SlideShare a Scribd company logo

Oracle Database 23c Security New Features.pptx

S
Satishbabu Gunukula

Oracle 23c offers cutting edge database security features for audit, encryption, authentication, authorization. SQL firewall provides real- time protection from attacks and mitigate risks from SQL injection attacks, anomalous access, credential abuse or theft with centralized administration.

1 of 21
Oracle Database 23c Security New Features Satishbabu Gunukula, Oracle ACE Pro • 24+ Years of Experience in Database, Enterprise Apps, Cloud Technologies and specialized in high availability solutions. • Masters Degree in Computer Applications • Technical Review of Books (6x) • Written articles for major publications Certifications: • Oracle Cloud Infra 2023 Multicloud Architect Associate • Oracle Cloud Infra 2023 Devops Professional • Oracle Certified Professional Oracle 8i,9i,10g,19c & MySQL 8.0 • Oracle Certified Expert Oracle 10g RAC • AWS Certified Solutions Architect – Associate • Snowflake Hands on Essentials – Data Warehouse • Microsoft Certified Azure Database Administrator Associate • Microsoft Certified Professional in Visual Basic 6.0 • SAP Certified Technology Associate – SAP HANA 1.0 http://www.oracleracexpert.com
Program Agenda • SQL Firewall • Encryption • Audit • Authentication • Authorization • Autonomous Database • Other • Demo • Q&A
SQL Firewall • SQL Firewall inspects all incoming statements and ensures only authorized SQL is run • SQL Firewall embedded in the Oracle Database and unauthorized SQL Statements will be logged and blocked. • SQL firewall provides real-time protection from attacks and mitigate risks from SQL injection attacks, anomalous access, credential abuse or theft. • SQL Firewall supports all commands except transaction control commands such as SAVEPOINT, COMMIT, ROLLBACK. • To administer SQL Firewall user must have SQL_FIREWALL_ADMIN role • To query DBA_SQL_FIREWALL* data dictionary the user must have SQL_FIREWALL_VIEWER role • You can Configure SQL Firewall using DBMS_SQL_FIREWALL package or Oracle Data Safe • SQL Firewall can be used in both root and Pluggable Database (PDB)
SQL Firewall • Enable SQL Firewall SQL> EXEC DBMS_SQL_FIREWALL.ENABLE; • Create and enable SQL Firewall capture for a user SQL> BEGIN DBMS_SQL_FIREWALL.CAPTURE_CAPTURE ( Username => ‘SCOTT’ top_level_only => TRUE, Start_capture => TRUE ); END; • Enable SQL Firewall Allow List SQL>BEGIN DBMS_SQL_FIREWALL.ENABLE_ALLOW_LIST ( username => ‘SCOTT’, enforce => DBMS_SQL_FIREWALL.ENFORCE_SQL, block => TRUE ); END;
SQL Firewall • START and STOP capture SQL> EXEC DBMS_SQL_FIREWALL.START_CAPTURE (‘SCOTT’); SQL> EXEC DBMS_SQL_FIREWALL.STOP_CAPTURE (‘SCOTT’); • You can generate an allow list using below procedures  DBMS_SQL_FIREWALL.ADD_ALLOWED_CONTEXT  DBMS_SQL_FIREWALL.DELETE_ALLOWED_CONTEXT  DBMS_SQL_FIREWALL.DELETE_ALLOWED_SQL • Data Dictionary Views for SQL Firewall protections – DBA_SQL_FIREWALL_ALLOWED_SQL - View shows allowed SQL and Accessed objects – DBA_SQL_FIREWALL_ALLOWED_IP_ADDR – View shows the Users allowed IP address – DBA_SQL_FIREWALL_CAPTURE_LOGS – View shows the Capture log entries – DBA_SQL_FIREWALL_VIOLATIONS – View shows the SQL Firewall Violations
SQL Firewall Data Dictionary Views for SQL Firewall Configurations DBA_SQL_FIREWALL_ALLOW_LISTS Lists the status and generation date of the user's allow-lists DBA_SQL_FIREWALL_ALLOWED_IP_ADDR Lists the allowed IP addresses for a user DBA_SQL_FIREWALL_ALLOWED_OS_PROG Lists the allowed operating system programs for a user DBA_SQL_FIREWALL_ALLOWED_OS_USER Lists the allowed operating system users for a user DBA_SQL_FIREWALL_ALLOWED_SQL Lists information about the allowed SQL statements for a user, including the allowed SQL ID and the allow-list version of the allowed SQL DBA_SQL_FIREWALL_CAPTURE_LOGS Lists log information for a user's SQL Firewall configuration, such as the database user name, SQL text, accessed objects, and the SQL Firewall session ID DBA_SQL_FIREWALL_CAPTURES Lists the status SQL Firewall captures, such as whether they are enabled DBA_SQL_FIREWALL_SESSION_LOGS Lists information about the SQL Firewall session, such as the session ID, database user name, and client program DBA_SQL_FIREWALL_SQL_LOGS Lists information about the SQL logs, such as the SQL text, the command type, the SQL signature, accessed objects, and the character set DBA_SQL_FIREWALL_STATUS Lists the status of an SQL Firewall configuration, such as whether it is enabled and what its timestamp is DBA_SQL_FIREWALL_VIOLATIONS Provides a detailed report on SQL Firewall violations, including information such as the objects that were accessed, the user the SQL was run on, and whether the action was blocked or allowed
Encryption Transport Layer Security (TLS) • Oracle release 23c supports Transport Layer security (TLS) 1.3 • Moving to TLS 1.3 user will see some performance improvements • TLS 1.3 is more secure and improve confidentiality during data transit • The old cipher suites are less secure are deprecated by default, but you can enable using SSL_ENABLE_WEAK_CIPHERS to TRUE in sqlnet.ora • By default, the weak ciphers are set to FALSE. • When SSL_ENABLE_WEAK_CIPHERS is set to FALSE, then the following cipher suites are available for use:  TLS_AES_128_CCM_SHA256  TLS_AES_128_GCM_SHA256  TLS_AES_256_GCM_SHA384  TLS_CHACHA20_POLY1305_SHA256  TLS_DHE_RSA_WITH_AES_128_GCM_SHA256  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384  TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256  TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Encryption Enhancements in sqlnet.ora and wallets • New parameters added to SQLNET.ora to prevent use of deprecated ciphers suites • Use SSL_ALLOW_WEAK_DN_MATCH parameter to control how SSL_SERVER_DN_MATCH allows the service name • DN matching provides better security for listener and server certificates • The TLS configuration between database client and server has been simplified with new parameters and old protocols have been removed • User can configure TLS connections without client Wallets, user no need to install and configure a wallet to hold a root certification if it is available in the local system • A Local auto login wallet provides more security and more tightly bound to host without need of root access • The enhancements applies to TDE auto login keystores
Encryption AES-XTS Encryption Mode and TDE Encryption Algorithms • The enhancements provides more secure algorithms and encryption modes Transparent Database encryption (TDE) supports Advanced encryption standard (AES) and XEX-based mode with ciphertext stealing mode. • AES-XTS provides better performance and security on platforms where TDE used • The older versions of Oracle Database TDE used AES-CFB cipher mode • The Default encryption algorithm for both TDE column and tablespace is AES 256 • The column encryption mode is Galois/Counter mode (GCM) instead of cipher block chaining (CBC) • The table keys are XTS operating mode instead of cipher feedback (CFB) • The GOST and SEED algorithms are deprecated • Oracle RMAN integrity check for column encryption uses SHA512 instead of SHA1
