Monday, May 4, 2009

COLLABORATE 09: Data Security Challenge

I had planned on attending the class on running Oracle in the Amazon EC2 Cloud, but scanning the classrooms on my way, I found another security related class.

Data Security Challenge: Be the Winning DBA
Paul Needham and Tammy Bednar
Oracle Database Security Product Management

This presentation is similar to the DBA 2.0 presentation, you know, the old school (SQL scripts) vs. the new school (OEM).

Paul played the part of the old school. Tammy was new school.

The Problem
Data breach in a competitor's company forced the CEO to bring in Paul and Tammy as security experts. They were directed to encrypt the data by 9 PM.

Naturally, Paul wanted to use DBMS_CRYPTO. He altered the table changing the column to RAW and then encrypted the data. They got a "call" about 1 minute later...all the applications are broken. Nice.

Tammy steps in and using OEM, turns on Data Vault and sets up a realm on the affected table. Though not before flashing back Paul's table so the applications would work again. The table (column really) is not encrypted.
ALTER TABLE oe.customer_orders MODIFY ( credit_card ENCRYPT USING 'AES128' );
This is part of the Advanced Security option. Very cool stuff. The change is immediate and it won't break your application.

Data Vault was pretty cool. Tammy locked Paul out in just a couple of clicks. Something about realms going on there...I'll have to do some research.

Audit Vault was next up. Own, separate server which can collect from any Oracle database, some Microsoft SQL Server versions and a few SYSBASE versions. Audit Vault also has separate login for the admistrator (who's watching the watcher?).

Next up, Forms Conversion (--> Application Express).

No comments: