{"id":2439,"date":"2012-01-23T12:05:00","date_gmt":"2012-01-23T11:05:00","guid":{"rendered":"https:\/\/www.dbi-services.com\/blog\/oracle-database-firewall-1\/"},"modified":"2012-01-23T12:05:00","modified_gmt":"2012-01-23T11:05:00","slug":"oracle-database-firewall-1","status":"publish","type":"post","link":"https:\/\/www.dbi-services.com\/blog\/oracle-database-firewall-1\/","title":{"rendered":"Oracle Database Firewall"},"content":{"rendered":"<p>Le march\u00e9 du Database Activity Monitoring (DAM) devenant de plus en plus important avec des produits tels que Imperva, Guardium ou Sentrigo, je me suis int\u00e9ress\u00e9 au produit Oracle Database Firewall, qu&#8217;Oracle pr\u00e9sente comme un substitut aux diff\u00e9rents acteurs du march\u00e9 des DAMs.<\/p>\n<p>Oracle Database Firewall est un syst\u00e8me \u00e9labor\u00e9 pour s\u00e9curiser et surveiller l&#8217;activit\u00e9 des bases de donn\u00e9es SQL sur le r\u00e9seau afin de d\u00e9tecter les acc\u00e8s non autoris\u00e9s, les attributions de r\u00f4le avec des privil\u00e8ges excessifs, d&#8217;auditer les proc\u00e9dures stock\u00e9es, de parer les injections SQL ou autres tentatives d&#8217;attaques interne ou externe.<\/p>\n<p>Les bases de donn\u00e9es g\u00e9r\u00e9es par Oracle Database Firewall sont bien sur Oracle mais \u00e9galement Microsoft SQL Server, Sybase Adaptive Server Enterprise (ASE), Sybase SQL Anywhere, et IBM DB2.<\/p>\n<p>Les principaux composants sont au nombre de trois :<\/p>\n<ul>\n<li>un ou plusieurs database firewall qui analysent et enregistrent les transactions SQL et les envoient au Database Firewall Server<\/li>\n<li>un ou plusieurs database firewall management server, qui regroupent les donn\u00e9es re\u00e7ues des diff\u00e9rents database firewall, et servent \u00e9galement de plate-forme de reporting<\/li>\n<li>un ou plusieurs database firewall analyzers qui lisent les fichiers cr\u00e9\u00e9s par les Database Firewalls pour cr\u00e9er ou mettre \u00e0 jour les polices utilis\u00e9es afin de g\u00e9rer les permissions, les autorisations concernant les requ\u00eates SQL des diff\u00e9rentes bases de donn\u00e9es.<\/li>\n<\/ul>\n<p>Il y a des contraintes hardware concernant l&#8217;installation des ces diff\u00e9rents composants :<\/p>\n<ul>\n<li>le database firewall analyzer s&#8217;installe uniquement sur un syst\u00e8me windows<\/li>\n<li>le database firewall et le database firewall management server s&#8217;installent sur un syst\u00e8me intel x86 et n\u00e9cessitent chacun 1 Go de RAM, une partition de 80 Go et 3 cartes r\u00e9seau.<\/li>\n<li>l&#8217;installation du Database Firewall efface enti\u00e8rement les donn\u00e9es du serveur sur lequel on r\u00e9alise l&#8217;installation.<\/li>\n<\/ul>\n<p>Je ne vais pas vous d\u00e9crire la partie installation, mais plut\u00f4t d\u00e9crire la partie configuration ainsi que l&#8217;utilisation des fonctionnalit\u00e9s Store Procedure et User Role Auditing.<\/p>\n<p>Une fois les deux syst\u00e8mes d\u00e9marr\u00e9s (Database Firewall et Database Firewall Management Server), l&#8217;\u00e9cran d\u2019accueil de chaque syst\u00e8me Linux est le suivant:<\/p>\n<p>Management Serveur :<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw01.png\" alt=\"\" width=\"634\" height=\"456\" \/><br \/>\nDatabase Firewall :<br \/>\n<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw02.png\" alt=\"\" width=\"636\" height=\"457\" \/><br \/>\nPour acc\u00e9der au syst\u00e8me proprement dit on utilise une combinaison des touches ALT+F1 \u2026 ALT+F5. Le syst\u00e8me est compl\u00e8tement configur\u00e9 lors de l&#8217;installation, on ne peut rien param\u00e9trer : =((<br \/>\n<img decoding=\"async\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw03.png\" alt=\"\" \/><br \/>\nUne instance Oracle dbfwdb existe sur les deux serveurs :<br \/>\n<img decoding=\"async\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw04.png\" alt=\"\" \/><br \/>\nL&#8217;architecture install\u00e9e est alors la suivante : source Oracle<br \/>\n<img decoding=\"async\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw1.png\" alt=\"\" \/><br \/>\nLa partie que je vais aborder dans ce blog est la configuration \u00e0 mettre en place pour effectuer le monitoring d&#8217;une base de donn\u00e9es.