Audit Audit Actions at Column level • Audit Actions at Column level for Tables and Views – You can audit actions at individual column level by creating audit policies – Audit only necessary actions and meet compliance requirements • You can audit action on a Tableau or view column using “CREATE AUDIT POLICY” Statement • Audit all actions on a table SQL> CREATE AUDIT POLICY aud_all_act_emp ACTIONS ALL ON SCOTT.EMP; • Audit action on a column SQL> CREATE AUDIT POLICY aud_col_bon_act_emp ACTIONS SELECT (BONOUS) ON SCOTT.EMP; • To audit recursive actions, use ONLY TOPLEVEL clause in the CREATE AUDIT POLICY statement
Audit Unified Auditing and Traditional Auditing • Unified Auditing and Traditional Auditing Authorization control • You can grant and revoke authorizations using Oracle Database roles AUDIT_ADMIN and AUDIT_VIEWER , not part of Database vault • AUDIT_ADMIN role – Using this role user can manager audit policies – User can create unified and fine-grained audit policies – Grant this role to trusted users only • AUDIT_VIEWER role – Using this role user can view and analyze data – This role provides execute privilege on DBMS_AUDIT_UTIL pls/sql package – Grant this role to users who audit the records , typically external auditors • The mandatory Oracle Audit realm protects Oracle Database vault AUDSYS schema and objects in SYS schema • Authorizations prevents DDL and DML on SYS.AUD$, SYS.FGA_LOG$ tables
Audit Unified Auditing and Traditional Auditing • Grant AUDIT_ADMIN authorization to user SCOTT SQL> EXEC DBMS_MACADM.AUTHORIZE_AUDIT_ADMIN (‘SCOTT’); • Revoke AUDIT_ADMIN from user SCOTT SQL> EXEC DBMS_MACADM.UNAUTHORIZE_AUDIT_ADMIN (‘SCOTT’); OR SQL> REVOKE AUDIT_ADMIN FROM SCOTT; • Dictionary view UNIFIED_AUDIT_TRAIL lists audit events and system privileges. SQL> SELECT ACTION_NAME, OBJECT_SCHEMA, OBJECT_NAME FROM UNIFIED_AUDIT_TRAIL WHERE DBUSERNAME = ‘<>’; • You can audit functions, triggers, procedures, Pl/SQL packages
Authentication • You can login into Oracle Database using Microsoft Azure Active Directory single sing-on OAuth2 access token. • Multicloud feature integrates Oracle Database and Azure AD • You can perform this integration on – Oracle 19.16 and later (Back ported) but not for Oracle 21c. – Oracle Autonomous Database on Dedicated/Shared Exadata Infrastructure – Oracle Exadata Clod Service – Oracle Base Database Service • You can map AD users to Oracle Database schema and roles • You can login ODP.NET can login into Oracle Database Using Microsoft Azure Active Directory • Database user password authentication now supports up to 1024 bytes • UTL_HTTP support SHA-256/512 and XDB HTTP supports SHA512, authentication and updated Kerberos Library support.
Authentication Password authentication • Oracle 23c offers longer passwords improved security – Oracle Data pump Export and import support longer encryption passwords up to 2024 bytes long – Oracle Call interface (OCI) and Oracle C++ Call interface support up to 1024 bytes long password for user authentication – JDBC think driver support up to 1024 characters for password – Oracle Database (including Autonomous) and clients supports password up to 1024 bytes • The password length helps accommodating Oracle Identity Access management (IAM) and Identity Cloud service (IDCS) • This helps enabling uniform password rules
Authentication Kerberos security • Improvements in Kerberos security and MIT Kerberos version 1.20.1 supports cross domain, windows credential guard and multiple principals. • KERBEROS5_CC_NAME and KERBEROS5_PRINCIPAL can be specified in tnsnames.ora and the values must match for user authentication. kuser = (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=orahost)(PORT=1521)) (CONNECT_DATA=(SERVICE_NAME=ORCL)) (SECURITY=(KERBEROS5_CC_NAME = /tmp/kuser/krb.cc) (KERBEROS5_PRINCIPAL = kprinc))) • Kerberos parameters can be specified in Sqlnet.ora file SQLNET.KERBEROS5_CONF=<Kerberos_configfile_path > SQLNET.KERBEROS5_KEYTAB=<Kerberos_principal> SQLNET.KERBEROS5_CONF_MIT=TRUE SQLNET.AUTHENTICATION_KERBEROS5_SERVICE=<Kerberos_service> SQLNET.AUTHENTICATION_SERVICES=(BEQ,KERBEROS5)
Authorization Schema privilege • Instead of granting system privilege (* ANY) granting Schema privilege helps to grant least privilege necessary and database will be more secure. • System or Admin privileges excluded from schema privileges grants such as SYSDBA, SYSOPER, SYSASM, SYSBACKUP, SYSDB, SYSKM • Use GRANT and REVOKE statement to managing schema for a user or role. SQL> GRANT SELECT ANY TABLE ON SCHEMA SCOTT TO orauser; SQL> REVOKE SELECT ANY TABLE ON SCHEMA SCOTT FROM orauser; • Data dictionary protection extended to NON-SYS schemas with additional separation of duties helps to prevent malicious changes within the schemas • Data dictionary views has information about Schema privilege grants – DBA_SCHEMA_PRIVS – ROLE_SCHEMA_PRIVS – USER_SCHEMA_PRIVS – SESSION_SCHEMA_PRIVS – V$ENABLEDSCHEMAPRIVS
Authorization Label security and Goldengate new Roles • New Schema LBAC_TRIGGER introduced to won internal triggers previously owned by Oracle Label security (LBACSYS) • When you upgrade to Oracle 23c or later migrate previous release LBACSYS to LBAC_TRIGGER schema • Downgrade to pre-Oracle 23c will fail if the LBAC_TRIGGER schema has any triggers • New Goldengate roles OGG_CAPTURE, OGG_APPLY, OGG_APPLY_PROCREP and XStream roles XSTREAM_CAPTURE, XSTREAM_APPLY created for granting appropriate capture and apply privileges • The old packages DBMS_GOLDENGATE_AUTH and DBMS_XSTREAM_AUTH are now de-supported.
Autonomous Database DbaaS and ODP.NET • Oracle Identity and Access Management (IAM) can be used login to Oracle Cloud Infrastructure(OCI) Database as Service (DBaaS) platforms using password or token-based authentication. • When mapping with Oracle DbaaS the IAM users must be mapped either exclusive mapping to IAM user or shared mapping to an IAM group where the user should be member of . • Oracle Dbaas platform users can be centrally managed in the OCI identify and Access management • Users can login to OCI DbaaS with IAM Single-Sign On (SSO) as well • ODP.NET supports Oracle IAM across oracle cloud services, IAM credentials can be used for authentication and authorization. The same will be applicable for IAM SSO tokens • ODP.NET Core and managed 19.13.x and 21.4.x supports TLS connection without wallet. • ODP.NET Core 19.13.x and 21.4.x and managed ODP.NET 21.6.x supports token-based authentication with IAM.
Other • Oracle Connection Manager (CMAN) can be used to limit no of connections allowed from am IP in specified time using IP Rate limit. The IP Rate limit feature protects against denial of service attacks • ODP.NET supports Transport Later Security (TLS) 1.3 and it is used for encryption and authentication • Microsoft Azure AD integration support expanded to on-prem Oracle Databases release 19.1.6 and later • Distributed Transaction recovery background processes (RECO) provides additional security using ALLOW_LEGACY_RECO_PROTOCOL parameter to FALSE. • The ALLOW_LEGACY_RECO_PROTOCOL parameter applicable to 23c only and applying to prior releases will case transaction recovery to fail.
Summary Oracle 23c offers cutting edge database security features for audit, encryption, authentication, authorization. SQL firewall provides real- time protection from attacks and mitigate risks from SQL injection attacks, anomalous access, credential abuse or theft with centralized administration.
Questions & Answers
Ad

