Tag: Basic Database Securiy GuideLines

Database 12c New Audit Features

Posted on by Osama Mustafa in Database
Amazing Features on Oracle Database 12c , I will blog everything i tested and check in New Oracle Database 12 , This Time Audit Enhancement :

Create Audit Policy :

SQL> create audit policy test_audit privileges select any table ;
Audit policy created.

Where :
Privileges indicate to What this audit policy will do.
SQL> create audit policy test_audit_object actions select,update, lock on osama.test ;
Audit policy created.
Where 
Actions indicate to DML ,DDL Commands.
Until Now , You only Create Audit Policy Without Enable 

In the below way you enable audit for all users 

SQL> audit policy test_audit ;
Audit succeeded.
SQL> audit policy  test_audit_object ;
Audit succeeded.
Enable Audit On Some Users
SQL> audit policy test_audit by osama;
Audit succeeded.

i want to enable audit but not for all users ;

SQL> audit policy test_audit expect osama;
Audit succeeded.
also whenever successful or not successful still exists 

SQL> audit policy test_audit whenever successful 
Audit succeeded.
SQL> audit policy test_audit Whenever not successful ;
Audit succeeded.
Check Audit :

select POLICY_NAME,AUDIT_CONDITION from audit_unified_policies where POLICY_NAME like ‘%TEST%’;

POLICY_NAME               AUDIT_CONDITION
—————–                ————————–
TEST_AUDIT_OBJECT        select 

Check Enable Audit Policy 

select policy_name,user_name from audit_unified_ENABLED_POLICIES ;

POLICY_NAME                   USER_NAME
—————–                     ————————–
TEST_AUDIT_OBJECT        SYS

Disable Audit Policy :

SQL> DROP AUDIT POLICY TEST_AUDIT ;
DROP AUDIT POLICY TEST_AUDIT
*
ERROR at line 1:
ORA-46361: Audit policy cannot be dropped as it is currently enabled.

SQL> NOAUDIT POLICY TEST_AUDIT ;
Noaudit succeeded.

SQL> DROP AUDIT POLICY TEST_AUDIT ;
Audit Policy dropped.

Thank you 
Osama mustafa

Basic Database Securiy GuideLines

Posted on by Osama Mustafa in Others
Implementing any Database Security is not easy process which it’s Complex since the security has to be looked at OS Layer, Database, Network , application code, and backup lot of things you need to check if you need secure database you can’t ignore one part of this components.

You need to know even experts/Guru dose not have complete understanding for this list, maybe they have knowledge about it but not that much, But the most important things in securing database ( new one ) or securing application is early understanding security model very early in the development process  and how to develop it. you can read the this book  “Oracle security: Step-by-step” by Pete Finnigan he mentioned lot of basic steps to secure oracle database.

From a high level perspective, security is always about risk. If you think that your system is impenetrable, think again. Someone else will always be building a better mousetrap.

For example if we asked ourself as DBA About SQL injection one of the TOP ten Threats in Database
it happens because somebody is writing a Web application that accesses your database which mean if this code writes incorrectly, what happened if the hacker get access to your database thru this code.because of this DBA needs to understand who is access to database  and make sure the developers are accessing in a secure way.

Internal/External hacker going to search for Holes in your application to get in,as we know there’s one of attack type used called Buffer Overflow because of this you need to keep you system is up to date patched like usual people most of them not doing that since they worried about if that patch will broke their system or application.

Today a lot of people are ignoring the security side of the job. Many companies don’t have the resources. Until you get hacked, and until you lose data, then you think you can get by with minimal security.

I mention before the in my article about Basic steps to secure Oracle Database some of this article provided with examples i will advise today to bookmark this to keep updated with Oracle Security patches lot of tips to talk about and need to share it here as soon as i can.

Thank you
Osama Mustafa