Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Adaptive Audit and Adaptive Security"] [Next entry: "Database Vault without Database Vault"]

Create Onion Layers of Security

I did a talk in 2022 called CreatingOnion Layers of Security and as you can see from the previous link I have posted a pdf of my MS PPT slides to our website. I have also added the talk to our Oracle security white papers page.

This talk outlines a little history of securing Oracle databases and focuses on the message I have given may times in talks and here that we are securing data not Oracle the database. Of course we use Oracle the database features to secure the data BUT the focus is to secure data and not to simply tick a box that we have secured Oracle.

The talk goes on to discuss all of the layers we can implement to help secure data; this includes OS security, hardening of the database (parameters, defaults etc) and then user security - i.e. least rights for every user of the database and then data security; the problem from the others side. We need to limit access to the data completely. We must also consider access controls; i.e. who can access the database and why and when and how and limit that access. On top of all of these we can use context based security models such as Database Vault, TSDP, OLS and more BUT we can also do the same or similar using the features of the database ourselves. On top of that we must layer a proper and useful audit trail.

Finally we could consider what I talked about in the last blog post which is adaptive audit and adaptive security. The slides linked above give a lot more details on this subject and a good overview of what is needed at a high level to secure data in an Oracle database

#oracleace #dbsec #23c #oracle #database #security #audit #databreach #lockdown