Call: +44 (0)7759 277220 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "UKOUG 2023 - Using Database Vault in Real Life"] [Next entry: "Secure Password Store - Wallets"]

SQL Firewall in 23c - UKOUG and Scripts



I spoke at the UKOUG conference just over a week ago twice and the second of my talks was about the new SQL Firewall in Oracle 23c. This was a walk through of the SQL Firewall and what it does and a live demos.

The talk went through enabling the SQL Firewall, setting up sample schemas and data to test with and also creation of a SQL Firewall admin user. We then set up a capture and did some work to let the SQL Firewall learn what is good SQL and PL/SQL. We stopped the capture and converted it into an allow and enabled it. We can then do the same work and show that the SQL firewall allows the work. I then started to demonstrate things that were not learned; such as actions not allowed by the firewall, actions not allowed due to permissions and also things like accessing data via views, synonyms and also proxy access. We finished by accessing data via SQL Injection that worked and then direct access to the same data without SQL Injection. I covered management, tweaking, reporting, alerting and audit trails. I finished with clearing down and turning off everything.

I have just posted the slides for Protect your database with SQL Firewall in 23c to our website and also updated our Oracle security white papers page to include a link to this new presentation.

This talk included a lot of demos and I have also posted all of the scripts for these demos to our website and these are listed here (each script is referenced in the slides where they are used):

  • sf_status.sql : This script shows the status of all of the SQL Firewall components

  • sf_dis.sql : This script removes and disables all of the components of the SQL Firewall

  • sf_create_users.sql : This script creates the sample schema and connect user and data

  • sf_create_sf.sql : This script creates the SQL Firewall admin user

  • sf_capture.sql : This script creates the capture and starts it

  • sf_enable.sql : This script enables the SQL Firewall

  • sf_log.sql : This script shows the capture logs

  • sf_stop.sql : This script turns off the capture

  • sf_se_log.sql : This script reads the session logs

  • sf_allow.sql : This script creates the allow and enables it

  • sf_run.sql : This script tries banned actions by the SQL Firewall and permissions

  • sf_run_vm.sql : This script runs the allowed SQL and PL/SQL

  • sf_hack.sql : This script runs some hacks in the database to test the SQL Firewall

  • sf_hack1.sql : This script runs more hacks in the database to test the SQL Firewall

  • sf_vio.sql : This script reports on the violations captured

  • sf_syn.sql : This script tests the use of

  • sf_view.sql : This script tests the access of data via a view

  • sf_desc.sql : This script

  • sf_drop_users.sql : This script drops the sample schema and access user

  • sf_proxy.sql : This script tests access to the connection user via proxy to test the SQL Firewall behaviour



Please have a look at the pdf or my MS PPT slides and also have a look at the scripts.

#oracleace #sym_42 #ukoug #ukougconference23 #ukoug23 #ukougconf23