{"id":4157,"date":"2014-11-27T10:13:00","date_gmt":"2014-11-27T09:13:00","guid":{"rendered":"https:\/\/www.dbi-services.com\/blog\/avdf-database-firewall-policies\/"},"modified":"2014-11-27T10:13:00","modified_gmt":"2014-11-27T09:13:00","slug":"avdf-database-firewall-policies","status":"publish","type":"post","link":"https:\/\/www.dbi-services.com\/blog\/avdf-database-firewall-policies\/","title":{"rendered":"Oracle AVDF &#8211; Database Firewall Policies"},"content":{"rendered":"<p>The successful deployment of a Database Firewall depends on an effective policy. Oracle AVDF includes preconfigured firewall policies as described in the Firewall Policy page in the Policy tab of the Audit Vault Server console.<\/p>\n<p>These include policies that log all SQL statements, or log only unique SQL statements. In addition, the Database Firewall policy editor enables you to design your own policies quickly and efficiently.<\/p>\n<p>Policy rules can depend on any combination of the SQL statement type, name of the database user, IP address of the database client, operating system user name, client program name, or any exceptions you specify.<\/p>\n<h3>First policy and global concept<\/h3>\n<p>1. Log in to the Audit Vault Server console as an auditor, and click on the Policy tab:<\/p>\n<p><a title=\"001_20141122-190809_1.png\" href=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/001_20141122-190809_1.png\"><img decoding=\"async\" title=\"001_20141122-190809_1.png\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/001_20141122-190809_1.png\" alt=\"001_20141122-190809_1.png\" \/><\/a><\/p>\n<p>2. Under the Policy menu, click Firewall Policy.<\/p>\n<p>3. Click Create Policy.<\/p>\n<p>The Create Policy dialog appears. Select the Database Type from the drop-down list (choice between IBM DB2, Microsoft SQL Server, MySQL, Oracle Database, Sybase ASE, Sybase SQL Anywhere), Enter a Policy Name and Optionally, enter a Description:<\/p>\n<p><a title=\"002.png\" href=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/002-2.png\"><img decoding=\"async\" title=\"002.png\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/002-2.png\" alt=\"002.png\" \/><\/a><\/p>\n<p>3. Click on \u201cCreate\u201d. The new policy is created, and the policy&#8217;s Overview page appears:<\/p>\n<p><a title=\"003.png\" href=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/003-2.png\"><img decoding=\"async\" title=\"003.png\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/003-2.png\" alt=\"003.png\" \/><\/a><\/p>\n<p>When you create a new policy, or click an existing policy name in the Firewall Policies page, that policy&#8217;s Overview page appears. This page shows the policy rules that are being applied to the statement types (clusters) being monitored by the Database Firewall, as well as exceptions and other rules that may apply.<\/p>\n<p>The policy&#8217;s Overview page is divided into these sub-sections:<\/p>\n<ul>\n<li><strong>Exception Rules<\/strong> &#8211; Lists exceptions you have created. The rules that you have assigned to SQL statement clusters will not apply to these exceptions. You can move the rules up or down in the list. The rules are evaluated in the order listed.<\/li>\n<li><strong>Analyzed SQL<\/strong> &#8211; Displays the number of SQL statement clusters for which you have defined policy rules, and their policy actions (such as Warn or Block).<\/li>\n<li><strong>Novelty Policies (Any)<\/strong> &#8211; Lists special policies you have created for specific statement classes and\/or specific tables in your secured target databases. If you have identified specific tables in a policy in this section, the policy rule applies if it matches Any of the tables.<\/li>\n<li><strong>Novelty Policies (All)<\/strong> &#8211; Lists special policies you have created for specific statement classes and\/or specific tables in your secured target databases. If you have identified specific tables in a policy in this section, the policy rule applies if it matches All of the tables.<\/li>\n<li><strong>Default Rule<\/strong> &#8211; Shows the default rule for any statements that are not matched by the rules set for Analyzed SQL clusters, Exceptions, or Novelty Policies.<\/li>\n<li><strong>Policy Controls<\/strong> &#8211; Lets you configure firewall policy settings, create policy profiles, as well as sets of filters to use in defining profiles and Exception rules.<\/li>\n<\/ul>\n<h3 class=\"dbiHead2\">Practical case<\/h3>\n<p>Developing a policy is an iterative process that keeps refining and improving the policy with new data. In order to be able to create a policy statements have to be executed on the database. The examples below present some possibilities provided by Firewall Policy.