<br \/>\nCe syst\u00e8me de test a \u00e9t\u00e9 \u00e9labor\u00e9 avec les serveurs suivants :<\/p>\n<ul>\n<li>un database firewall management server ip 192.168.1.12<\/li>\n<li>un database firewall server ip 192.168.1.13<\/li>\n<li>un serveur base de donn\u00e9es ip 192.168.1.11<\/li>\n<\/ul>\n<p>On se connecte tout d&#8217;abord sur la console d&#8217;administration du Database Firewall Management Server avec l&#8217;url <a href=\"https:\/\/192.168.1.12\/user\/login\">https:\/\/192.168.1.12\/user\/login <\/a>:<br \/>\n<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw4.png\" alt=\"\" width=\"995\" height=\"497\" \/><br \/>\nIl faut int\u00e9grer le database firewall dans le database firewall management server.<br \/>\nOn se connecte au database firewall server avec l&#8217;url <a href=\"https:\/\/192.168.1.13\/user\/login\">https:\/\/192.168.1.13\/user\/login<\/a> et on clique sur l&#8217;onglet system puis dans Management Server :<br \/>\n<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw5.png\" alt=\"\" width=\"992\" height=\"469\" \/><br \/>\nOn renseigne l&#8217;adresse ip du serveur de management et on recopie le certificat depuis la console d\u2019administration du management serveur depuis l&#8217;onglet System, Certificate :<br \/>\n<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw6.png\" alt=\"\" width=\"987\" height=\"630\" \/><br \/>\nPuis on clique sur apply:<br \/>\n<img decoding=\"async\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw7.png\" alt=\"\" \/><br \/>\nOn se rend ensuite sur la console du management serveur et on cr\u00e9e une &#8221;appliance&#8221; pour relier le Database Firewal Management Server au Database Firewall lui m\u00eame. On se rend donc sur la console d&#8217;administration du Management serveur et on clique sur l&#8217;onglet Appliances.<br \/>\nOn clique ensuite sur add pour renseigner le nom et l&#8217;adresse IP du Database firewall :<br \/>\n<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw8.png\" alt=\"\" width=\"992\" height=\"420\" \/><br \/>\nOn clique sur l&#8217;onglet monitoring , puis dans Protected Database puis sur l&#8217;item Create, on renseigne les champs n\u00e9cessaires, on clique sur add et enfin sur save settings :<br \/>\n<img decoding=\"async\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw9.png\" alt=\"\" \/><br \/>\nIl faut ensuite cr\u00e9er un &#8221;enforcement point&#8221; pour la base de donn\u00e9es, on clique sur Create dans le menu Enforcement Point, on d\u00e9finit un nom on choisit l&#8217;appliance cr\u00e9\u00e9e pr\u00e9c\u00e9demment et on clique sur next :<br \/>\n<img decoding=\"async\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw10.png\" alt=\"\" \/><br \/>\nOn choisit le nom de la base \u00e0 surveiller:<br \/>\n<img decoding=\"async\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw11.png\" alt=\"\" \/><br \/>\nOn choisit l&#8217;option logall qui r\u00e9cup\u00e8re toutes les requ\u00eates, attention cette option est consommatrice de place disque :<br \/>\n<img decoding=\"async\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw12.png\" alt=\"\" \/><br \/>\nOn clique sur next puis sur finish :<br \/>\n<img decoding=\"async\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw13.png\" alt=\"\" \/><br \/>\nOn peut visualiser le statut de l&#8217;enforcement point :<br \/>\n<img decoding=\"async\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw14.png\" alt=\"\" \/><br \/>\nIl est affich\u00e9 Monitoring not currently enabled ce qui signifie que les acc\u00e8s ssh ou en direct sur le serveur ne sont pas pris en compte.<br \/>\nUne fois cette configuration r\u00e9alis\u00e9e, nous allons tester deux points int\u00e9ressants \u00e0 savoir le Stored Procedure Auditing et le User Role Auditing.