With the advent of Cloud Computing the biggest challenge that is being faced by the organizations is around Database Security. I understand companies ensure Oracle MAA (Maximum Availability Architecture) but trust me it’s time to embrace Oracle MSA (Maximum Security Architecture). Through this course I will demystify the Oracle database security for On-Prem and Oracle Cloud Infrastructure (OCI).
I will show the evidence of the Top 10 Data Security Breaches of 21st century. We will try and understand the Major Security Threats , Artefacts of Database Security and will give you a good understanding of Oracle Maximum Security Architecture.
For our learning we shall build 3 environments:
· Oracle On-Prem Environment on VM Machine
· Oracle Virtual Machine DB System
· Oracle Autonomous Database (ADB).
We will start our learning with Oracle Database Vault , understand the features, components, Separation of Duties. We will perform some demos to understand how to configure Database Vault for CDB & PDB. We will understand the concept behind Realms and also configure our own realm. We will work on a couple of use cases regarding the permissions that need to be given to the DBA to export the schema protected by realms. We will also configure the Database Vault for Autonomous Databases as well.
One of the most important requirements from the regulators is the Data Encryption which can be configured for Data at Rest using Transparent Data Encryption(TDE) and for Data in Transit using Native Network Encryption (NNE). We will go deep dive to understand TDE Key Architecture and the concept of Oracle Key vaults. I will perform strings command on the data files and show you that your Table’s data is visible in clear text format and then will implement TDE and encrypt the data at rest. Same way I will show you that if you inspect the network packets the data in transit is available in clear text, once NNE is implemented the data in transit gets encrypted as well.
Next we will move to assessment of Database security through Database Security Assessment Tool (DBSAT), We will learn the DBSAT Components, tools and perform demo for DBSAT collector / reporter and also understand and look at the different output files that are created by DBSAT.
Another key architectural change for post 12c release was Oracle Unified Auditing, we will understand the comparison between the traditional vs Unified auditing. The Unified Auditing brings a number of policies which come out of box and are enabled by default. For our demos we will enable the unified auditing to run in pure mode , we will make use of the out of the box policies and also create our own customized policy.
In the end we will move onto an amazing feature Oracle Data Safe which helps to bring entire database security under one umbrella. The Oracle Data Safe can be used for On-Prem database, VM / BM Database Systems and Autonomous Databases. Through Oracle Data Safe we will perform the demos to achieve Database Security Assessment, User Assessment , Data Sensitive Discovery and Data Masking.
Kshitij Joy (OCM & OCI Architect)
DB Alchemist Academy