<\/p>\n<p>These examples are based on a very simple context with two schemas\/users:<\/p>\n<ol>\n<li>PSI<\/li>\n<li>GRS<\/li>\n<\/ol>\n<p>PSI schema contains three tables:<\/p>\n<ol>\n<li>PSI.CREDIT_CARD containing Credit Cards numbers<\/li>\n<li>PSI.EMP containing employees\u2019 salaries<\/li>\n<li>PSI.TEST containing one non sensitive row<\/li>\n<\/ol>\n<p class=\"Textbody\" style=\"margin-left: 36pt;\"><span style=\"font-size: 9.5pt; line-height: 120%; font-family: 'DIN Offc','sans-serif'; color: black; letter-spacing: 0.1pt;\">\u00a0<\/span><\/p>\n<pre class=\"brush: sql; gutter: true; first-line: 1\">SQL&gt; select table_name from dba_tables where owner='PSI';\nTABLE_NAME\n------------------------------\nEMP\nCREDIT_CARD\nTEST<\/pre>\n<h3 class=\"dbiHead3\">Novelty Policy<\/h3>\n<p>The table CREDIT_CARD contains credit cards numbers and EMP contains Employee salary. These two tables are very sensitive and nobody can have a look on these tables:<\/p>\n<table class=\"aligncenter\" style=\"height: 232px;\" border=\"1\" width=\"459\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td valign=\"top\" width=\"133\"><\/td>\n<td valign=\"top\" width=\"160\">\n<p align=\"center\">GRS<\/p>\n<\/td>\n<td valign=\"top\" width=\"139\">\n<p align=\"center\">PSI<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" width=\"133\">PSI.EMP<\/td>\n<td valign=\"top\" width=\"160\">\n<p align=\"center\">NOK<\/p>\n<\/td>\n<td valign=\"top\" width=\"139\">\n<p align=\"center\">NOK<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" width=\"133\">PSI.CREDIT_CARD<\/td>\n<td valign=\"top\" width=\"160\">\n<p align=\"center\">NOK<\/p>\n<\/td>\n<td valign=\"top\" width=\"139\">\n<p align=\"center\">NOK<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" width=\"133\">PSI.TEST<\/td>\n<td valign=\"top\" width=\"160\">\n<p align=\"center\">OK<\/p>\n<\/td>\n<td valign=\"top\" width=\"139\">\n<p align=\"center\">OK<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>The first step in order to create this policy is to create a novelty rule. Novelty policies specify the action, logging level, and threat severity to use for specific types of statements and\/or statements that operate on selected tables. Novelty policies can be used to loosen or tighten your normal policy rules if certain statements are encountered. In our context we want to create a novelty policy that will block all access to these tables:<\/p>\n<p>1. In the Audit Vault Server console, select the \u201cPolicy\u201d tab.<br \/>\n2. From the Policy menu, click \u201cFirewall Policy\u201d.<br \/>\n3. Click on the newly created Firewall Policy named \u201cMyPolicy\u201d<br \/>\n4. Click Add Novelty Rule in section Novelty Policy (Any):<br \/>\n5. In the Novelty Policy Details dialog, define the following:<\/p>\n<p style=\"padding-left: 30px;\">a. Novelty Rule: Enter a name for this rule: MyNR<\/p>\n<p style=\"padding-left: 30px;\">b. Statement Classes: Select one or more types of statements that SQL statements must match in order to apply this rule. In this example we have to select \u201cData Manipulation Read Only\u201d<\/p>\n<p style=\"padding-left: 30px;\">c. Policy Controls: Select the Action, Logging Level, and Threat Severity for this rule from the appropriate drop-down list. In this example we have to select \u201cBlock\u201d for action and specify in the substitution field, the statement below:<\/p>\n<pre class=\"brush: actionscript3; gutter: true; first-line: 1\">select 'You do not have access to this table' from dual<\/pre>\n<p>6. Affected Tables: Select the table(s) to use for matching statements to this policy. In order to have tables in this list, tables have to be accessed first. If there is no activity on the database the list will be empty. In our specific case we select tables: PSI.EMP and PSI.CREDIT_CARD and we click on \u201cAdd Tables\u201d:<\/p>\n<p><a class=\"easyblog-thumb-preview\" title=\"004.png\" href=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/004-2.png\"><img decoding=\"async\" title=\"004.png\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/004-2.png\" alt=\"004.png\" \/><\/a><\/p>\n<p>7. Click on \u201cCreate\u201d.<br \/>\n8. Now we can test this policy. For the moment this policy will block access to any user trying to have access to these two tables.In order to apply this policy we have to save the policy by clicking on \u201csave\u201d and then \u201cpublish\u201d.<br \/>\n9. Click on \u201cSecured Targets\u201d<br \/>\n10. Click on the target where you want to apply the policy<br \/>\n11. Click on Firewall Policy<br \/>\n12. Select the Policy \u201cMyPolicy\u201d<br \/>\n13. Now you can check that the policy is applied by doing a select on this table.<\/p>\n<div style=\"border: 1pt solid windowtext; padding: 1pt 4pt;\"><code class=\"dbiCode\" style=\"padding: 0cm;\">C:Usersadministrateur&gt;sqlplus <a href=\"mailto:psi\/psi@souk\">psi\/psi@souk<br \/>\n<\/a><\/code><code class=\"dbiCode\" style=\"padding: 0cm;\">SQL*Plus: Release 12.1.0.2.0 Production on Mer. Nov. 12 13:36:14 2014<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\"><\/code><\/div>\n<p>Copyright (c) 1982, 2014, Oracle. All rights reserved.<code class=\"dbiCode\" style=\"padding: 0cm;\"><\/code><\/p>\n<p>Connect\u00da \u00d3 :<code class=\"dbiCode\" style=\"padding: 0cm;\">Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\"><\/code><\/p>\n<p>SQL&gt; select * from psi.credit_card;<code class=\"dbiCode\" style=\"padding: 0cm;\"><\/code><\/p>\n<p>&#8216;YOUDONOTHAVEACCESSTOTHISTABLE&#8217;<code class=\"dbiCode\" style=\"padding: 0cm;\"><br \/>\n------------------------------------<br \/>\n<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\">You do not have access to this table<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\"><br \/>\nSQL&gt;<\/code><\/p>\n<p>We can execute the same query with user GRS, the result will be the same:<\/p>\n<div style=\"border: 1pt solid windowtext; padding: 1pt 4pt;\"><code class=\"dbiCode\" style=\"padding: 0cm;\">C:Usersadministrateur&gt;sqlplus <a href=\"mailto:grs\/grs@souk\">grs\/grs@souk<br \/>\n<\/a><\/code><code class=\"dbiCode\" style=\"padding: 0cm;\">SQL*Plus: Release 12.1.0.2.0 Production on Mer. Nov. 12 13:36:14 2014<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\"><\/code><\/div>\n<p>Copyright (c) 1982, 2014, Oracle. All rights reserved.<code class=\"dbiCode\" style=\"padding: 0cm;\"><\/code><\/p>\n<p>Connect\u00da \u00d3 :<code class=\"dbiCode\" style=\"padding: 0cm;\">Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\"><\/code><\/p>\n<p>SQL&gt; select * from psi.credit_card;<code class=\"dbiCode\" style=\"padding: 0cm;\"><\/code><\/p>\n<p>&#8216;YOUDONOTHAVEACCESSTOTHISTABLE&#8217;<br \/>\n<code class=\"dbiCode\" style=\"padding: 0cm;\">------------------------------------<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\"><br \/>\nYou do not have access to this table<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\"><br \/>\nSQL&gt;<\/code><\/p>\n<h3 class=\"dbiHead3\"><\/h3>\n<h3>Exception Rule<\/h3>\n<p>The table CREDIT_CARD contains credit cards numbers and EMP contains Employee salary. These two tables are still very sensitive but since PSI has been promoted Chief Financial Officer he need access to these tables. Therefore we will create an exception for him:<\/p>\n<table style=\"margin-left: 62.1pt; border-collapse: collapse;\" border=\"1\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td style=\"width: 99.9pt; border: 1pt solid windowtext; padding: 0cm 5.4pt;\" valign=\"top\" width=\"133\"><\/td>\n<td style=\"width: 119.85pt; border-width: 1pt 1pt 1pt medium; border-style: solid solid solid none; border-color: windowtext windowtext windowtext -moz-use-text-color; padding: 0cm 5.4pt;\" valign=\"top\" width=\"160\">\n<p class=\"dbiNormal\" style=\"text-align: center;\" align=\"center\"><strong>GRS<\/strong><\/p>\n<\/td>\n<td style=\"width: 104.1pt; border-width: 1pt 1pt 1pt medium; border-style: solid solid solid none; border-color: windowtext windowtext windowtext -moz-use-text-color; padding: 0cm 5.4pt;\" valign=\"top\" width=\"139\">\n<p class=\"dbiNormal\" style=\"text-align: center;\" align=\"center\"><strong>PSI<\/strong><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 99.9pt; border-right: 1pt solid windowtext; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0cm 5.4pt;\" valign=\"top\" width=\"133\">\n<p class=\"dbiNormal\">PSI.EMP<\/p>\n<\/td>\n<td style=\"width: 119.85pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0cm 5.4pt;\" valign=\"top\" width=\"160\">\n<p class=\"dbiNormal\" style=\"text-align: center;\" align=\"center\"><span style=\"font-size: 12pt; font-family: Wingdings; color: red;\">NOK<\/span><\/p>\n<\/td>\n<td style=\"width: 104.1pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0cm 5.4pt;\" valign=\"top\" width=\"139\">\n<p class=\"dbiNormal\" style=\"text-align: center;\" align=\"center\"><span style=\"font-size: 12pt; font-family: Wingdings; color: #00b050;\">OK<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 99.9pt; border-right: 1pt solid windowtext; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0cm 5.4pt;\" valign=\"top\" width=\"133\">\n<p class=\"dbiNormal\">PSI.CREDIT_CARD<\/p>\n<\/td>\n<td style=\"width: 119.85pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0cm 5.4pt;\" valign=\"top\" width=\"160\">\n<p class=\"dbiNormal\" style=\"text-align: center;\" align=\"center\"><span style=\"font-size: 12pt; font-family: Wingdings; color: red;\">NOK<\/span><\/p>\n<\/td>\n<td style=\"width: 104.1pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0cm 5.4pt;\" valign=\"top\" width=\"139\">\n<p class=\"dbiNormal\" style=\"text-align: center;\" align=\"center\"><span style=\"font-size: 12pt; font-family: Wingdings; color: #00b050;\">OK<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 99.9pt; border-right: 1pt solid windowtext; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0cm 5.4pt;\" valign=\"top\" width=\"133\">\n<p class=\"dbiNormal\">PSI.TEST<\/p>\n<\/td>\n<td style=\"width: 119.85pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0cm 5.4pt;\" valign=\"top\" width=\"160\">\n<p class=\"dbiNormal\" style=\"text-align: center;\" align=\"center\"><span style=\"font-size: 12pt; font-family: Wingdings; color: #00b050;\">OK<\/span><\/p>\n<\/td>\n<td style=\"width: 104.1pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0cm 5.4pt;\" valign=\"top\" width=\"139\">\n<p class=\"dbiNormal\" style=\"text-align: center;\" align=\"center\"><span style=\"font-size: 12pt; font-family: Wingdings; color: #00b050;\">OK<\/span><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<ol>\n<li>In order to change the policy this one has to be unused. Click on secured targets, select the target, and click on firewall policy and change the policy to \u201clog all\u201d:<\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<p><a class=\"easyblog-thumb-preview\" title=\"005.png\" href=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/005-2.png\"><img decoding=\"async\" title=\"005.png\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/005-2.png\" alt=\"005.png\" \/><\/a><\/p>\n<p>2. Now you can make modification to your policy \u201cMyPolicy\u201d.<\/p>\n<p>First of all we need to create a Profile. Within a firewall policy, a profile lets you define a different set of policy rules based on the session data associated with SQL statements. To define the profile, you use the session filters you defined in the Policy Controls section of the firewall policy. These session filters filter SQL statements based on:<\/p>\n<ul>\n<li>IP addresses<\/li>\n<li>Database user login names<\/li>\n<li>Client program names (for example, SQL*Plus)<\/li>\n<li>Operating system user names<\/li>\n<\/ul>\n<p>In this example we will create a profile based on Database user login named. This user will be PSI.<\/p>\n<p>3.Click on Policy<br \/>\n4.Click on Firewall Policy<br \/>\n5. Click on MyPolicy<br \/>\n6. Click on Database User Set<br \/>\n7. Create a new set by clicking on \u201cCreate New Set\u201d<br \/>\n8. Enter values for field New Set Name and member:<\/p>\n<p class=\"dbiNormal\"><a class=\"easyblog-thumb-preview\" title=\"006.png\" href=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/006-1.png\"><img decoding=\"async\" title=\"006.png\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/006-1.png\" alt=\"006.png\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>9.Click on \u201cCreate Set\u201d<br \/>\n10. Click on \u201cCancel\u201d<br \/>\n11.Click on \u201cProfiles\u201d<br \/>\n12. Create a new Profile by clicking on \u201cCreate New Profile\u201d<br \/>\n13. Enter the Profile Name and select \u201cUsersHavingAccessToMyTable\u201d in the field \u201cDB User Set\u201d:<\/p>\n<p class=\"dbiNormal\"><a class=\"easyblog-thumb-preview\" title=\"007.png\" href=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/007-2.png\"><img decoding=\"async\" title=\"007.png\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/007-2.png\" alt=\"007.png\" \/><\/a><\/p>\n<p>14. Click on \u201cCreate Profile\u201d<\/p>\n<p class=\"Standard\"><a class=\"easyblog-thumb-preview\" title=\"008.png\" href=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/008-1.png\"><img decoding=\"async\" title=\"008.png\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/008-1.png\" alt=\"008.png\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>Now we have to create an exception based on this profile. An exception determines the action, logging level, and threat severity to use when certain session data is encountered. For example, an exception could specify rules for statements that originate (or do not originate) from selected client IP addresses or database user names. In this example, the exception will be based on database user name.<\/p>\n<p>Exceptions override all other policy rules. For example, you may want to override the normal policy rules if SQL statements originate from an administrator, or if they originate from anywhere other than a specific IP address.<\/p>\n<p>You can define many exceptions and control the order in which they are evaluated. Each Exception has its own Action, Logging, and Threat Severity settings.