<br \/>\nLa fonctionnalit\u00e9 Stored Procedure Auditing permet de visualiser les diff\u00e9rentes modifications apport\u00e9es aux proc\u00e9dures actuellement dans la base de donn\u00e9es. Il y a tout d&#8217;abord une phase de configuration ou un utilisateur de base de donn\u00e9es est cr\u00e9e dans la base de donn\u00e9es \u00e0 surveiller, puis une phase d&#8217;audit de toutes les proc\u00e9dures de la base de donn\u00e9es.<br \/>\nVoici comment op\u00e9rer :<br \/>\nIl faut tout d&#8217;abord r\u00e9cup\u00e9rer dans les sources d&#8217;installation du Database Firewall les scripts spa_setup.sql et spa_drop.sql, puis lancer le script spa_setup.sql qui va cr\u00e9er un utilisateur sur la base de donn\u00e9es \u00e0 surveiller:<br \/>\n<samp style=\"margin-bottom: 0cm;\"><a href=\"mailto:oracle@oracle11202:\/u00\/app\/oracle\/spa\/dbfw-155\/database\/spa\/\">oracle@oracle11202:\/u00\/app\/oracle\/spa\/dbfw-155\/database\/spa\/<\/a> [DB112] sq<\/samp> <samp style=\"margin-bottom: 0cm;\">SQL*Plus: Release 11.2.0.2.0 Production on Thu Jan 5 22:23:47 2012<\/samp> <samp style=\"margin-bottom: 0cm;\"><br \/>\n<\/samp><samp style=\"margin-bottom: 0cm;\">Copyright (c) 1982, 2010, Oracle. All rights reserved.<\/samp> <samp style=\"margin-bottom: 0cm;\"><\/samp><br \/>\n<samp style=\"margin-bottom: 0cm;\"><\/samp><br \/>\n<samp style=\"margin-bottom: 0cm;\">Connected to:<\/samp><samp style=\"margin-bottom: 0cm;\">Oracle Database 11g Enterprise Edition Release 11.2.0.2.0 &#8211; Production<\/samp> <samp style=\"margin-bottom: 0cm;\">With the Partitioning, OLAP, Data Mining and Real Application Testing options<\/samp><\/p>\n<pre class=\"brush: sql; gutter: true; first-line: 1\">SQL&gt; @spa_setup\u00a0\nSPA setup script for Oracle\nDatabase\nusername: as parameter 1:\nEnter value for 1: spa_audit\u00a0\npassword: as parameter 2:\nEnter value for 2:\noracle\nold 1: create user &amp;spa_username identified by &amp;spa_username_password\nnew 1: create user spa_audit identified by oracle\u00a0\nUser created.\u00a0\nold 1: grant create session to &amp;spa_username\nnew 1: grant create session to spa_audit\u00a0\nGrant succeeded.\u00a0\nold 1: grant select on sys.dba_objects to &amp;spa_username\nnew 1: grant select on sys.dba_objects to spa_audit\nGrant succeeded.\u00a0\nold 1: grant select on sys.dba_source to &amp;spa_username\nnew 1: grant select on sys.dba_source to spa_audit\u00a0\nGrant succeeded.<\/pre>\n<p>&nbsp;<br \/>\nPuis sur la console d&#8217;administration dans l&#8217;onglet Monitoring, Enforcement Point on clique sur Settings et on active l&#8217;option Stored Procedure Auditing et on renseigne les informations demand\u00e9es :<br \/>\n<img decoding=\"async\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw17.png\" alt=\"\" \/><br \/>\nOn voit qu&#8217;il est possible de scheduler l&#8217;audit des proc\u00e9dures stock\u00e9es, mais dans le cadre de nos tests nous le lancerons manuellement. Il faut se rendre dans l&#8217;onglet Monitoring puis l&#8217;item Manage et on clique sur Run Now :<br \/>\n<img decoding=\"async\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw00.png\" alt=\"\" \/><br \/>\nLa proc\u00e9dure d&#8217;audit est lanc\u00e9e, les proc\u00e9dures stock\u00e9es de l&#8217;instance Oracle sont analys\u00e9es par la Database Firewall :<br \/>\n<img decoding=\"async\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw18.png\" alt=\"\" \/><br \/>\nOn voit qu&#8217;il y a 3047 Stored Procedure en mode pending, il faut effectuer un approval, on clique sur l&#8217;onglet Stored Procedure Auditing puis dans le sous menu Pending :<br \/>\n<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw19.png\" alt=\"\" width=\"978\" height=\"461\" \/><br \/>\nEt on clique sur Approve, les proc\u00e9dures stock\u00e9es audit\u00e9es passent du mode &#8221;pending&#8221; au mode &#8221;Approval&#8221; :<br \/>\n<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw20.png\" alt=\"\" width=\"978\" height=\"174\" \/><br \/>\nMaintenant que toutes les proc\u00e9dures sont en mode Approval, tout changement sera d\u00e9tect\u00e9 par le Database Firewall.