OracleSecurity-90-3-2.pdf

OracleX X X X CWX-efr
Oracle Security
W•
X OracleV
X •W
³ ³ ³ ³ X ³ ³ V172³ Ua~
³X ³ X
1
V 72 V
X Oracle v.21
V 72³ ³ V172³ -ea±
Ÿ select EMP_LAST_NAME
from EMLPOYEES;
Ÿ Error at line 2:
ORA-00942 :table or view does not exist
±
³ ³ •W
³³ ±
X R A X X ±- e a
X X~
V
XX V
X RAX
XS
ÿOS
³ Backup³ ³ ³ ³ ³ -±ae
X X X B el c Wa r v .
X ×
³³ \
³ ³ XB ³ ±
X X r o t a ln i e
•W
X e a c W lr v.
X X AX R
X X AX R
X p u ka P c
B X B X X X B X X AX R
Papkcu
XX S
B X a P p k uc
³ ³ AX R
A XR X S
BX ³ ³ aWecrl .v
X X AX R
X AR B X X A R X X V
XX X X X XB X X AXR
ê± S
X a e -±
~X akcPup
BX ³ SQLorwdsaW
Ÿ
Ÿ
XV
–
Compile
–
.inp
IAG
–
–
–
X X X X X X e gs l v i r ±
XGA
³ GA X
SQL*Formsmor S;YEOLPM
.X X sedlrnR
X or at line
³ s g e i lv r ±
X sge li v r ±
³ Vepilom
eg l s i vr ±
³ privilegeliepomV
X saoWrwd
³ e ±a -
³ reaWlc .v
X
Ÿ
–
X X X X X X X X X n s e r l dR
Ÿ
X AGX X. X FASTFORMX
X X XS
³ ³³ CRT
X XTR X XX rpt(Oracle report)
X. -±ea
–
BX XB
BX XB
X XBA
Ÿ
Ÿ
Ÿ
Ÿ
ExportCX ³ ImportAB± egvpril
- ae ±
X X i tl g S a A V X
³ SQL*Netointcaefd
³³ ³³
Ÿ
Ÿ
Ÿ
Ÿ
–
–
–
X V.5.0.b Ÿ
³ SQL*Net v.1.0X Ÿ
Client-ServerbVmu
³ Identification³ ³ ³ ³ ³ a-e± ³ STFAORWM
–
–
erclaW .v
³ - e ±a
³ - e ±a
Ÿ
X X Vmbu
X PCX X mor ;SEYOPLM
Ÿ
–
³ lecQt ASMET_NLP
BM± feimrnaM
X X BX X ±
ro a t l in e
–
³ .X ³ rodswWa
³ ³ - ea±
X dumbX iosenV
X A XG
X AXG X X ±BA elgivpr
X GA X
v i s l er g ±
³ o mr E S Y O ; P L M
³ r o a t n e li
B X PL/SQL
B X Digital VAXXB X IBM MainframeX X ±
Ì l¾ e O
³ .aipXB ³ XB
.iap
runform
³ QL S / P
³ passwordBX ³ usernameBX ³ sWwaord
³ BX ³ ³ ±
BX XB X X ±
³ DBA-±ae
³ password
v.5Vubm
X. ³ Connect privilege
³ ³³³ Resource privilege
X. X DBA privilege
³ XA G
³ ³ -e a±
XV
³ PUFI³ ³ ³ UFI³ rdswWao
Ÿ
XB B X XB ³ ³ ³ ³ XAG ³ ³ Viap
³ Rdlrens
Privileges
³ v.6egsilvr±
XV
–
B X exportXB ³ import³ ³ S
session.X ³ aVip
X view-ae±
X gleirvW
³ .nedrlW
Ÿ
Ÿ
Ÿ
XB B X XB ³ ³ ³ ³ XRA ³ ³ V172³ Rdlrens
Password
³ AX R
X X X X ARX X X V
±
³ a- ±e
–
–
³³
³ T RX
Ÿ
–
³ ExportCX ³ CX
Ÿ
–
1
v.6XTR
X X X X ±- a e
nsreRld
X ê±
X v.6Xba
X X ê ± X X e ±- a
³ RoleRTX ³ privilegeAB± eglpivr
Role
Granted To
connect
Users
resource
Developers
laebS rtoxpe
dba
Database
Administrators
ealbt ro weiv odes not sitxe
±. ±. Ÿ
X X X X ± sr e
X Xô
X X ô X X X s ± re
³ SYS.AUD$altigS XVA
³ sD \
³ ³ rs±e ³ privilegeX X revsp±ol
sequencesX clustersRXT
CONNECT
RESOURCE
DBA
audit CONNECT³ ud±it
³³
X B± privilegeiSglat XAV
X export
abX
X AuditX X econtV
X .X
³ t V e n oc
³ Audit portxP
³ ³ ³ ³ inkV
Login attempts
³ Object access
Database actions
Privileges
database X synonymsX ViewloeV X B± DBilrvegW
table exportB± link
ô X ± sr e
Auditing
i tu d S l a n o
X X inVk
X E NC T V O
³ ³ ³ ³ i±d u t
³ X. ³ ³ X. ³ ³ u±dit
X . i d ±t u
³ ³³ TECNOV
µ
v.7X ßBX XB X X itduP
eo d W g so l
³ Oracle7³ ³ ³ ³ Sto Bcaspuk
X a t li S g V X A
X. X log fileBAX X X X X glitaS VXA
X BX X BA
X n ik V
X XX eoWd sglo
B X X B ³ B X oi g n s p mt ea
³ ³ o gW f i l e
³ ± u i dt
–
X shutdownreigV
³ ³ ±udit
oedW logs
Ÿ
X r)yecov±
³ X. ³ ³ ³ ³ exportgino smpeta
ÿ o\ a V
–
³ d tu i ±
–
k Vni
X X X X Hot Backup.X ³ rigVe
.X rh±sa
–
³ ³ r V ig e
XX inVk
n Vk i
racelP
³ AX B Ÿ
³ ³ ³ .X ³ Triggertidu±
Ÿ
³ XAB ³ ³³ Hot Backups Ÿ
n t h o dw u W
X .X
³ ³ ³ ³ inkV
³³ RaUEi=Tl_tdru
³ otS uaBpsck
³
X
XX
–
–
–
X Voel
X X
–
X
–
–
–
.X rh±sa
Oracle Advanced Networking Option Ÿ
–
Trusted Oracle7 Ÿ
–
³ .X ³ 5ÿ
X shutdownX. X X Crash
Oracle7³ ³ ³ ³ Sto Bcaspuk
X .X X X X. X role.X X doWe slog
BLPtiduS la on
³ ³ ³ ³ toS uBapcsk
³ dominationX ni±edf Roles
X Labelingustedr eacrlO
X X gVrie
TR=UEilat_rud
X Privilege³ ³ Roletedusr lecaOr
³ enaligbW
LPX X X edni±f seloR
X ßkaclobW etsngm
XX XLP X aPcrle
X X .X X X X LPX
X User-defined Roles.X X sterud crleOa
X AuditingX X ABX X cvroe)y±
X e od W s g l o
³ ³ ³ ³ t i du ±
–
User-defined Roles Ÿ
ÿ oa\V
–
X auditX X BAX X audit all on Ÿ
³ init.oraBAX ³ AuditingX. ³ AXB
Ÿ
Ÿ
.X Puitd
.X ³ Redo logs
³ archived log mode Ÿ
W go i f l e
X k Vn i X e Wd o s g l o
Ÿ
X BXA BX X Rollback segments
W go i f l e
³ XB ³ (recovery)ABX X BXA
³³ kinV
–
Oracle7³ ³ ³ ³ Sgitla XAV
Backup Enhancement
DBteconW vglierp
–
Ÿ
Ÿ
Ÿ
Ÿ
audit_trail=TRUE
v.6XBA
Ÿ
Ÿ
³ ³ X. ³ ³ hsar±
resV
³ ³³ ß³ intranetX. ³ internet³ ³ ackupO htaEncme
³ ³ ± sr h a
³ ±efind esloR
h±asr
v.7.3,V
³ X. ³ ³ ³ ³ , V
. X X X. X authenticationX. X encryptiontraneW
SecureID.X ³ CyberSafeX X KerberosX X ePralc
X serV X X V, X ,V
. X .X atieconuh
c n ao ti e h u
m o r M LO ; E YP S
X <± ×
X <± :i;\oImfylFC 2
D sN 1
MfoIs iego o:lIsta
X queryyberafSW
–
–
–
–
–
Ÿ
Ÿ
2
Oracle8³ ³ ³ ³ Sto Bcaspuk
Oracle8X X X X lSgnie gsin
Password<± ³ ³ ³ cDuerIW
s Ve r
³ ³ l c Pra e
³ ersV ³ Password
passwordV, ³ ³ Ua~
³ ³ ³ ³ Vser ³ ³ ,V ³ ³ passwordrsVe
³ unitoaceh
X OracleaswodrW
X X X ÿ5
X X V, X passwordWSfeayrb
Ÿ
–
–
–
–
Oracle Security Server tool Ÿ
Single sign-on