<\/p>\n<p>15. Click on policy<br \/>\n16. Click on firewall policy<br \/>\n17. Click on your newly created policy \u201cMyPolicy\u201d<br \/>\n18. Click on \u201cAdd Exception\u201d<br \/>\n19. Enter the expception rule name : \u201cExceptionForPSITable\u201d<br \/>\n20. Into DB User Set select \u201cInclude\u201d and select \u201cUsersHavingAccessToblMyTable\u201d<br \/>\n21. In Policy Control click on \u201cPass\u201d<br \/>\n22. Click on \u201cCreate\u201d:<\/p>\n<p><a title=\"009.png\" href=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/009-1.png\"><img decoding=\"async\" title=\"009.png\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/009-1.png\" alt=\"009.png\" \/><\/a><\/p>\n<p>23. Click on \u201cSave\u201d and \u201cPublish\u201d<br \/>\n24. Apply this policy to the target<\/p>\n<p>Now, the user PSI can access to all his tables and user GRS have no access to sensitive tables.<\/p>\n<div style=\"border: 1pt solid windowtext; padding: 1pt 4pt;\"><code class=\"dbiCode\" style=\"padding: 0cm;\">C:Usersadministrateur&gt;sqlplus <a href=\"mailto:grs\/grs@souk\">grs\/grs@souk<br \/>\n<\/a><\/code><code class=\"dbiCode\" style=\"padding: 0cm;\">SQL*Plus: Release 12.1.0.2.0 Production on Mer. Nov. 12 14:09:07 2014<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\"><\/code><\/div>\n<p>Copyright (c) 1982, 2014, Oracle. All rights reserved.<code class=\"dbiCode\" style=\"padding: 0cm;\"><\/code><\/p>\n<p>Connect\u00da \u00d3 :<code class=\"dbiCode\" style=\"padding: 0cm;\">Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production<\/code><\/p>\n<p><code class=\"dbiCode\" style=\"padding: 0cm;\">SQL&gt; select * from psi.emp;<\/code><\/p>\n<p><code class=\"dbiCode\" style=\"padding: 0cm;\">'YOUDONOTHAVEACCESSTOTHISTABLE'<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\"><br \/>\n------------------------------------<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\"><br \/>\nYou do not have access to this table<\/code><\/p>\n<p><code class=\"dbiCode\" style=\"padding: 0cm;\">SQL&gt; select * from psi.credit_card;<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\"><\/code><\/p>\n<p>&#8216;YOUDONOTHAVEACCESSTOTHISTABLE&#8217;<code class=\"dbiCode\" style=\"padding: 0cm;\"><br \/>\n------------------------------------<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\"><br \/>\nYou do not have access to this table<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\"><\/code><\/p>\n<p>SQL&gt; select * from psi.test;<\/p>\n<p><code class=\"dbiCode\" style=\"padding: 0cm;\">NAME<br \/>\n<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\">----------<br \/>\n<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\">hello<\/code><\/p>\n<div style=\"border: 1pt solid windowtext; padding: 1pt 4pt;\"><code class=\"dbiCode\" style=\"padding: 0cm;\">C:Usersadministrateur&gt;sqlplus <a href=\"mailto:psi\/psi@souk\">psi\/psi@souk<br \/>\n<\/a><\/code><code class=\"dbiCode\" style=\"padding: 0cm;\">SQL*Plus: Release 12.1.0.2.0 Production on Mer. Nov. 12 14:18:54 2014<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\"><\/code><\/div>\n<p>Copyright (c) 1982, 2014, Oracle. All rights reserved.<code class=\"dbiCode\" style=\"padding: 0cm;\"><\/code><\/p>\n<p>Connect\u00da \u00d3 :<code class=\"dbiCode\" style=\"padding: 0cm;\">Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production<\/code><\/p>\n<p><code class=\"dbiCode\" style=\"padding: 0cm;\">SQL&gt; select * from psi.credit_card;<\/code><\/p>\n<p><code class=\"dbiCode\" style=\"padding: 0cm;\">NAME\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ID<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\"><br \/>\n---------- ----------<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\"><br \/>\nLarry\u00a0\u00a0\u00a0\u00a0 4,8960E+15<br \/>\n<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\">John\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 7,8623E+15<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\"><\/code><\/p>\n<p>SQL&gt; select * from psi.emp;<code class=\"dbiCode\" style=\"padding: 0cm;\"><\/code><\/p>\n<p>NAME\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 SAL<br \/>\n<code class=\"dbiCode\" style=\"padding: 0cm;\">---------- ----------<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\"><br \/>\nLarry\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 150000<br \/>\n<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\">John\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 80000<\/code><\/p>\n<p><code class=\"dbiCode\" style=\"padding: 0cm;\">SQL&gt; select * from psi.test;<\/code><\/p>\n<p><code class=\"dbiCode\" style=\"padding: 0cm;\">NAME<br \/>\n<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\">----------<br \/>\n<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\">hello<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\"><br \/>\nSQL&gt;<\/code><\/p>\n<h3>Analyzed SQL<\/h3>\n<p>With the exception we granted access to PSI database user to all his table. Since PSI didn\u2019t present good results to shareholders he has been replaced by a new CFO and this one decided that PSI has now only access to credit card number but is not anymore allowed to make select statement on employees\u2019 salaries table:<\/p>\n<table class=\"aligncenter\" style=\"height: 232px;\" border=\"1\" width=\"594\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td valign=\"top\" width=\"133\"><\/td>\n<td valign=\"top\" width=\"160\">\n<p align=\"center\">GRS<\/p>\n<\/td>\n<td valign=\"top\" width=\"139\">\n<p align=\"center\">PSI<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" width=\"133\">PSI.EMP<\/td>\n<td valign=\"top\" width=\"160\">\n<p align=\"center\">NOK<\/p>\n<\/td>\n<td valign=\"top\" width=\"139\">\n<p style=\"text-align: center;\" align=\"center\">NOK<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" width=\"133\">PSI.CREDIT_CARD<\/td>\n<td valign=\"top\" width=\"160\">\n<p align=\"center\">NOK<\/p>\n<\/td>\n<td valign=\"top\" width=\"139\">\n<p align=\"center\">OK<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" width=\"133\">PSI.TEST<\/td>\n<td valign=\"top\" width=\"160\">\n<p align=\"center\">OK<\/p>\n<\/td>\n<td valign=\"top\" width=\"139\">\n<p align=\"center\">OK<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<ol>\n<li>First of all we have to remove the exception we did before by clicking on the exception rule and clicking on \u201cdelete\u201d<\/li>\n<li>In the policy overview click on \u201cModify SQL\u201d3.Click on \u201cChange\u201d<\/li>\n<li>Select \u201cSecured Target\u201d, select the profile \u201cProfileForPrivsUsers\u201d and enter in Event Time last 24 hours.<\/li>\n<li>Click on \u201cApply\u201d<\/li>\n<li>Click on column header \u201cUser Name\u201d<\/li>\n<li>Select \u201cpsi\u201d<\/li>\n<li>A line looking like the one below should appear in the list<\/li>\n<li>Select this line<\/li>\n<li>Click on \u201cSet Policy\u201d<\/li>\n<li>In the Action list click on \u201cPass\u201d:<\/li>\n<\/ol>\n<p><a class=\"easyblog-thumb-preview\" title=\"0010.png\" href=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/0010.png\"><img decoding=\"async\" class=\" aligncenter\" title=\"0010.png\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/0010.png\" alt=\"0010.png\" \/><\/a><\/p>\n<p style=\"padding-left: 30px;\">11. If you have a look on the list of SQL, the following statement should appear.<\/p>\n<p style=\"padding-left: 30px;\"><a class=\"easyblog-thumb-preview\" title=\"0013.png\" href=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/0013.png\"><img decoding=\"async\" class=\" aligncenter\" title=\"0013.png\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/0013.png\" alt=\"0013.png\" \/><\/a><\/p>\n<p style=\"padding-left: 30px;\">12. Create a profile for user GRS named \u201cProfileForStdUsers\u201d as we did for user PSI. This profile won&#8217;t have the possibility to execute statement \u201cSelect * from psi.credit_card\u201d.<\/p>\n<p style=\"padding-left: 30px;\">13. In \u201cAnalyze SQL\u201d select profile \u201cProfileForStdUsers\u201d and filter on GRS user as we did in step<\/p>\n<p style=\"padding-left: 30px;\">14. Select the following statement:<\/p>\n<p style=\"padding-left: 30px;\"><a class=\"easyblog-thumb-preview\" title=\"0014.png\" href=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/0014.png\"><img decoding=\"async\" class=\" aligncenter\" title=\"0014.png\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/0014.png\" alt=\"0014.png\" \/><\/a>15. Click on \u201cSet Policy\u201d<\/p>\n<p style=\"padding-left: 30px;\">16. Select action \u201cBlock\u201d<\/p>\n<p style=\"padding-left: 30px;\">17. In the field Substitution enter the following: \u201cselect &#8216;Your profile does not allow access to this statement&#8217; from dual \u201d<\/p>\n<p style=\"padding-left: 30px;\">18. Now your section \u201cAnalyzed SQL\u201d should look like the screenshot below:<\/p>\n<p style=\"padding-left: 30px;\">19. Save and Publish the modification done on this policy&#8217;s<\/p>\n<p style=\"padding-left: 30px;\">20. Apply this policy to your target, click on secured targets, Firewall Policy and select \u201cMyPolicy\u201d in the list.<\/p>\n<p class=\"Standard\" style=\"text-align: left;\">Now we can test the access:<\/p>\n<p class=\"Standard\"><span style=\"font-size: 10pt; font-family: 'Courier 10 Pitch';\">\u00a0<\/span><\/p>\n<div style=\"border: 1pt solid windowtext; padding: 1pt 4pt;\"><code class=\"dbiCode\" style=\"padding: 0cm;\">C:Usersadministrateur&gt;sqlplus <a href=\"mailto:grs\/grs@souk\">grs\/grs@souk<br \/>\n<\/a><\/code><code class=\"dbiCode\" style=\"padding: 0cm;\">SQL*Plus: Release 12.1.0.2.0 Production on Mer. Nov. 12 16:33:55 2014<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\"><\/code><\/div>\n<p>Copyright (c) 1982, 2014, Oracle. All rights reserved.