Recommended

Oracle GoldenGate 21c New Features and Best Practices
Oracle GoldenGate 21c New Features and Best PracticesOracle GoldenGate 21c New Features and Best Practices
Oracle GoldenGate 21c New Features and Best Practices
Bobby Curtis
 
GoldenGate and Stream Processing with Special Guest Rakuten
GoldenGate and Stream Processing with Special Guest RakutenGoldenGate and Stream Processing with Special Guest Rakuten
GoldenGate and Stream Processing with Special Guest Rakuten
Jeffrey T. Pollock
 
High Availability PostgreSQL with Zalando Patroni
High Availability PostgreSQL with Zalando PatroniHigh Availability PostgreSQL with Zalando Patroni
High Availability PostgreSQL with Zalando Patroni
Zalando Technology
 
OOW15 - managing oracle e-business suite auditing and security
OOW15 - managing oracle e-business suite auditing and securityOOW15 - managing oracle e-business suite auditing and security
OOW15 - managing oracle e-business suite auditing and security
vasuballa
 
Oracle GoldenGate
Oracle GoldenGate Oracle GoldenGate
Oracle GoldenGate
oracleonthebrain
 
Introducing Azure SQL Database
Introducing Azure SQL DatabaseIntroducing Azure SQL Database
Introducing Azure SQL Database
James Serra
 
Oracle Database Migration to Oracle Cloud Infrastructure
Oracle Database Migration to Oracle Cloud InfrastructureOracle Database Migration to Oracle Cloud Infrastructure
Oracle Database Migration to Oracle Cloud Infrastructure
SinanPetrusToma
 
Maximum Availability Architecture - Best Practices for Oracle Database 19c
Maximum Availability Architecture - Best Practices for Oracle Database 19cMaximum Availability Architecture - Best Practices for Oracle Database 19c
Maximum Availability Architecture - Best Practices for Oracle Database 19c
Glen Hawkins
 
AZ-204: Monitor, Troubleshoot & Optimize Azure Solutions
AZ-204: Monitor, Troubleshoot & Optimize Azure SolutionsAZ-204: Monitor, Troubleshoot & Optimize Azure Solutions
AZ-204: Monitor, Troubleshoot & Optimize Azure Solutions
AzureEzy1
 
What to Expect From Oracle database 19c
What to Expect From Oracle database 19cWhat to Expect From Oracle database 19c
What to Expect From Oracle database 19c
Maria Colgan
 
Oracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptxOracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptx
Remote DBA Services
 
Intro to Delta Lake
Intro to Delta LakeIntro to Delta Lake
Intro to Delta Lake
Databricks
 
Introducing Oracle Audit Vault and Database Firewall
Introducing Oracle Audit Vault and Database FirewallIntroducing Oracle Audit Vault and Database Firewall
Introducing Oracle Audit Vault and Database Firewall
Troy Kitch
 
Oracle Key Vault Overview
Oracle Key Vault OverviewOracle Key Vault Overview
Oracle Key Vault Overview
Troy Kitch
 
Oracle GoldenGate Microservices Overview ( with Demo )
Oracle GoldenGate Microservices Overview ( with Demo )Oracle GoldenGate Microservices Overview ( with Demo )
Oracle GoldenGate Microservices Overview ( with Demo )
Mari Kupatadze
 
Oracle RAC 19c - the Basis for the Autonomous Database
Oracle RAC 19c - the Basis for the Autonomous DatabaseOracle RAC 19c - the Basis for the Autonomous Database
Oracle RAC 19c - the Basis for the Autonomous Database
Markus Michalewicz
 
MySQL InnoDB Cluster: Management and Troubleshooting with MySQL Shell
MySQL InnoDB Cluster: Management and Troubleshooting with MySQL ShellMySQL InnoDB Cluster: Management and Troubleshooting with MySQL Shell
MySQL InnoDB Cluster: Management and Troubleshooting with MySQL Shell
Miguel Araújo
 
Understanding oracle rac internals part 1 - slides
Understanding oracle rac internals part 1 - slidesUnderstanding oracle rac internals part 1 - slides
Understanding oracle rac internals part 1 - slides
Mohamed Farouk
 
Oracle RAC Virtualized - In VMs, in Containers, On-premises, and in the Cloud
Oracle RAC Virtualized - In VMs, in Containers, On-premises, and in the CloudOracle RAC Virtualized - In VMs, in Containers, On-premises, and in the Cloud
Oracle RAC Virtualized - In VMs, in Containers, On-premises, and in the Cloud
Markus Michalewicz
 
Why Use an Oracle Database?
Why Use an Oracle Database?Why Use an Oracle Database?
Why Use an Oracle Database?
Markus Michalewicz
 
Data Guard Architecture & Setup
Data Guard Architecture & SetupData Guard Architecture & Setup
Data Guard Architecture & Setup
Satishbabu Gunukula
 
Turning Raw Data Into Gold With A Data Lakehouse.pptx
Turning Raw Data Into Gold With A Data Lakehouse.pptxTurning Raw Data Into Gold With A Data Lakehouse.pptx
Turning Raw Data Into Gold With A Data Lakehouse.pptx
edwardoldham1
 
Rapid Home Provisioning
Rapid Home ProvisioningRapid Home Provisioning
Rapid Home Provisioning
Ludovico Caldara
 
Less06 networking
Less06 networkingLess06 networking
Less06 networking
Amit Bhalla
 
MySQL Database Architectures - High Availability and Disaster Recovery Solution
MySQL Database Architectures - High Availability and Disaster Recovery SolutionMySQL Database Architectures - High Availability and Disaster Recovery Solution
MySQL Database Architectures - High Availability and Disaster Recovery Solution
Miguel Araújo
 
MySQL Database Architectures - 2020-10
MySQL Database Architectures - 2020-10MySQL Database Architectures - 2020-10
MySQL Database Architectures - 2020-10
Kenny Gryp
 
Building a Data Lake on AWS
Building a Data Lake on AWSBuilding a Data Lake on AWS
Building a Data Lake on AWS
Gary Stafford
 
(ZDM) Zero Downtime DB Migration to Oracle Cloud
(ZDM) Zero Downtime DB Migration to Oracle Cloud(ZDM) Zero Downtime DB Migration to Oracle Cloud
(ZDM) Zero Downtime DB Migration to Oracle Cloud
Ruggero Citton
 
SOUG Day Oracle 21c New Security Features
SOUG Day Oracle 21c New Security FeaturesSOUG Day Oracle 21c New Security Features
SOUG Day Oracle 21c New Security Features
Stefan Oehrli
 
Presentation database security audit vault & database firewall
Presentation database security audit vault & database firewallPresentation database security audit vault & database firewall
Presentation database security audit vault & database firewall
xKinAnx
 
Ad

More Related Content

What's hot (20)

AZ-204: Monitor, Troubleshoot & Optimize Azure Solutions
AZ-204: Monitor, Troubleshoot & Optimize Azure SolutionsAZ-204: Monitor, Troubleshoot & Optimize Azure Solutions
AZ-204: Monitor, Troubleshoot & Optimize Azure Solutions
AzureEzy1
 
What to Expect From Oracle database 19c
What to Expect From Oracle database 19cWhat to Expect From Oracle database 19c
What to Expect From Oracle database 19c
Maria Colgan
 
Oracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptxOracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptx
Remote DBA Services
 
Intro to Delta Lake
Intro to Delta LakeIntro to Delta Lake
Intro to Delta Lake
Databricks
 
Introducing Oracle Audit Vault and Database Firewall
Introducing Oracle Audit Vault and Database FirewallIntroducing Oracle Audit Vault and Database Firewall
Introducing Oracle Audit Vault and Database Firewall
Troy Kitch
 
Oracle Key Vault Overview
Oracle Key Vault OverviewOracle Key Vault Overview
Oracle Key Vault Overview
Troy Kitch
 
Oracle GoldenGate Microservices Overview ( with Demo )
Oracle GoldenGate Microservices Overview ( with Demo )Oracle GoldenGate Microservices Overview ( with Demo )
Oracle GoldenGate Microservices Overview ( with Demo )
Mari Kupatadze
 
Oracle RAC 19c - the Basis for the Autonomous Database
Oracle RAC 19c - the Basis for the Autonomous DatabaseOracle RAC 19c - the Basis for the Autonomous Database
Oracle RAC 19c - the Basis for the Autonomous Database
Markus Michalewicz
 
MySQL InnoDB Cluster: Management and Troubleshooting with MySQL Shell
MySQL InnoDB Cluster: Management and Troubleshooting with MySQL ShellMySQL InnoDB Cluster: Management and Troubleshooting with MySQL Shell
MySQL InnoDB Cluster: Management and Troubleshooting with MySQL Shell
Miguel Araújo
 
Understanding oracle rac internals part 1 - slides
Understanding oracle rac internals part 1 - slidesUnderstanding oracle rac internals part 1 - slides
Understanding oracle rac internals part 1 - slides
Mohamed Farouk
 
Oracle RAC Virtualized - In VMs, in Containers, On-premises, and in the Cloud
Oracle RAC Virtualized - In VMs, in Containers, On-premises, and in the CloudOracle RAC Virtualized - In VMs, in Containers, On-premises, and in the Cloud
Oracle RAC Virtualized - In VMs, in Containers, On-premises, and in the Cloud
Markus Michalewicz
 
Why Use an Oracle Database?
Why Use an Oracle Database?Why Use an Oracle Database?
Why Use an Oracle Database?
Markus Michalewicz
 