Digital signature
³ r do w s a W
upakcO cenaEhtm
Oracle8X X X X lSgnie gsin
³ e yr ± u
³ ³ ³ ³ y r eu ±
X ery±u
t oa n m i e g r ±
–
³ b ra e y S f W
Ÿ
X X X rpanWtieo
X ³ tablespace
X X data warehousesespablc±
³ tablespacesryeu±
–
–
–
X X r± y u e
–
–
Oracle8i Advanced Security
Features
DCE AuthorizationXSL ³ ³ XSL ³ SLX
Distributed Computing Environment
Solaris platform
X LDAPv.3uery±
sqlnet.ora,ÞV ³ Oracle Net8nX X Virge
connect internalt±.qlen aro
³ Connect/as sysdba
³ w Ve i
mro ESP;OMLY
–
–
–
X r igV e
nX rom EMLS;POY
³ trd_a=iETRlUu
Ÿ
X nX
–
–
³ Ve w i
–
Connect/as sysoper
³ okUen ac,rd ratmS radc
³ A PD v .
Oracle Advanced Networking OptionX ³ X ³ X
AuthenticationX X apblecs±
³ ³ X, ³ , X
X Secure Sockets LayerX X SSL
Authentication Ÿ
Data encryption Ÿ
Data integrity Ÿ
X Remote Authentication Dial-In User ServiceX X RADIUS
Token card, Smart card Ÿ
Kerberos and CyberSpace
n X Single sign-on Ÿ
Database link authentications Ÿ
Ÿ
–
–
–
X at ityrgne
sta/cneoO ysoper
X ApplicationBV ³ etrsauW
Ÿ
–
–
–
–
Virtual Private Database
–
X ÞV,
Ÿ
Ÿ
Oracle8i Advanced Security Features contd.
–
X rpantieWo
Lightweight Directory Access Protocol
r u t e as W
scpblea±
–
Tablespace point-in-time recovery utility Ÿ
X t i lW n e l a n c t h e
Ÿ
³ ³ UDV ³ Xn ³ ³ ³ tablespaceX Xn X SYS.AUD$X nX ry±ue
X ±yuer
SYSTEM tablespace³ Xn ³ fragmentation³ Xn
n X se r V X D U V
X X X nX y±uer
X y±uer
X Xn X X DVU X X X resV
X reVs X SYS.AUD$
X viewX ryeu±
X X qlV X rVse X erVs X X Xn X scriptX EYMSTP
X XX cataudit.sql
SYS.AUD$X X nX X Xn X X Vql X nX X X rye±u
X X Xn
Oracle8i Advanced Security
Features
auditW
X Xn X X wVie X erSaybfW
³ afebSWyr
X X X X ue±ry
X U DV
until cancel the Xn X point in timeX X ±uery
X i g e rV
X U VD
operation
only the changed blockVUD ³ igerV
³ U VD
X X r g ie V
X AuditingrcPael
³ ³ ³ ³ r s Ve
–
³ u y± r e
X RMAN utilityyreu±
³ u y± r e
Ÿ
Ÿ
L is
X V e wi
³ DB gSlnei ngis
X e±qltn.ora
X X X X Þ,V X X rey±u
X r ieg V
XX
³ Ÿ
Ÿ
–
Ÿ
X BV X st/aneOco seryop
X queryMX X VB
Ÿ
ITmei overcy tyilu
X X queryXM wieV
Ÿ
Ÿ select * from EMPLOYEE;
Ÿ select * from EMPLOYEE where DEPARTMENT=‘IT’;
XX X gVrie
XX Ÿ
ercuQ eSctsko reyLa
Security Policy Map
Constraint
–
–
3
Vgeri
³ ³ VB
³ BV
BV
³ ³ y e ru ±
³ ³ urye±
³ ig e V r
³ ³ ³ ³ y r eu ±
³ VB
Auditing
Privilege & Roles
PasswordX ³ ³ ³ X
Authentication & Encryption
VPD
Ÿ
Ÿ
Ÿ
Ÿ
Ÿ
Ÿ
Ÿ
4

Download Report

OracleSecurity-90-3-2.pdf

Paperzz.com

Your Paperzz