Create Onion Layers of Security
This talk outlines a little history of securing Oracle databases and focuses on the message I have given may times in talks and here that we are securing data not Oracle the database. Of course we use Oracle the database features to secure the data BUT the focus is to secure data and not to simply tick a box that we have secured Oracle.
The talk goes on to discuss all of the layers we can implement to help secure data; this includes OS security, hardening of the database (parameters, defaults etc) and then user security - i.e. least rights for every user of the database and then data security; the problem from the others side. We need to limit access to the data completely. We must also consider access controls; i.e. who can access the database and why and when and how and limit that access. On top of all of these we can use context based security models such as Database Vault, TSDP, OLS and more BUT we can also do the same or similar using the features of the database ourselves. On top of that we must layer a proper and useful audit trail.
Finally we could consider what I talked about in the last blog post which is adaptive audit and adaptive security. The slides linked above give a lot more details on this subject and a good overview of what is needed at a high level to secure data in an Oracle database
#oracleace #dbsec #23c #oracle #database #security #audit #databreach #lockdown