Data Guard Architecture & Setup
Data Guard Architecture & SetupData Guard Architecture & Setup
Data Guard Architecture & Setup
Satishbabu Gunukula
 
Turning Raw Data Into Gold With A Data Lakehouse.pptx
Turning Raw Data Into Gold With A Data Lakehouse.pptxTurning Raw Data Into Gold With A Data Lakehouse.pptx
Turning Raw Data Into Gold With A Data Lakehouse.pptx
edwardoldham1
 
Rapid Home Provisioning
Rapid Home ProvisioningRapid Home Provisioning
Rapid Home Provisioning
Ludovico Caldara
 
Less06 networking
Less06 networkingLess06 networking
Less06 networking
Amit Bhalla
 
MySQL Database Architectures - High Availability and Disaster Recovery Solution
MySQL Database Architectures - High Availability and Disaster Recovery SolutionMySQL Database Architectures - High Availability and Disaster Recovery Solution
MySQL Database Architectures - High Availability and Disaster Recovery Solution
Miguel Araújo
 
MySQL Database Architectures - 2020-10
MySQL Database Architectures - 2020-10MySQL Database Architectures - 2020-10
MySQL Database Architectures - 2020-10
Kenny Gryp
 
Building a Data Lake on AWS
Building a Data Lake on AWSBuilding a Data Lake on AWS
Building a Data Lake on AWS
Gary Stafford
 
(ZDM) Zero Downtime DB Migration to Oracle Cloud
(ZDM) Zero Downtime DB Migration to Oracle Cloud(ZDM) Zero Downtime DB Migration to Oracle Cloud
(ZDM) Zero Downtime DB Migration to Oracle Cloud
Ruggero Citton
 
AZ-204: Monitor, Troubleshoot & Optimize Azure Solutions
AZ-204: Monitor, Troubleshoot & Optimize Azure SolutionsAZ-204: Monitor, Troubleshoot & Optimize Azure Solutions
AZ-204: Monitor, Troubleshoot & Optimize Azure Solutions
AzureEzy1
 
What to Expect From Oracle database 19c
What to Expect From Oracle database 19cWhat to Expect From Oracle database 19c
What to Expect From Oracle database 19c
Maria Colgan
 
Oracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptxOracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptx
Remote DBA Services
 
Intro to Delta Lake
Intro to Delta LakeIntro to Delta Lake
Intro to Delta Lake
Databricks
 
Introducing Oracle Audit Vault and Database Firewall
Introducing Oracle Audit Vault and Database FirewallIntroducing Oracle Audit Vault and Database Firewall
Introducing Oracle Audit Vault and Database Firewall
Troy Kitch
 
Oracle Key Vault Overview
Oracle Key Vault OverviewOracle Key Vault Overview
Oracle Key Vault Overview
Troy Kitch
 
Oracle GoldenGate Microservices Overview ( with Demo )
Oracle GoldenGate Microservices Overview ( with Demo )Oracle GoldenGate Microservices Overview ( with Demo )
Oracle GoldenGate Microservices Overview ( with Demo )
Mari Kupatadze
 
Oracle RAC 19c - the Basis for the Autonomous Database
Oracle RAC 19c - the Basis for the Autonomous DatabaseOracle RAC 19c - the Basis for the Autonomous Database
Oracle RAC 19c - the Basis for the Autonomous Database
Markus Michalewicz
 
MySQL InnoDB Cluster: Management and Troubleshooting with MySQL Shell
MySQL InnoDB Cluster: Management and Troubleshooting with MySQL ShellMySQL InnoDB Cluster: Management and Troubleshooting with MySQL Shell
MySQL InnoDB Cluster: Management and Troubleshooting with MySQL Shell
Miguel Araújo
 
Understanding oracle rac internals part 1 - slides
Understanding oracle rac internals part 1 - slidesUnderstanding oracle rac internals part 1 - slides
Understanding oracle rac internals part 1 - slides
Mohamed Farouk
 
Oracle RAC Virtualized - In VMs, in Containers, On-premises, and in the Cloud
Oracle RAC Virtualized - In VMs, in Containers, On-premises, and in the CloudOracle RAC Virtualized - In VMs, in Containers, On-premises, and in the Cloud
Oracle RAC Virtualized - In VMs, in Containers, On-premises, and in the Cloud
Markus Michalewicz
 
Why Use an Oracle Database?
Why Use an Oracle Database?Why Use an Oracle Database?
Why Use an Oracle Database?
Markus Michalewicz
 
Data Guard Architecture & Setup
Data Guard Architecture & SetupData Guard Architecture & Setup
Data Guard Architecture & Setup
Satishbabu Gunukula
 
Turning Raw Data Into Gold With A Data Lakehouse.pptx
Turning Raw Data Into Gold With A Data Lakehouse.pptxTurning Raw Data Into Gold With A Data Lakehouse.pptx
Turning Raw Data Into Gold With A Data Lakehouse.pptx
edwardoldham1
 
Rapid Home Provisioning
Rapid Home ProvisioningRapid Home Provisioning
Rapid Home Provisioning
Ludovico Caldara
 
Less06 networking
Less06 networkingLess06 networking
Less06 networking
Amit Bhalla
 
MySQL Database Architectures - High Availability and Disaster Recovery Solution
MySQL Database Architectures - High Availability and Disaster Recovery SolutionMySQL Database Architectures - High Availability and Disaster Recovery Solution
MySQL Database Architectures - High Availability and Disaster Recovery Solution
Miguel Araújo
 
MySQL Database Architectures - 2020-10
MySQL Database Architectures - 2020-10MySQL Database Architectures - 2020-10
MySQL Database Architectures - 2020-10
Kenny Gryp
 
Building a Data Lake on AWS
Building a Data Lake on AWSBuilding a Data Lake on AWS
Building a Data Lake on AWS
Gary Stafford
 
(ZDM) Zero Downtime DB Migration to Oracle Cloud
(ZDM) Zero Downtime DB Migration to Oracle Cloud(ZDM) Zero Downtime DB Migration to Oracle Cloud
(ZDM) Zero Downtime DB Migration to Oracle Cloud
Ruggero Citton
 

Similar to Oracle Database 23c Security New Features.pptx (20)

SOUG Day Oracle 21c New Security Features
SOUG Day Oracle 21c New Security FeaturesSOUG Day Oracle 21c New Security Features
SOUG Day Oracle 21c New Security Features
Stefan Oehrli
 
Presentation database security audit vault & database firewall
Presentation database security audit vault & database firewallPresentation database security audit vault & database firewall
Presentation database security audit vault & database firewall
xKinAnx
 
World2016_T5_S5_SQLServerFunctionalOverview
World2016_T5_S5_SQLServerFunctionalOverviewWorld2016_T5_S5_SQLServerFunctionalOverview
World2016_T5_S5_SQLServerFunctionalOverview
Farah Omer
 
Presentation database security enhancements with oracle
Presentation database security enhancements with oraclePresentation database security enhancements with oracle
Presentation database security enhancements with oracle
xKinAnx
 
Improve oracle 12c security
Improve oracle 12c securityImprove oracle 12c security
Improve oracle 12c security
Laurent Leturgez
 
Improving oracle12c security
Improving oracle12c securityImproving oracle12c security
Improving oracle12c security
Laurent Leturgez
 
DBA Commands and Concepts That Every Developer Should Know - Part 2
DBA Commands and Concepts That Every Developer Should Know - Part 2DBA Commands and Concepts That Every Developer Should Know - Part 2
DBA Commands and Concepts That Every Developer Should Know - Part 2
Alex Zaballa
 
DBA Commands and Concepts That Every Developer Should Know - Part 2
DBA Commands and Concepts That Every Developer Should Know - Part 2DBA Commands and Concepts That Every Developer Should Know - Part 2
DBA Commands and Concepts That Every Developer Should Know - Part 2
Alex Zaballa
 
Isaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditingIsaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditing
Antonios Chatzipavlis
 
Flashback in OCI
Flashback in OCIFlashback in OCI
Flashback in OCI
Tércio Costa
 
Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!
Stefan Oehrli
 
Vault_KT.pptx
Vault_KT.pptxVault_KT.pptx
Vault_KT.pptx
SDPL Technologies
 
Is SQLcl the Next Generation of SQL*Plus?
Is SQLcl the Next Generation of SQL*Plus?Is SQLcl the Next Generation of SQL*Plus?
Is SQLcl the Next Generation of SQL*Plus?
Zohar Elkayam
 