<\/p>\n<p><code class=\"dbiCode\" style=\"padding: 0cm;\">Connect\u00da \u00d3 :<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\">Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\"><\/code><\/p>\n<p>SQL&gt; select * from psi.emp;<code class=\"dbiCode\" style=\"padding: 0cm;\"><\/code><\/p>\n<p>&#8216;YOUDONOTHAVEACCESSTOTHISTABLE&#8217;<br \/>\n<code class=\"dbiCode\" style=\"padding: 0cm;\">------------------------------------<br \/>\n<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\">You do not have access to this table<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\"><\/code><\/p>\n<p>SQL&gt; select * from psi.credit_card;<code class=\"dbiCode\" style=\"padding: 0cm;\">'<\/code><\/p>\n<p>YOURPROFILEDOESNOTALLOWACCESSTOTHISSTATEMENT&#8217;<br \/>\n<code class=\"dbiCode\" style=\"padding: 0cm;\">----------------------------------------------------<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\"><br \/>\nYour profile does not allow access to this statement<\/code><\/p>\n<p><code class=\"dbiCode\" style=\"padding: 0cm;\">SQL&gt; select * from psi.test;<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\"><\/code><\/p>\n<p>NAME<code class=\"dbiCode\" style=\"padding: 0cm;\"><br \/>\n----------<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\"><br \/>\nhello<\/code><\/p>\n<p class=\"Standard\"><span style=\"font-size: 10pt; font-family: 'Courier 10 Pitch';\">\u00a0<\/span><\/p>\n<div style=\"border: 1pt solid windowtext; padding: 1pt 4pt;\"><code class=\"dbiCode\" style=\"padding: 0cm;\">C:Usersadministrateur&gt;sqlplus <a href=\"mailto:psi\/psi@souk\">psi\/psi@souk<br \/>\n<\/a><\/code><code class=\"dbiCode\" style=\"padding: 0cm;\">SQL*Plus: Release 12.1.0.2.0 Production on Mer. Nov. 12 16:35:35 2014<\/code><\/div>\n<p><code class=\"dbiCode\" style=\"padding: 0cm;\">Copyright (c) 1982, 2014, Oracle. All rights reserved.<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\"><\/code><\/p>\n<p>Connect\u00da \u00d3 :<code class=\"dbiCode\" style=\"padding: 0cm;\">Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production<\/code><\/p>\n<p><code class=\"dbiCode\" style=\"padding: 0cm;\">SQL&gt; select * from psi.emp;<\/code><\/p>\n<p><code class=\"dbiCode\" style=\"padding: 0cm;\">'YOUDONOTHAVEACCESSTOTHISTABLE'<br \/>\n<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\">------------------------------------<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\"><br \/>\nYou do not have access to this table<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\"><\/code><\/p>\n<p>SQL&gt; select * from psi.credit_card;<code class=\"dbiCode\" style=\"padding: 0cm;\"><\/code><\/p>\n<p>NAME\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ID<br \/>\n<code class=\"dbiCode\" style=\"padding: 0cm;\">---------- ----------<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\"><br \/>\nLarry\u00a0\u00a0\u00a0\u00a0 4,8960E+15<br \/>\n<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\">John\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 7,8623E+15<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\"><\/code><\/p>\n<p>SQL&gt; select * from psi.test;<\/p>\n<p><code class=\"dbiCode\" style=\"padding: 0cm;\">NAME<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\"><br \/>\n----------<br \/>\n<\/code><code class=\"dbiCode\" style=\"padding: 0cm;\">hello<\/code><\/p>\n<p>&nbsp;<\/p>\n<p>This blog is not intended to be a comprehensive description of all AVDF policies functionnalities but I do hope that it provided you a good overview of some basic functionnalities.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The successful deployment of a Database Firewall depends on an effective policy. Oracle AVDF includes preconfigured firewall policies as described in the Firewall Policy page in the Policy tab of the Audit Vault Server console. These include policies that log all SQL statements, or log only unique SQL statements. In addition, the Database Firewall policy [&hellip;]<\/p>\n","protected":false},"author":10,"featured_media":4158,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[198],"tags":[404,318,96,405],"type_dbi":[],"class_list":["post-4157","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-database-management","tag-audit-vault","tag-database-vault","tag-oracle","tag-oracle-audit-vault-and-database-firewall"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Oracle AVDF - Database Firewall Policies - dbi Blog<\/title>\n<meta name=\"description\" content=\"The successful deployment of a Database Firewall depends on an effective policy. Oracle AVDF includes preconfigured firewall policies as described in the Firewall Policy page in the Policy tab of the Audit Vault Server console.