数据库安全审计L02_Security_Solutions.ppt

《数据库安全审计L02_Security_Solutions.ppt》由会员上传分享，免费在线阅读，更多相关内容在教育资源-天天文库。

1、SecuritySolutionsObjectivesAftercompletingthislesson,youshouldbeabletodescribethefollowingrecommendedsolutionstocommonproblems:PreventingexploitsMaintainingdataintegrityProtectingdataControllingdataaccessPreventingExploitsUseindustry-standardpractices:Hardenthedatabase.Hardentheoperating

2、system.Hardenthenetwork.MaintainingDataIntegritySarbanes-Oxleyrequiresassuranceoftheintegrityofthedatathatisusedtoproducefinancialreports.OracleDatabase10gcanprovidethefollowing:StandardauditingFine-grainedauditingPrivileged-accountauditingNetworkencryptionDataProtectionUnderCA-SB-1386,p

3、ersonallyidentifiableinformationmustbeprotected.Usethefollowingtechniques:Restrictaccess.Encryptstoreddata.Encryptnetworktraffic.Restrictnetworkaccess.Monitoractivity.Hardeneverylayer.OKYMSEISPDTGAMyCreditCardNumAccessControlThelawrequiresthatonlycertainpersonsmayaccessspecificdata.Acces

4、scontrolandmonitoringinclude:ImplementtheVirtualPrivateDatabase(VPD):ApplicationcontextFine-grainedaccesscontrol(FGAC)UseOracleLabelSecurity(OLS).Applyauditing.Middle-TierAuthenticationandAuthorizationApplicationsoftenhandletheauthenticationandauthorizationforapplicationusers.Securesolu

5、tionsare:Pass-thruProxyUserSecureApplicationRoleEnterpriseUserSecurityDatabaseApplicationserverNetwork-wideAuthenticationSolutionsinvolvingsinglesign-onorsinglepointofauthenticationreduceadministrationcostsandcanimprovesecurity.Thereareseveralsolutions:OracleIdentityManagementEnterpriseU

6、serSecurity(EUS)IntegrationwithActiveDirectoryIntegrationwithKerberosSummaryInthislesson,youshouldhavelearnedhowtodescribethefollowingrecommendedsolutionstocommonproblems:PreventingexploitsMaintainingdataintegrityProtectingdataControllingdataaccess