Free oracle performance tools
Free oracle performance toolsFree oracle performance tools
Free oracle performance tools
Rogerio Bacchi Eguchi
 
A to z for sql azure databases
A to z for sql azure databasesA to z for sql azure databases
A to z for sql azure databases
Antonios Chatzipavlis
 
Oracle SQL Tuning
Oracle SQL TuningOracle SQL Tuning
Oracle SQL Tuning
Alex Zaballa
 
Less08 managing data and concurrency
Less08 managing data and concurrencyLess08 managing data and concurrency
Less08 managing data and concurrency
Imran Ali
 
Aioug vizag oracle12c_new_features
Aioug vizag oracle12c_new_featuresAioug vizag oracle12c_new_features
Aioug vizag oracle12c_new_features
AiougVizagChapter
 
ASCC-site-report-123456430523fwje0fjewew
ASCC-site-report-123456430523fwje0fjewewASCC-site-report-123456430523fwje0fjewew
ASCC-site-report-123456430523fwje0fjewew
DngHong855117
 
Less10 security mb3
Less10 security mb3Less10 security mb3
Less10 security mb3
Imran Ali
 
SOUG Day Oracle 21c New Security Features
SOUG Day Oracle 21c New Security FeaturesSOUG Day Oracle 21c New Security Features
SOUG Day Oracle 21c New Security Features
Stefan Oehrli
 
Presentation database security audit vault & database firewall
Presentation database security audit vault & database firewallPresentation database security audit vault & database firewall
Presentation database security audit vault & database firewall
xKinAnx
 
World2016_T5_S5_SQLServerFunctionalOverview
World2016_T5_S5_SQLServerFunctionalOverviewWorld2016_T5_S5_SQLServerFunctionalOverview
World2016_T5_S5_SQLServerFunctionalOverview
Farah Omer
 
Presentation database security enhancements with oracle
Presentation database security enhancements with oraclePresentation database security enhancements with oracle
Presentation database security enhancements with oracle
xKinAnx
 
Improve oracle 12c security
Improve oracle 12c securityImprove oracle 12c security
Improve oracle 12c security
Laurent Leturgez
 
Improving oracle12c security
Improving oracle12c securityImproving oracle12c security
Improving oracle12c security
Laurent Leturgez
 
DBA Commands and Concepts That Every Developer Should Know - Part 2
DBA Commands and Concepts That Every Developer Should Know - Part 2DBA Commands and Concepts That Every Developer Should Know - Part 2
DBA Commands and Concepts That Every Developer Should Know - Part 2
Alex Zaballa
 
DBA Commands and Concepts That Every Developer Should Know - Part 2
DBA Commands and Concepts That Every Developer Should Know - Part 2DBA Commands and Concepts That Every Developer Should Know - Part 2
DBA Commands and Concepts That Every Developer Should Know - Part 2
Alex Zaballa
 
Isaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditingIsaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditing
Antonios Chatzipavlis
 
Flashback in OCI
Flashback in OCIFlashback in OCI
Flashback in OCI
Tércio Costa
 
Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!
Stefan Oehrli
 
Vault_KT.pptx
Vault_KT.pptxVault_KT.pptx
Vault_KT.pptx
SDPL Technologies
 
Is SQLcl the Next Generation of SQL*Plus?
Is SQLcl the Next Generation of SQL*Plus?Is SQLcl the Next Generation of SQL*Plus?
Is SQLcl the Next Generation of SQL*Plus?
Zohar Elkayam
 
Free oracle performance tools
Free oracle performance toolsFree oracle performance tools
Free oracle performance tools
Rogerio Bacchi Eguchi
 
A to z for sql azure databases
A to z for sql azure databasesA to z for sql azure databases
A to z for sql azure databases
Antonios Chatzipavlis
 
Oracle SQL Tuning
Oracle SQL TuningOracle SQL Tuning
Oracle SQL Tuning
Alex Zaballa
 
Less08 managing data and concurrency
Less08 managing data and concurrencyLess08 managing data and concurrency
Less08 managing data and concurrency
Imran Ali
 
Aioug vizag oracle12c_new_features
Aioug vizag oracle12c_new_featuresAioug vizag oracle12c_new_features
Aioug vizag oracle12c_new_features
AiougVizagChapter
 
ASCC-site-report-123456430523fwje0fjewew
ASCC-site-report-123456430523fwje0fjewewASCC-site-report-123456430523fwje0fjewew
ASCC-site-report-123456430523fwje0fjewew
DngHong855117
 
Less10 security mb3
Less10 security mb3Less10 security mb3
Less10 security mb3
Imran Ali
 
Ad

More from Satishbabu Gunukula (16)

Oracle Data Pump Enhancements in Oracle 21c.pptx
Oracle Data Pump Enhancements in Oracle 21c.pptxOracle Data Pump Enhancements in Oracle 21c.pptx
Oracle Data Pump Enhancements in Oracle 21c.pptx
Satishbabu Gunukula
 
Cloning an Oracle Home or Oracle Install.pptx
Cloning an Oracle Home or Oracle Install.pptxCloning an Oracle Home or Oracle Install.pptx
Cloning an Oracle Home or Oracle Install.pptx
Satishbabu Gunukula
 
What’s New in Oracle Database 19c - Part 1
What’s New in Oracle Database 19c - Part 1What’s New in Oracle Database 19c - Part 1
What’s New in Oracle Database 19c - Part 1
Satishbabu Gunukula
 
What's new in Oracle 19c & 18c Recovery Manager (RMAN)
What's new in Oracle 19c & 18c Recovery Manager (RMAN)What's new in Oracle 19c & 18c Recovery Manager (RMAN)
What's new in Oracle 19c & 18c Recovery Manager (RMAN)
Satishbabu Gunukula
 
Why oracle data guard new features in oracle 18c, 19c
Why oracle data guard new features in oracle 18c, 19cWhy oracle data guard new features in oracle 18c, 19c
Why oracle data guard new features in oracle 18c, 19c
Satishbabu Gunukula
 
Oracle database upgrade to 12c and available methods
Oracle database upgrade to 12c and available methodsOracle database upgrade to 12c and available methods
Oracle database upgrade to 12c and available methods
Satishbabu Gunukula
 
One database solution for your enterprise business - Oracle 12c
One database solution for your enterprise business - Oracle 12cOne database solution for your enterprise business - Oracle 12c
One database solution for your enterprise business - Oracle 12c
Satishbabu Gunukula
 
What’s new in oracle 12c recovery manager (rman)
What’s new in oracle 12c recovery manager (rman)What’s new in oracle 12c recovery manager (rman)
What’s new in oracle 12c recovery manager (rman)
Satishbabu Gunukula
 
Why virtual private catalog?
Why virtual private catalog?Why virtual private catalog?
Why virtual private catalog?
Satishbabu Gunukula
 
Install oracle binaris or clonse oracle home
Install oracle binaris or clonse oracle homeInstall oracle binaris or clonse oracle home
Install oracle binaris or clonse oracle home
Satishbabu Gunukula
 
Oracle golden gate 12c New Features
Oracle golden gate 12c New FeaturesOracle golden gate 12c New Features
Oracle golden gate 12c New Features
Satishbabu Gunukula
 
Sql server mission_critical_performance_tdm_white_paper
Sql server mission_critical_performance_tdm_white_paperSql server mission_critical_performance_tdm_white_paper
Sql server mission_critical_performance_tdm_white_paper
Satishbabu Gunukula
 
Time for Change: Migrate your Non-RAC Database to RAC
Time for Change: Migrate your Non-RAC Database to RACTime for Change: Migrate your Non-RAC Database to RAC
Time for Change: Migrate your Non-RAC Database to RAC
Satishbabu Gunukula
 
Convert single instance to RAC
Convert single instance to RACConvert single instance to RAC
Convert single instance to RAC
Satishbabu Gunukula
 
Ioug tip book11_gunukula
Ioug tip book11_gunukulaIoug tip book11_gunukula
Ioug tip book11_gunukula
Satishbabu Gunukula
 
Understand oracle real application cluster
Understand oracle real application clusterUnderstand oracle real application cluster
Understand oracle real application cluster
Satishbabu Gunukula
 