<br \/>\nCr\u00e9ons maintenant un proc\u00e9dure, et lan\u00e7ons \u00e0 nouveau un audit des proc\u00e9dures stock\u00e9es :<\/p>\n<pre class=\"brush: actionscript3; gutter: true; first-line: 1\">create or replace procedure test\nas\nbegin\nfor i in 1..10\nLOOP\ninsert into employe\nselect * from employe;\nEND LOOP;\ncommit;\nend;\n\/<\/pre>\n<p><code style=\"margin-bottom: 0cm;\"><a href=\"mailto:oracle@oracle11202:\/u00\/app\/oracle\/spa\/dbfw-155\/database\/spa\/\">oracle@oracle11202:\/u00\/app\/oracle\/database\/spa\/<\/a> [DB112] sqlplus psi\/psi<\/code><\/p>\n<pre class=\"brush: sql; gutter: true; first-line: 1\">SQL*Plus: Release 11.2.0.2.0\nProduction on Thu Jan 5 23:00:27 2012\u00a0Copyright (c) 1982, 2010, Oracle. All rights reserved.\u00a0\u00a0\nConnected to:\nOracle Database 11g Enterprise Edition Release 11.2.0.2.0 - Production\nWith the Partitioning, OLAP, Data Mining and Real Application Testing options\u00a0\nSQL&gt; @cr_proc\u00a0\nProcedure created.<\/pre>\n<p>&nbsp;<br \/>\nOn visualise dans le menu Reporting qu&#8217;une nouvelle proc\u00e9dure est en mode &#8221;Pending&#8221; :<br \/>\n<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw23.png\" alt=\"\" width=\"814\" height=\"242\" \/><br \/>\nEn cliquant sur l&#8217;item Pending on visualise la nouvelle proc\u00e9dure PSI.TEST :<br \/>\n<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw24.png\" alt=\"\" width=\"1047\" height=\"236\" \/><br \/>\nEn cliquant sur le nom de la proc\u00e9dure PSI.test on visualise son code :<br \/>\n<img decoding=\"async\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw25.png\" alt=\"\" \/><br \/>\nOn accepte cette proc\u00e9dure :<br \/>\n<img decoding=\"async\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw26bis.png\" alt=\"\" \/><br \/>\nModifions maintenant cette proc\u00e9dure :<\/p>\n<pre class=\"brush: actionscript3; gutter: true; first-line: 1\">create or replace procedure test\nas\nbegin\nfor i in 1..1000000\nLOOP\nnull;\nnull\n;\nEND LOOP;\ncommit;\nend;\n\/<\/pre>\n<p>Relan\u00e7ons un audit des proc\u00e9dures on peut visualiser les modifications :<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw27.png\" alt=\"\" width=\"1019\" height=\"235\" \/><br \/>\n<img decoding=\"async\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw30.png\" alt=\"\" \/><br \/>\nPour le User Role Auditing, le principe est le m\u00eame. On r\u00e9cup\u00e8re les scripts ura_setup.sql et ura_drop.sql sur la distribution oracle et on cr\u00e9e un utilisateur sur la base de donn\u00e9es \u00e0 surveiller :<br \/>\n<code style=\"margin-bottom: 0cm;\"><a href=\"mailto:oracle@oracle11202:\/u00\/app\/oracle\/spa\/dbfw-155\/database\/ura\/\">oracle@oracle11202:\/u00\/app\/oracle\/database\/ura\/<\/a> [DB112] sq<\/code><code style=\"margin-bottom: 0cm;\">\u00a0<\/code><\/p>\n<pre class=\"brush: actionscript3; gutter: true; first-line: 1\">Connected to:\nOracle Database 11g Enterprise Edition Release 11.2.0.2.0 - Production\nWith the Partitioning, OLAP, Data Mining and Real Application Testing options\u00a0\nSQL&gt; @ura_setup\u00a0\nURA setup script for Oracle Database\nusername: as parameter 1:\nEnter value for 1: ura_audit\u00a0\npassword: as parameter 2:\nEnter value for 2: oracle\nold 1: create user &amp;ura_username identified by &amp;ura_username_password\nnew 1: create user ura_audit identified by oracle\u00a0\nUser created.\u00a0\nold 1: grant create session to &amp;ura_username\nnew 1: grant create session to ura_audit\u00a0\nGrant succeeded.\u00a0\nold 1: grant select on sys.dba_users to &amp;ura_username\nnew 1: grant select on sys.dba_users to ura_audit\u00a0\nGrant succeeded.\u00a0\nold 1: grant select on sys.proxy_users to &amp;ura_username\nnew 1: grant select on sys.proxy_users to ura_audit\u00a0\nGrant succeeded.\u00a0\nold 1: grant select on sys.dba_role_privs to &amp;ura_username\nnew 1: grant select on sys.dba_role_privs to ura_audit\u00a0\nGrant succeeded.\u00a0old 1: grant select on sys.dba_sys_privs to &amp;ura_username\nnew 1: grant select on sys.dba_sys_privs to ura_audit\u00a0\nGrant succeeded.\u00a0\nold 1: grant select on sys.v_$pwfile_users to &amp;ura_username\nnew 1: grant select on sys.v_$pwfile_users to ura_audit\u00a0\nGrant succeeded.