secure – Technology Geek

Data Masking In Oracle/Column Masking

Posted on July 11, 2012December 23, 2018 by Osama Mustafa in Database

Or We Can Call it VPD : Virtual Private Database

What is Data Masking Mean ?

simple way to hide you valuable data from certain users without having to apply encrypt/decrypt techniques and increase the column width to accommodate the new string like the old times. Through some simple configuration you can create policies to show your important columns as null without rewriting a single line of code on your application side.

There are 3 steps for accomplish column masking:

A function to be used by the policy (function policy) created in next step.
Use dbms_rls package to create the policy.
Assign “exempt access policy” to users to be excluded from the policy. These users can see all data with no masking.

Step1 : Create Function Policy

CREATE OR REPLACE
FUNCTION vpd_function (obj_owner IN VARCHAR2, obj_name IN VARCHAR2)
RETURN VARCHAR2
AS
BEGIN
RETURN ‘rowid = ”0”’;
END vpd_function;

/

The Above Function is Used for Column Masking , If you set this function to True All User will be able to see the correct Data , But the above function Is to False (rowid=0).

Step2: Create Policy

BEGIN
DBMS_RLS.ADD_POLICY(object_schema=> ‘SCOTT’,
object_name=> ‘EMP’,
policy_name=> ‘scott_emp_policy’,
function_schema=> ‘SYSTEM’,
policy_function=> ‘vpd_function’,
sec_relevant_cols=> ‘JOB’,
policy_type => DBMS_RLS.SHARED_STATIC,
sec_relevant_cols_opt=> dbms_rls.ALL_ROWS);

END;
/

exempt access policy : Use to Exclude Some Users to See All the Correct Data .

Important Views :

dba_policies
v$vpd_policy

Enjoy with Security

Osama Mustafa

Limit Access to your Database

Posted on June 6, 2012December 23, 2018 by Osama Mustafa in Database

Its Simple Easy Way to Limit Access for your Database to Prevent People to miss Around , we all know there’s File Called “sqlnet.ora” All you Have to do is Follow The Below Steps and Add what you want :

Sqlnet.ora : $ORACLE_HOME/network/admin

TCP.EXCLUDED_NODES

Purpose
Use the parameter TCP.EXCLUDED_NODES to specify which clients are denied access to the database.

Example
TCP.EXCLUDED_NODES=(finance.us.acme.com, mktg.us.acme.com, 144.25.5.25)

TCP.INVITED_NODES

Purpose
Use the parameter TCP.INVITED_NODES to specify which clients are allowed access to the database.
This list takes precedence over the TCP.EXCLUDED_NODES parameter if both lists are present.

Example
TCP.INVITED_NODES=(sales.us.acme.com, hr.us.acme.com, 144.185.5.73)

TCP.VALIDNODE_CHECKING

Purpose
Use the parameter TCP.VALIDNODE_CHECKING to check for the TCP.INVITED_NODES and TCP.
EXCLUDED_NODES to determine which clients to allow or deny access.

Example
TCP.VALIDNODE_CHECKING=yes
TCP.VALIDNODE_CHECKING=no

Simple Way to keep your database Clean . you maybe need to restart your Listener after this

Thank you
Osama Mustafa

Threats to Database Security Part Two

Posted on January 9, 2012December 23, 2018 by Osama Mustafa in Database

How To Secure/Unsecure your Oracle Application Server 10g

Posted on December 26, 2011December 23, 2018 by Osama Mustafa in Application

Regarding To Oracle Support Document Please Follow the below steps to Secure and Unsecured Oracle AS

Secure Oracle AS 10g :

1.Stop iasconsole

emctl stop iasconsole

2.Secure iasconsole

emctl secure iasconsole

3.Start iasconsole

emctl start iasconsole U

Unsecuring Oracle AS 10g

1.Stop iasconsole

emctl stop iasconsole

2.Update Oracle As Console StandAlone OC4J to support unsecure port :

$ORACLE_HOME/sysman/j2ee/config/emd-web-site.xml

Change

<web-site <span="" display-name="Oracle Enterprise Manager iAS Console Website" host="[ALL]" port="" style="color: red;">

to

<web-site <span="" display-name="Oracle Enterprise Manager iAS Console Website" host="[ALL]" port="" style="color: red;">

3.In same File

Change

<ssl-config needs-client-auth="true" keystore="server/keystore.test" keystore-password="%EMD_KEYSTORE_PASSWORD%" />

<ssl-config needs-client-auth="false" keystore="server/keystore.test" keystore-password="%EMD_KEYSTORE_PASSWORD%" />

4.Update AS Console Local Management Agent to support the unsecure HTTP protocol.
The EMD_URL property in

$ORACLE_HOME/sysman/config/emd.properties

needs to get switched back to the HTTP (non-secure) protocol.

Change:

EMD_URL=https://:/emd/main

EMD_URL=http://:/emd/main

5.Update the standAloneConsoleURL property of oracle_ias target.
Edit the file

$ORACLE_HOME/sysman/emd/targets.xml

to change the StandaloneConsoleURL property of oracle_ias target to switch back to the HTTP (non-secure) protocol.

Change:

<target ...="" name="EnterpriseManager." type="oracle_ias">       <...        <property 0);"="" 0,="" color:="" name="StandaloneConsoleURL" rgb(255,="" value="https://:/emd/console"/>

<target ...="" name="EnterpriseManager." type="oracle_ias">       <...        <property 0);"="" 0,="" color:="" name="StandaloneConsoleURL" rgb(255,="" value="http://:/emd/console"/>

6.Start iasconsole

emctl start iasconsole