Oracle Data Pump Enhancements in Oracle 21c.pptx
Oracle Data Pump Enhancements in Oracle 21c.pptxOracle Data Pump Enhancements in Oracle 21c.pptx
Oracle Data Pump Enhancements in Oracle 21c.pptx
Satishbabu Gunukula
 
Cloning an Oracle Home or Oracle Install.pptx
Cloning an Oracle Home or Oracle Install.pptxCloning an Oracle Home or Oracle Install.pptx
Cloning an Oracle Home or Oracle Install.pptx
Satishbabu Gunukula
 
What’s New in Oracle Database 19c - Part 1
What’s New in Oracle Database 19c - Part 1What’s New in Oracle Database 19c - Part 1
What’s New in Oracle Database 19c - Part 1
Satishbabu Gunukula
 
What's new in Oracle 19c & 18c Recovery Manager (RMAN)
What's new in Oracle 19c & 18c Recovery Manager (RMAN)What's new in Oracle 19c & 18c Recovery Manager (RMAN)
What's new in Oracle 19c & 18c Recovery Manager (RMAN)
Satishbabu Gunukula
 
Why oracle data guard new features in oracle 18c, 19c
Why oracle data guard new features in oracle 18c, 19cWhy oracle data guard new features in oracle 18c, 19c
Why oracle data guard new features in oracle 18c, 19c
Satishbabu Gunukula
 
Oracle database upgrade to 12c and available methods
Oracle database upgrade to 12c and available methodsOracle database upgrade to 12c and available methods
Oracle database upgrade to 12c and available methods
Satishbabu Gunukula
 
One database solution for your enterprise business - Oracle 12c
One database solution for your enterprise business - Oracle 12cOne database solution for your enterprise business - Oracle 12c
One database solution for your enterprise business - Oracle 12c
Satishbabu Gunukula
 
What’s new in oracle 12c recovery manager (rman)
What’s new in oracle 12c recovery manager (rman)What’s new in oracle 12c recovery manager (rman)
What’s new in oracle 12c recovery manager (rman)
Satishbabu Gunukula
 
Why virtual private catalog?
Why virtual private catalog?Why virtual private catalog?
Why virtual private catalog?
Satishbabu Gunukula
 
Install oracle binaris or clonse oracle home
Install oracle binaris or clonse oracle homeInstall oracle binaris or clonse oracle home
Install oracle binaris or clonse oracle home
Satishbabu Gunukula
 
Oracle golden gate 12c New Features
Oracle golden gate 12c New FeaturesOracle golden gate 12c New Features
Oracle golden gate 12c New Features
Satishbabu Gunukula
 
Sql server mission_critical_performance_tdm_white_paper
Sql server mission_critical_performance_tdm_white_paperSql server mission_critical_performance_tdm_white_paper
Sql server mission_critical_performance_tdm_white_paper
Satishbabu Gunukula
 
Time for Change: Migrate your Non-RAC Database to RAC
Time for Change: Migrate your Non-RAC Database to RACTime for Change: Migrate your Non-RAC Database to RAC
Time for Change: Migrate your Non-RAC Database to RAC
Satishbabu Gunukula
 
Convert single instance to RAC
Convert single instance to RACConvert single instance to RAC
Convert single instance to RAC
Satishbabu Gunukula
 
Ioug tip book11_gunukula
Ioug tip book11_gunukulaIoug tip book11_gunukula
Ioug tip book11_gunukula
Satishbabu Gunukula
 
Understand oracle real application cluster
Understand oracle real application clusterUnderstand oracle real application cluster
Understand oracle real application cluster
Satishbabu Gunukula
 
Ad

Recently uploaded (20)

Datastucture-Unit 4-Linked List Presentation.pptx
Datastucture-Unit 4-Linked List Presentation.pptxDatastucture-Unit 4-Linked List Presentation.pptx
Datastucture-Unit 4-Linked List Presentation.pptx
kaleeswaric3
 
Buckeye Dreamin 2024: Assessing and Resolving Technical Debt
Buckeye Dreamin 2024: Assessing and Resolving Technical DebtBuckeye Dreamin 2024: Assessing and Resolving Technical Debt
Buckeye Dreamin 2024: Assessing and Resolving Technical Debt
Lynda Kane
 
Automation Dreamin' 2022: Sharing Some Gratitude with Your Users
Automation Dreamin' 2022: Sharing Some Gratitude with Your UsersAutomation Dreamin' 2022: Sharing Some Gratitude with Your Users
Automation Dreamin' 2022: Sharing Some Gratitude with Your Users
Lynda Kane
 
"Rebranding for Growth", Anna Velykoivanenko
"Rebranding for Growth", Anna Velykoivanenko"Rebranding for Growth", Anna Velykoivanenko
"Rebranding for Growth", Anna Velykoivanenko
Fwdays
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
Buckeye Dreamin' 2023: De-fogging Debug Logs
Buckeye Dreamin' 2023: De-fogging Debug LogsBuckeye Dreamin' 2023: De-fogging Debug Logs
Buckeye Dreamin' 2023: De-fogging Debug Logs
Lynda Kane
 
Salesforce AI Associate 2 of 2 Certification.docx
Salesforce AI Associate 2 of 2 Certification.docxSalesforce AI Associate 2 of 2 Certification.docx
Salesforce AI Associate 2 of 2 Certification.docx
José Enrique López Rivera
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
 
Automation Hour 1/28/2022: Capture User Feedback from Anywhere
Automation Hour 1/28/2022: Capture User Feedback from AnywhereAutomation Hour 1/28/2022: Capture User Feedback from Anywhere
Automation Hour 1/28/2022: Capture User Feedback from Anywhere
Lynda Kane
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
Leading AI Innovation As A Product Manager - Michael Jidael
Leading AI Innovation As A Product Manager - Michael JidaelLeading AI Innovation As A Product Manager - Michael Jidael
Leading AI Innovation As A Product Manager - Michael Jidael
Michael Jidael
 
Rock, Paper, Scissors: An Apex Map Learning Journey
Rock, Paper, Scissors: An Apex Map Learning JourneyRock, Paper, Scissors: An Apex Map Learning Journey
Rock, Paper, Scissors: An Apex Map Learning Journey
Lynda Kane
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfComplete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Software Company
 
Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
Asthma presentación en inglés abril 2025 pdf
Asthma presentación en inglés abril 2025 pdfAsthma presentación en inglés abril 2025 pdf
Asthma presentación en inglés abril 2025 pdf
VanessaRaudez
 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
 
Cyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of securityCyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of security
riccardosl1
 
Datastucture-Unit 4-Linked List Presentation.pptx
Datastucture-Unit 4-Linked List Presentation.pptxDatastucture-Unit 4-Linked List Presentation.pptx
Datastucture-Unit 4-Linked List Presentation.pptx
kaleeswaric3
 
Buckeye Dreamin 2024: Assessing and Resolving Technical Debt
Buckeye Dreamin 2024: Assessing and Resolving Technical DebtBuckeye Dreamin 2024: Assessing and Resolving Technical Debt
Buckeye Dreamin 2024: Assessing and Resolving Technical Debt
Lynda Kane
 
Automation Dreamin' 2022: Sharing Some Gratitude with Your Users
Automation Dreamin' 2022: Sharing Some Gratitude with Your UsersAutomation Dreamin' 2022: Sharing Some Gratitude with Your Users
Automation Dreamin' 2022: Sharing Some Gratitude with Your Users
Lynda Kane
 
"Rebranding for Growth", Anna Velykoivanenko
"Rebranding for Growth", Anna Velykoivanenko"Rebranding for Growth", Anna Velykoivanenko
"Rebranding for Growth", Anna Velykoivanenko
Fwdays
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
Buckeye Dreamin' 2023: De-fogging Debug Logs
Buckeye Dreamin' 2023: De-fogging Debug LogsBuckeye Dreamin' 2023: De-fogging Debug Logs
Buckeye Dreamin' 2023: De-fogging Debug Logs
Lynda Kane
 
Salesforce AI Associate 2 of 2 Certification.docx
Salesforce AI Associate 2 of 2 Certification.docxSalesforce AI Associate 2 of 2 Certification.docx
Salesforce AI Associate 2 of 2 Certification.docx
José Enrique López Rivera
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
 