<\/pre>\n<p>Puis de la m\u00eame mani\u00e8re que pour l&#8217;audit des proc\u00e9dures stock\u00e9es, on active l&#8217;audit des r\u00f4les utilisateurs depuis le menu Enforcement Point , Manage, Settings :<br \/>\n<img decoding=\"async\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw31.png\" alt=\"\" \/><br \/>\nOn lance un audit des r\u00f4les utilisateurs, qui va analyser les r\u00f4les de la base de donn\u00e9es, puis on les approuve :<br \/>\n<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw32.png\" alt=\"\" width=\"1026\" height=\"140\" \/><br \/>\n<img decoding=\"async\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw33.png\" alt=\"\" \/><br \/>\nCr\u00e9ons ensuite un nouvel utilisateur scoot et donnons les droits dba par exemple \u00e0 l&#8217;utilisateur scott et relan\u00e7ons un audit manuellement :<br \/>\nOn cr\u00e9e un nouvel utilisateur :<\/p>\n<pre class=\"brush: sql; gutter: true; first-line: 1\">SQL&gt; create user scoot identified by tiger;\u00a0\nUser created.<\/pre>\n<p>On visualise dans le menu reporting , User Auditing Summary qu&#8217;un nouvel utilisateur a \u00e9t\u00e9 cr\u00e9\u00e9 :<br \/>\n<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw34.png\" alt=\"\" width=\"934\" height=\"245\" \/><br \/>\n<img decoding=\"async\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw35.png\" alt=\"\" \/><br \/>\nAffectons le droit dba aux utilisateurs scoot et scott :<\/p>\n<pre class=\"brush: sql; gutter: true; first-line: 1\">SQL&gt; grant dba to scoot;\u00a0\nGrant suceeded.\u00a0\nSQL&gt; grant dba to scott;\u00a0\nGrant suceeded.<\/pre>\n<p>&nbsp;<\/p>\n<p><code style=\"margin-bottom: 0cm;\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw36.png\" alt=\"\" width=\"871\" height=\"473\" \/><\/code><\/p>\n<p>&nbsp;<\/p>\n<p><code style=\"margin-bottom: 0cm;\"><img decoding=\"async\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw37.png\" alt=\"\" \/><\/code><\/p>\n<p>&nbsp;<\/p>\n<h3>Conclusion :<\/h3>\n<p>Le produit Oracle Database Firewall est une solution qui travaille au niveau du r\u00e9seau. Par cons\u00e9quent il ne peut pas capturer ce qui ne transite pas par le r\u00e9seau. Cependant il peut \u00eatre une solution int\u00e9ressante en conjonction avec les autres outils de s\u00e9curit\u00e9 Oracle, tels que Oracle Database Vault ou Oracle Audit Vault.<br \/>\nDans les points positifs je rel\u00e8verai la relative facilit\u00e9 d\u2019appr\u00e9hension et de configuration du produit, ainsi que l&#8217;utilisation de la partie reporting du Database Firewall Management Server.<br \/>\nDans les points n\u00e9gatifs, la partie Linux et base de donn\u00e9es Oracle install\u00e9s sur les deux serveurs ne sont pas configurables lors de l&#8217;installation, l&#8217;administration UNIX \/ Oracle de ces serveurs ne doit pas en \u00eatre facilit\u00e9e. De plus la partie audit des proc\u00e9dures et des utilisateurs pr\u00e9sente un trou de s\u00e9curit\u00e9 d\u00e8s lors que ces audits sont sch\u00e9dul\u00e9s \u00e0 certaines heures de la journ\u00e9e.<br \/>\nD&#8217;autres fonctionnalit\u00e9s importantes \u00e0 tester tels que le blocage de transactions SQL vers la base de donn\u00e9e en utilisant une m\u00e9thode de White List \/ Black List, la protection de la base de donn\u00e9es contre des injections SQL seront test\u00e9es prochainement et je vous ferai part de mes conclusions dans un prochain blog.<br \/>\n\u00c0 suivre &#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Le march\u00e9 du Database Activity Monitoring (DAM) devenant de plus en plus important avec des produits tels que Imperva, Guardium ou Sentrigo, je me suis int\u00e9ress\u00e9 au produit Oracle Database Firewall, qu&#8217;Oracle pr\u00e9sente comme un substitut aux diff\u00e9rents acteurs du march\u00e9 des DAMs.<\/p>\n","protected":false},"author":27,"featured_media":2440,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[198],"tags":[143,17,24,25],"type_dbi":[],"class_list":["post-2439","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-database-management","tag-monitoring","tag-oracle-11g","tag-pl-sql","tag-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Oracle Database Firewall - dbi Blog<\/title>\n<meta name=\"description\" content=\"Oracle Database Firewall est un syst\u00e8me \u00e9labor\u00e9 pour s\u00e9curiser et surveiller l&#039;activit\u00e9 des bases de donn\u00e9es SQL sur le r\u00e9seau.