Oracle Database Security: Detective Controls

Course Outline

Topics

• Introduction
• Using Unified Audit
• Using Fine-Grained Audit
• Introduction to Oracle Audit Vault and Database Firewall (AVDF)
• Planning the Oracle Audit Vault and Database Firewall Implementation
• Installing the Audit Vault Server
• Configuring the Audit Vault Server
• Configuring Oracle AVDF and Deploying the Audit Vault Agent
• Networking and Oracle AVDF
• Installing a Database Firewall
• Configuring Oracle AVDF and Deploying Database Firewall
• Using Host Monitoring
• Configuring High Availability
• Creating Custom Collection Plug-ins
• Managing the Audit Vault Server
• Managing the Database Firewalls
• Overview of the Auditing and Reporting Features
• Performing Administrative Tasks
• Creating Audit Policies for Oracle Databases
• Creating Database Firewall Policies
• Oracle AVDF Reports
• Managing Entitlements

• Course Objectives and Schedule
• Course Practices and Additional Information

Using Fine-Grained Audit

• Comparison with Unified Auditing
• Overview
• FGA Implementation

Introduction to Oracle Audit Vault and Database Firewall (AVDF)

• Oracle Audit Vault and Database Firewall Features
• Oracle Audit Vault and Database Firewall Components
• Oracle Audit Vault and Database Firewall Architecture
• Supported Secured Targets
• Integrating Oracle AVDF with Third-party Products
• Oracle AVDF Administrator Tasks
• Oracle AVDF Auditor Tasks

Planning the Oracle Audit Vault and Database Firewall Implementation

• Evaluating Oracle AVDF Configuration Requirements
• Configuring Oracle AVDF and Deploying the Audit Vault Agent
• Configuring Oracle AVDF and Deploying the Database Firewall

Installing the Audit Vault Server

• Requirements for Installation of Oracle AVDF
• Network Interface Card Requirements
• Installing an Audit Vault Server
• Performing Audit Vault Server Post-Installation Tasks

Configuring the Audit Vault Server

• Specifying the Server Date and Time
• Setting or Changing the Audit Vault Server Network Settings
• Configuring or Changing the Audit Vault Server Service
• Configuring the Audit Vault Server Syslog Destinations
• Defining Datafile Archiving Locations
• Creating Archiving Policies
• Configuring the Email Notification Service
• Configuring Administrative Accounts for the Audit Vault Server

Configuring Oracle AVDF and Deploying the Audit Vault Agent

• Understanding Network Requirements for AV Server and AV Agent
• Registering Hosts in the Audit Vault Server
• Deploying and Activating the Audit Vault Agent on Host Computers
• Registering the Audit Vault Agent as a Windows Service
• Creating User Accounts for Oracle AVDF
• Registering Secured Targets
• Configuring Audit Trails for Secured Targets
• Configuring Stored Procedure Auditing

Networking and Oracle AVDF

• Overview of the OSI 7-level Network Model
• Overview of IPv4 Addressing and Routing
• Overview of MAC Addressing
• Overview of Virtual LANs (VLANs)
• Overview of Spanning Tree Protocol (STP)
• Oracle AVDF Deployment Models (inline, out of band, and proxy)
• Best Practices for Database Policy Enforcement (DPE) and Database Activity Monitoring (DAM) Modes

Installing a Database Firewall

• Requirements for Installation of a Database Firewall
• Network Interface Card (NIC) Requirements
• Installing a Database Firewall
• Performing Database Firewall Post-Installation Tasks

Configuring Oracle AVDF and Deploying Database Firewall

• Configuring Basic Settings for Database Firewall
• Configuring a Database Firewall on Your Network
• Associating a Database Firewall with the Audit Vault Server
• Registering Secured Targets
• Configuring Enforcement Points
• Configuring and Using Database Interrogation
• Configuring and Using Database Response Monitoring

Configuring High Availability

• Overview of Oracle AVDF High Availability Architecture (resilient pairs)
• Configuring a Resilient Pair of Audit Vault Servers
• Configuring a Resilient Pair of Database Firewalls

Creating Custom Collection Plug-ins

• Overview of Audit Collection Plug-ins
• General Procedure for Writing Audit Collection Plug-ins
• Setting Up Your Development Environment (downloading the SDK)
• Creating Audit Collection Plug-ins
• Packaging Audit Collection Plug-ins

Managing the Audit Vault Server

• Starting an Archive Job
• Restoring Audit Data
• Monitoring Jobs

Managing the Database Firewalls

• Viewing and Capturing Network Traffic in a Database Firewall
• Viewing the Status and Diagnostics Report for a Database Firewall
• Removing a Database Firewall from the Audit Vault Server

Overview of the Auditing and Reporting Features

• Overview of Database Firewall Policies
• Overview of Oracle Database Audit Policies
• Overview of Reports and Report Schedules
• Overview of Oracle Database Entitlement Auditing
• Overview of Oracle Database Stored Procedure Auditing
• Overview of Alerts and Email Notifications

Performing Administrative Tasks

• Viewing a List of Audit Trails and Audit Trail Status
• Viewing a List of Enforcement Points and Enforcement Point Status
• Specifying a Data Retention Policy
• Creating Secured Target Groups
• Assigning a Secured Target to a Compliance Group
• Managing User Accounts and Access
• Creating Templates and Distribution Lists for Email Notifications
• Monitoring Jobs

Creating Audit Policies for Oracle Databases

• Overview of Audit Policies and Audit Data Collection
• Overview of Oracle Database Auditing
• Recommended Audit Settings
• Creating Audit Polices for Oracle Database (overview)
• Retrieving and Modifying Audit Settings from an Oracle Database
• Creating Additional Audit Policy Settings for an Oracle Database

Creating Database Firewall Policies

• Overview of Database Firewall Policies
• Creating a Firewall Policy
• Defining Firewall Policy Rules and Settings
• Using Profiles to Customize a Firewall Policy
• Publishing Firewall Policies
• Deploying Firewall Policies to Secured Targets

Oracle AVDF Reports

• Using the Built-in Reports
• Managing Reports
• Customizing Built-in Reports
• Creating Custom Reports

Managing Entitlements

• Overview of Entitlement Data (what is it)
• Retrieving Entitlement Data from an Oracle Database (creating a snapshot)
• Creating Labels for Snapshots
• Assigning Labels to Snapshots
• Using Entitlement Reports

Oracle AVDF Reports

• Using the Built-in Reports
• Managing Reports
• Customizing Built-in Reports
• Creating Custom Reports

Managing Entitlements

• Overview of Entitlement Data (what is it?)
• Retrieving Entitlement Data from an Oracle Database (creating a snapshot)
• Creating Labels for Snapshots
• Assigning Labels to Snapshots
• Using Entitlement Reports