique and happens far too often. Securing data requires a defense-in-depth approach. Both technical and administrative employees need to be involved to prevent and monitor unauthorized access to sensitive data. Payment Card Industry (PCI), Sarbanes-Oxley (SOX), EU Privacy Directive and the Healthcare Insurance Portability and Accountability Act (HIPAA) all require strong internal controls on access, disclosure or modification of sensitive information that could lead to fraud, identity theft, financial irregularities and financial penalties.
This blog will list various Oracle database security features that may help to prevent or discover unauthorized access of confidential data with the right setup. In addition, we will discuss some of the Oracle Security options that use combinations of these features and make it easier to secure sensitive information from the database.
Database Auditing (DA)
DA is the monitoring and recording of selected user database actions. Security policies can trigger auditing when specified elements in the database are accessed or altered. Audit records include information about the operation that was audited, the user performing the operation, and the time of the operation. Audit records can be stored in the database audit trail or in files on the operating system. Standard auditing includes operations on privileges, schemas, objects, and statements. To enable DA, the initialization parameter, AUDIT_TRAIL, should be set to “DB”, “DB,EXTENDED”, “XML”, “XML, EXTENDED” or “OS”.
Fine Grained Audit (FGA)
With FGA, it is possible to create audit policies, that records if a user viewed (selected) data from a specific table or table column. Audit records include information about the operation that was audited, the user performing the operation, and the time of the operation. Audit trail records created by FGA can be captured and analyzed in Oracle Audit Vault and Database Firewall, automatically alerting the security team about possible malicious activity.
Transparent Data Encryption (TDE)
The TDE feature allows confidential data to be encrypted within the data files to prevent access to it from the hard drive or backup media. TDE stores sensitive data in encrypted form and when the data is accessed, it automatically decrypt it. Encrypted data is transparently decrypted for a database user or application that has privileges to access the data. TDE helps protect data stored on media in the event that the storage media or data file gets stolen. Oracle requires the Advanced Security Option to be enabled.
Encrypt Database Backups
Encryption is the only defense when it comes to protecting business data when it is transported on tape or disk to offsite storage for safekeeping. Oracle provides two solutions for encrypting database backups.
1) Oracle RMAN can encrypt an entire database backup using one of these three methods: TDE, Passphrase or Hybrid (both Passphrase and TDE).
2) Oracle Secure Backup (OSB), delivers tape data protection for the Oracle database and file systems in distributed UNIX, Linux, Windows and Network Attached Storage (NAS) environments.
Encrypt Database Export files
Oracle Data Pump can encrypt an export file using one of these three methods: TDE, Passphrase or Hybrid (both Passphrase and TDE).
Virtual Private Database (VPD)
A VPD masks data in a larger database so that only a subset of the data appear to exist, without actually segregating data into different tables, schemas, databases. In other words, VPD allows multiple users to access a single schema whilst preventing them from accessing data that is not relevant to them. Oracle VPD enables you to create security policies to control database access at the row and column level. Essentially, VPD adds a dynamic WHERE clause to a SQL statement that is issued against the table, view, or synonym to which an VPD security policy was applied. A simple VPD example might restrict access to data during business hours and a more complex VPD example might read an application context during a login trigger and enforce row level security against a specific table.
Roles are a powerful method for managing privileges in the Oracle Database. You can add privileges to a role and then grant the role to a user or to another role. Once granted to a user, roles with the associated privileges are active as soon as the user has successfully authenticated to the database.
Proxy Authentication (PA)
PA is supported over thin and thick JDBC connections and on the command line. Users can authenticate to the database using their own username and then proxy to another user in the database. PA is particularly useful when administrators need to connect to the application schema to perform maintenance. When Audit is enabled, audit records generated during the connection include the proxy user name, providing important information on the actual end user who performed the maintenance task.
Enterprise User Security (EUS)
EUS is an Oracle Database Enterprise Edition feature and enables you to centrally manage database users across the enterprise. Enterprise users are created in Oracle Internet Directory, and can be assigned roles and privileges across various enterprise databases registered with the directory. This gives the ability to centrally manage database users and their authorizations in one central place.
Oracle Database Vault (ODV – Database Security Option)
ODV is a Database Security option that reduces the risk of insider and outsider threats and addresses common compliance requirements by:
– Preventing privileged users (DBA) from accessing sensitive application data
– Preventing compromised privileged users accounts from being used to steal sensitive data or make unauthorized changes to databases and applications
– Providing strong controls inside the database over who can do what and controls over when and how applications, data and databases can be accessed
– Providing privilege analysis for all users and applications inside the database to help achieve least privilege model and make the databases and applications more secure
ODV has been certified with numerous enterprise applications including E-Business Suite, PeopleSoft, Siebel, and SAP. The certification includes out-of-the-box security policies specific for each application.
Oracle Advanced Security (OAS – Database Security Option)
OAS is a database security option that provides two important preventive controls to protect sensitive data at the source including database encryption (Transparent Data Encryption (TDE)) and on-the-fly redaction of display data. TDE stops would-be attackers from bypassing the database and reading sensitive information directly from storage. Data Redaction complements TDE by reducing the risk of unauthorized data exposure in applications, redacting sensitive data before it leaves the database. Together these two controls form the foundation of Oracle’s defense-in-depth, multi-layered database security solution.
Oracle Label Security (OLS – Database Security Option)
OLS is a database security option and provide multi-level security capabilities within the Oracle Database. OLS provides the ability to tag data with a data label or a data classification. These data labels can be collected in label security policies. This capability allows the database to inherently know what data is sensitive and allows the sensitive data to be combined in the same table as the larger data set without compromising security.