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dbi-services.com\/blog\/oracle-database-firewall-1\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Oracle Database Firewall\" \/>\n<meta property=\"og:description\" content=\"Oracle Database Firewall est un syst\u00e8me \u00e9labor\u00e9 pour s\u00e9curiser et surveiller l&#039;activit\u00e9 des bases de donn\u00e9es SQL sur le r\u00e9seau.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.dbi-services.com\/blog\/oracle-database-firewall-1\/\" \/>\n<meta property=\"og:site_name\" content=\"dbi Blog\" \/>\n<meta property=\"article:published_time\" content=\"2012-01-23T11:05:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw01.png\" \/>\n\t<meta property=\"og:image:width\" content=\"732\" \/>\n\t<meta property=\"og:image:height\" content=\"461\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Oracle Team\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Oracle Team\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/oracle-database-firewall-1\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/oracle-database-firewall-1\/\"},\"author\":{\"name\":\"Oracle Team\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee\"},\"headline\":\"Oracle Database Firewall\",\"datePublished\":\"2012-01-23T11:05:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/oracle-database-firewall-1\/\"},\"wordCount\":1611,\"commentCount\":0,\"image\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/oracle-database-firewall-1\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw01.png\",\"keywords\":[\"Monitoring\",\"Oracle 11g\",\"PL\/SQL\",\"Security\"],\"articleSection\":[\"Database management\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.dbi-services.com\/blog\/oracle-database-firewall-1\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/oracle-database-firewall-1\/\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/oracle-database-firewall-1\/\",\"name\":\"Oracle Database Firewall - dbi Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/oracle-database-firewall-1\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/oracle-database-firewall-1\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw01.png\",\"datePublished\":\"2012-01-23T11:05:00+00:00\",\"author\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee\"},\"description\":\"Oracle Database Firewall est un syst\u00e8me \u00e9labor\u00e9 pour s\u00e9curiser et surveiller l'activit\u00e9 des bases de donn\u00e9es SQL sur le r\u00e9seau.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/oracle-database-firewall-1\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.dbi-services.com\/blog\/oracle-database-firewall-1\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/oracle-database-firewall-1\/#primaryimage\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw01.png\",\"contentUrl\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw01.png\",\"width\":732,\"height\":461},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/oracle-database-firewall-1\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.dbi-services.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Oracle Database Firewall\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#website\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/\",\"name\":\"dbi Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee\",\"name\":\"Oracle Team\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g\",\"caption\":\"Oracle Team\"},\"url\":\"https:\/\/www.dbi-services.com\/blog\/author\/oracle-team\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Oracle Database Firewall - dbi Blog","description":"Oracle Database Firewall est un syst\u00e8me \u00e9labor\u00e9 pour s\u00e9curiser et surveiller l'activit\u00e9 des bases de donn\u00e9es SQL sur le r\u00e9seau.