Automation Hour 1/28/2022: Capture User Feedback from Anywhere
Automation Hour 1/28/2022: Capture User Feedback from AnywhereAutomation Hour 1/28/2022: Capture User Feedback from Anywhere
Automation Hour 1/28/2022: Capture User Feedback from Anywhere
Lynda Kane
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
Leading AI Innovation As A Product Manager - Michael Jidael
Leading AI Innovation As A Product Manager - Michael JidaelLeading AI Innovation As A Product Manager - Michael Jidael
Leading AI Innovation As A Product Manager - Michael Jidael
Michael Jidael
 
Rock, Paper, Scissors: An Apex Map Learning Journey
Rock, Paper, Scissors: An Apex Map Learning JourneyRock, Paper, Scissors: An Apex Map Learning Journey
Rock, Paper, Scissors: An Apex Map Learning Journey
Lynda Kane
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfComplete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Software Company
 
Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
Asthma presentación en inglés abril 2025 pdf
Asthma presentación en inglés abril 2025 pdfAsthma presentación en inglés abril 2025 pdf
Asthma presentación en inglés abril 2025 pdf
VanessaRaudez
 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
 
Cyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of securityCyber Awareness overview for 2025 month of security
Cyber Awareness overview for 2025 month of security
riccardosl1
 

Oracle Database 23c Security New Features.pptx

  • 1. Oracle Database 23c Security New Features Satishbabu Gunukula, Oracle ACE Pro • 24+ Years of Experience in Database, Enterprise Apps, Cloud Technologies and specialized in high availability solutions. • Masters Degree in Computer Applications • Technical Review of Books (6x) • Written articles for major publications Certifications: • Oracle Cloud Infra 2023 Multicloud Architect Associate • Oracle Cloud Infra 2023 Devops Professional • Oracle Certified Professional Oracle 8i,9i,10g,19c & MySQL 8.0 • Oracle Certified Expert Oracle 10g RAC • AWS Certified Solutions Architect – Associate • Snowflake Hands on Essentials – Data Warehouse • Microsoft Certified Azure Database Administrator Associate • Microsoft Certified Professional in Visual Basic 6.0 • SAP Certified Technology Associate – SAP HANA 1.0 http://www.oracleracexpert.com
  • 2. Program Agenda • SQL Firewall • Encryption • Audit • Authentication • Authorization • Autonomous Database • Other • Demo • Q&A
  • 3. SQL Firewall • SQL Firewall inspects all incoming statements and ensures only authorized SQL is run • SQL Firewall embedded in the Oracle Database and unauthorized SQL Statements will be logged and blocked. • SQL firewall provides real-time protection from attacks and mitigate risks from SQL injection attacks, anomalous access, credential abuse or theft. • SQL Firewall supports all commands except transaction control commands such as SAVEPOINT, COMMIT, ROLLBACK. • To administer SQL Firewall user must have SQL_FIREWALL_ADMIN role • To query DBA_SQL_FIREWALL* data dictionary the user must have SQL_FIREWALL_VIEWER role • You can Configure SQL Firewall using DBMS_SQL_FIREWALL package or Oracle Data Safe • SQL Firewall can be used in both root and Pluggable Database (PDB)
  • 4. SQL Firewall • Enable SQL Firewall SQL> EXEC DBMS_SQL_FIREWALL.ENABLE; • Create and enable SQL Firewall capture for a user SQL> BEGIN DBMS_SQL_FIREWALL.CAPTURE_CAPTURE ( Username => ‘SCOTT’ top_level_only => TRUE, Start_capture => TRUE ); END; • Enable SQL Firewall Allow List SQL>BEGIN DBMS_SQL_FIREWALL.ENABLE_ALLOW_LIST ( username => ‘SCOTT’, enforce => DBMS_SQL_FIREWALL.ENFORCE_SQL, block => TRUE ); END;
  • 5. SQL Firewall • START and STOP capture SQL> EXEC DBMS_SQL_FIREWALL.START_CAPTURE (‘SCOTT’); SQL> EXEC DBMS_SQL_FIREWALL.STOP_CAPTURE (‘SCOTT’); • You can generate an allow list using below procedures  DBMS_SQL_FIREWALL.ADD_ALLOWED_CONTEXT  DBMS_SQL_FIREWALL.DELETE_ALLOWED_CONTEXT  DBMS_SQL_FIREWALL.DELETE_ALLOWED_SQL • Data Dictionary Views for SQL Firewall protections – DBA_SQL_FIREWALL_ALLOWED_SQL - View shows allowed SQL and Accessed objects – DBA_SQL_FIREWALL_ALLOWED_IP_ADDR – View shows the Users allowed IP address – DBA_SQL_FIREWALL_CAPTURE_LOGS – View shows the Capture log entries – DBA_SQL_FIREWALL_VIOLATIONS – View shows the SQL Firewall Violations
  • 6. SQL Firewall Data Dictionary Views for SQL Firewall Configurations DBA_SQL_FIREWALL_ALLOW_LISTS Lists the status and generation date of the user's allow-lists DBA_SQL_FIREWALL_ALLOWED_IP_ADDR Lists the allowed IP addresses for a user DBA_SQL_FIREWALL_ALLOWED_OS_PROG Lists the allowed operating system programs for a user DBA_SQL_FIREWALL_ALLOWED_OS_USER Lists the allowed operating system users for a user DBA_SQL_FIREWALL_ALLOWED_SQL Lists information about the allowed SQL statements for a user, including the allowed SQL ID and the allow-list version of the allowed SQL DBA_SQL_FIREWALL_CAPTURE_LOGS Lists log information for a user's SQL Firewall configuration, such as the database user name, SQL text, accessed objects, and the SQL Firewall session ID DBA_SQL_FIREWALL_CAPTURES Lists the status SQL Firewall captures, such as whether they are enabled DBA_SQL_FIREWALL_SESSION_LOGS Lists information about the SQL Firewall session, such as the session ID, database user name, and client program DBA_SQL_FIREWALL_SQL_LOGS Lists information about the SQL logs, such as the SQL text, the command type, the SQL signature, accessed objects, and the character set DBA_SQL_FIREWALL_STATUS Lists the status of an SQL Firewall configuration, such as whether it is enabled and what its timestamp is DBA_SQL_FIREWALL_VIOLATIONS Provides a detailed report on SQL Firewall violations, including information such as the objects that were accessed, the user the SQL was run on, and whether the action was blocked or allowed
  • 7. Encryption Transport Layer Security (TLS) • Oracle release 23c supports Transport Layer security (TLS) 1.3 • Moving to TLS 1.3 user will see some performance improvements • TLS 1.3 is more secure and improve confidentiality during data transit • The old cipher suites are less secure are deprecated by default, but you can enable using SSL_ENABLE_WEAK_CIPHERS to TRUE in sqlnet.ora • By default, the weak ciphers are set to FALSE. • When SSL_ENABLE_WEAK_CIPHERS is set to FALSE, then the following cipher suites are available for use:  TLS_AES_128_CCM_SHA256  TLS_AES_128_GCM_SHA256  TLS_AES_256_GCM_SHA384  TLS_CHACHA20_POLY1305_SHA256  TLS_DHE_RSA_WITH_AES_128_GCM_SHA256  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384  TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256  TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • 8. Encryption Enhancements in sqlnet.ora and wallets • New parameters added to SQLNET.ora to prevent use of deprecated ciphers suites • Use SSL_ALLOW_WEAK_DN_MATCH parameter to control how SSL_SERVER_DN_MATCH allows the service name • DN matching provides better security for listener and server certificates • The TLS configuration between database client and server has been simplified with new parameters and old protocols have been removed • User can configure TLS connections without client Wallets, user no need to install and configure a wallet to hold a root certification if it is available in the local system • A Local auto login wallet provides more security and more tightly bound to host without need of root access • The enhancements applies to TDE auto login keystores
  • 9. Encryption AES-XTS Encryption Mode and TDE Encryption Algorithms • The enhancements provides more secure algorithms and encryption modes Transparent Database encryption (TDE) supports Advanced encryption standard (AES) and XEX-based mode with ciphertext stealing mode. • AES-XTS provides better performance and security on platforms where TDE used • The older versions of Oracle Database TDE used AES-CFB cipher mode • The Default encryption algorithm for both TDE column and tablespace is AES 256 • The column encryption mode is Galois/Counter mode (GCM) instead of cipher block chaining (CBC) • The table keys are XTS operating mode instead of cipher feedback (CFB) • The GOST and SEED algorithms are deprecated • Oracle RMAN integrity check for column encryption uses SHA512 instead of SHA1
  • 10. Audit Audit Actions at Column level • Audit Actions at Column level for Tables and Views – You can audit actions at individual column level by creating audit policies – Audit only necessary actions and meet compliance requirements • You can audit action on a Tableau or view column using “CREATE AUDIT POLICY” Statement • Audit all actions on a table SQL> CREATE AUDIT POLICY aud_all_act_emp ACTIONS ALL ON SCOTT.EMP; • Audit action on a column SQL> CREATE AUDIT POLICY aud_col_bon_act_emp ACTIONS SELECT (BONOUS) ON SCOTT.EMP; • To audit recursive actions, use ONLY TOPLEVEL clause in the CREATE AUDIT POLICY statement
  • 11. Audit Unified Auditing and Traditional Auditing • Unified Auditing and Traditional Auditing Authorization control • You can grant and revoke authorizations using Oracle Database roles AUDIT_ADMIN and AUDIT_VIEWER , not part of Database vault • AUDIT_ADMIN role – Using this role user can manager audit policies – User can create unified and fine-grained audit policies – Grant this role to trusted users only • AUDIT_VIEWER role – Using this role user can view and analyze data – This role provides execute privilege on DBMS_AUDIT_UTIL pls/sql package – Grant this role to users who audit the records , typically external auditors • The mandatory Oracle Audit realm protects Oracle Database vault AUDSYS schema and objects in SYS schema • Authorizations prevents DDL and DML on SYS.AUD$, SYS.FGA_LOG$ tables
  • 12. Audit Unified Auditing and Traditional Auditing • Grant AUDIT_ADMIN authorization to user SCOTT SQL> EXEC DBMS_MACADM.AUTHORIZE_AUDIT_ADMIN (‘SCOTT’); • Revoke AUDIT_ADMIN from user SCOTT SQL> EXEC DBMS_MACADM.UNAUTHORIZE_AUDIT_ADMIN (‘SCOTT’); OR SQL> REVOKE AUDIT_ADMIN FROM SCOTT; • Dictionary view UNIFIED_AUDIT_TRAIL lists audit events and system privileges. SQL> SELECT ACTION_NAME, OBJECT_SCHEMA, OBJECT_NAME FROM UNIFIED_AUDIT_TRAIL WHERE DBUSERNAME = ‘<>’; • You can audit functions, triggers, procedures, Pl/SQL packages
  • 13. Authentication • You can login into Oracle Database using Microsoft Azure Active Directory single sing-on OAuth2 access token. • Multicloud feature integrates Oracle Database and Azure AD • You can perform this integration on – Oracle 19.16 and later (Back ported) but not for Oracle 21c. – Oracle Autonomous Database on Dedicated/Shared Exadata Infrastructure – Oracle Exadata Clod Service – Oracle Base Database Service • You can map AD users to Oracle Database schema and roles • You can login ODP.NET can login into Oracle Database Using Microsoft Azure Active Directory • Database user password authentication now supports up to 1024 bytes • UTL_HTTP support SHA-256/512 and XDB HTTP supports SHA512, authentication and updated Kerberos Library support.
  • 14. Authentication Password authentication • Oracle 23c offers longer passwords improved security – Oracle Data pump Export and import support longer encryption passwords up to 2024 bytes long – Oracle Call interface (OCI) and Oracle C++ Call interface support up to 1024 bytes long password for user authentication – JDBC think driver support up to 1024 characters for password – Oracle Database (including Autonomous) and clients supports password up to 1024 bytes • The password length helps accommodating Oracle Identity Access management (IAM) and Identity Cloud service (IDCS) • This helps enabling uniform password rules
  • 15. Authentication Kerberos security • Improvements in Kerberos security and MIT Kerberos version 1.20.1 supports cross domain, windows credential guard and multiple principals. • KERBEROS5_CC_NAME and KERBEROS5_PRINCIPAL can be specified in tnsnames.ora and the values must match for user authentication. kuser = (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=orahost)(PORT=1521)) (CONNECT_DATA=(SERVICE_NAME=ORCL)) (SECURITY=(KERBEROS5_CC_NAME = /tmp/kuser/krb.cc) (KERBEROS5_PRINCIPAL = kprinc))) • Kerberos parameters can be specified in Sqlnet.ora file SQLNET.KERBEROS5_CONF=<Kerberos_configfile_path > SQLNET.KERBEROS5_KEYTAB=<Kerberos_principal> SQLNET.KERBEROS5_CONF_MIT=TRUE SQLNET.AUTHENTICATION_KERBEROS5_SERVICE=<Kerberos_service> SQLNET.AUTHENTICATION_SERVICES=(BEQ,KERBEROS5)
  • 16. Authorization Schema privilege • Instead of granting system privilege (* ANY) granting Schema privilege helps to grant least privilege necessary and database will be more secure. • System or Admin privileges excluded from schema privileges grants such as SYSDBA, SYSOPER, SYSASM, SYSBACKUP, SYSDB, SYSKM • Use GRANT and REVOKE statement to managing schema for a user or role. SQL> GRANT SELECT ANY TABLE ON SCHEMA SCOTT TO orauser; SQL> REVOKE SELECT ANY TABLE ON SCHEMA SCOTT FROM orauser; • Data dictionary protection extended to NON-SYS schemas with additional separation of duties helps to prevent malicious changes within the schemas • Data dictionary views has information about Schema privilege grants – DBA_SCHEMA_PRIVS – ROLE_SCHEMA_PRIVS – USER_SCHEMA_PRIVS – SESSION_SCHEMA_PRIVS – V$ENABLEDSCHEMAPRIVS
  • 17. Authorization Label security and Goldengate new Roles • New Schema LBAC_TRIGGER introduced to won internal triggers previously owned by Oracle Label security (LBACSYS) • When you upgrade to Oracle 23c or later migrate previous release LBACSYS to LBAC_TRIGGER schema • Downgrade to pre-Oracle 23c will fail if the LBAC_TRIGGER schema has any triggers • New Goldengate roles OGG_CAPTURE, OGG_APPLY, OGG_APPLY_PROCREP and XStream roles XSTREAM_CAPTURE, XSTREAM_APPLY created for granting appropriate capture and apply privileges • The old packages DBMS_GOLDENGATE_AUTH and DBMS_XSTREAM_AUTH are now de-supported.
  • 18. Autonomous Database DbaaS and ODP.NET • Oracle Identity and Access Management (IAM) can be used login to Oracle Cloud Infrastructure(OCI) Database as Service (DBaaS) platforms using password or token-based authentication. • When mapping with Oracle DbaaS the IAM users must be mapped either exclusive mapping to IAM user or shared mapping to an IAM group where the user should be member of . • Oracle Dbaas platform users can be centrally managed in the OCI identify and Access management • Users can login to OCI DbaaS with IAM Single-Sign On (SSO) as well • ODP.NET supports Oracle IAM across oracle cloud services, IAM credentials can be used for authentication and authorization. The same will be applicable for IAM SSO tokens • ODP.NET Core and managed 19.13.x and 21.4.x supports TLS connection without wallet. • ODP.NET Core 19.13.x and 21.4.x and managed ODP.NET 21.6.x supports token-based authentication with IAM.
  • 19. Other • Oracle Connection Manager (CMAN) can be used to limit no of connections allowed from am IP in specified time using IP Rate limit. The IP Rate limit feature protects against denial of service attacks • ODP.NET supports Transport Later Security (TLS) 1.3 and it is used for encryption and authentication • Microsoft Azure AD integration support expanded to on-prem Oracle Databases release 19.1.6 and later • Distributed Transaction recovery background processes (RECO) provides additional security using ALLOW_LEGACY_RECO_PROTOCOL parameter to FALSE. • The ALLOW_LEGACY_RECO_PROTOCOL parameter applicable to 23c only and applying to prior releases will case transaction recovery to fail.
  • 20. Summary Oracle 23c offers cutting edge database security features for audit, encryption, authentication, authorization. SQL firewall provides real- time protection from attacks and mitigate risks from SQL injection attacks, anomalous access, credential abuse or theft with centralized administration.

Editor's Notes