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.dbi-services.com\/blog\/oracle-database-firewall-1\/","og_locale":"en_US","og_type":"article","og_title":"Oracle Database Firewall","og_description":"Oracle Database Firewall est un syst\u00e8me \u00e9labor\u00e9 pour s\u00e9curiser et surveiller l'activit\u00e9 des bases de donn\u00e9es SQL sur le r\u00e9seau.","og_url":"https:\/\/www.dbi-services.com\/blog\/oracle-database-firewall-1\/","og_site_name":"dbi Blog","article_published_time":"2012-01-23T11:05:00+00:00","og_image":[{"width":732,"height":461,"url":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw01.png","type":"image\/png"}],"author":"Oracle Team","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Oracle Team","Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.dbi-services.com\/blog\/oracle-database-firewall-1\/#article","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/oracle-database-firewall-1\/"},"author":{"name":"Oracle Team","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee"},"headline":"Oracle Database Firewall","datePublished":"2012-01-23T11:05:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/oracle-database-firewall-1\/"},"wordCount":1611,"commentCount":0,"image":{"@id":"https:\/\/www.dbi-services.com\/blog\/oracle-database-firewall-1\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw01.png","keywords":["Monitoring","Oracle 11g","PL\/SQL","Security"],"articleSection":["Database management"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.dbi-services.com\/blog\/oracle-database-firewall-1\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.dbi-services.com\/blog\/oracle-database-firewall-1\/","url":"https:\/\/www.dbi-services.com\/blog\/oracle-database-firewall-1\/","name":"Oracle Database Firewall - dbi Blog","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/oracle-database-firewall-1\/#primaryimage"},"image":{"@id":"https:\/\/www.dbi-services.com\/blog\/oracle-database-firewall-1\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw01.png","datePublished":"2012-01-23T11:05:00+00:00","author":{"@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee"},"description":"Oracle Database Firewall est un syst\u00e8me \u00e9labor\u00e9 pour s\u00e9curiser et surveiller l'activit\u00e9 des bases de donn\u00e9es SQL sur le r\u00e9seau.","breadcrumb":{"@id":"https:\/\/www.dbi-services.com\/blog\/oracle-database-firewall-1\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dbi-services.com\/blog\/oracle-database-firewall-1\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.dbi-services.com\/blog\/oracle-database-firewall-1\/#primaryimage","url":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw01.png","contentUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/dbfw01.png","width":732,"height":461},{"@type":"BreadcrumbList","@id":"https:\/\/www.dbi-services.com\/blog\/oracle-database-firewall-1\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.dbi-services.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Oracle Database Firewall"}]},{"@type":"WebSite","@id":"https:\/\/www.dbi-services.com\/blog\/#website","url":"https:\/\/www.dbi-services.com\/blog\/","name":"dbi Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee","name":"Oracle Team","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g","caption":"Oracle Team"},"url":"https:\/\/www.dbi-services.com\/blog\/author\/oracle-team\/"}]}},"_links":{"self":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/2439","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/users\/27"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/comments?post=2439"}],"version-history":[{"count":0,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/2439\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/media\/2440"}],"wp:attachment":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/media?parent=2439"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/categories?post=2439"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/tags?post=2439"},{"taxonomy":"type","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/type_dbi?post=2439"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}