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dbi-services.com\/blog\/avdf-database-firewall-policies\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Oracle AVDF - Database Firewall Policies\" \/>\n<meta property=\"og:description\" content=\"The successful deployment of a Database Firewall depends on an effective policy. Oracle AVDF includes preconfigured firewall policies as described in the Firewall Policy page in the Policy tab of the Audit Vault Server console.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.dbi-services.com\/blog\/avdf-database-firewall-policies\/\" \/>\n<meta property=\"og:site_name\" content=\"dbi Blog\" \/>\n<meta property=\"article:published_time\" content=\"2014-11-27T09:13:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/001_20141122-190809_1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"900\" \/>\n\t<meta property=\"og:image:height\" content=\"382\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Gr\u00e9gory Steulet\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Gr\u00e9gory Steulet\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/avdf-database-firewall-policies\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/avdf-database-firewall-policies\/\"},\"author\":{\"name\":\"Gr\u00e9gory Steulet\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/7609faada8e4d63e04a28ae29e227098\"},\"headline\":\"Oracle AVDF &#8211; Database Firewall Policies\",\"datePublished\":\"2014-11-27T09:13:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/avdf-database-firewall-policies\/\"},\"wordCount\":1850,\"commentCount\":0,\"image\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/avdf-database-firewall-policies\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/001_20141122-190809_1.png\",\"keywords\":[\"Audit Vault\",\"Database Vault\",\"Oracle\",\"Oracle Audit Vault and Database Firewall\"],\"articleSection\":[\"Database management\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.dbi-services.com\/blog\/avdf-database-firewall-policies\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/avdf-database-firewall-policies\/\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/avdf-database-firewall-policies\/\",\"name\":\"Oracle AVDF - Database Firewall Policies - dbi Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/avdf-database-firewall-policies\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/avdf-database-firewall-policies\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/001_20141122-190809_1.png\",\"datePublished\":\"2014-11-27T09:13:00+00:00\",\"author\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/7609faada8e4d63e04a28ae29e227098\"},\"description\":\"The successful deployment of a Database Firewall depends on an effective policy. Oracle AVDF includes preconfigured firewall policies as described in the Firewall Policy page in the Policy tab of the Audit Vault Server console.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/avdf-database-firewall-policies\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.dbi-services.com\/blog\/avdf-database-firewall-policies\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/avdf-database-firewall-policies\/#primaryimage\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/001_20141122-190809_1.png\",\"contentUrl\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/001_20141122-190809_1.png\",\"width\":900,\"height\":382},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/avdf-database-firewall-policies\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.dbi-services.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Oracle AVDF &#8211; Database Firewall Policies\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#website\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/\",\"name\":\"dbi Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/7609faada8e4d63e04a28ae29e227098\",\"name\":\"Gr\u00e9gory Steulet\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/e1531483285469fe17ea7a769ce5d8a8a01847185e4245d9c4d22c575c7c6d3e?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e1531483285469fe17ea7a769ce5d8a8a01847185e4245d9c4d22c575c7c6d3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e1531483285469fe17ea7a769ce5d8a8a01847185e4245d9c4d22c575c7c6d3e?s=96&d=mm&r=g\",\"caption\":\"Gr\u00e9gory Steulet\"},\"description\":\"Gr\u00e9gory Steulet has more than ten years of experience in database and infrastructure management, engineering, and optimization. He is specialized in Oracle technologies and high availability solutions (Oracle DataGuard, Data Replication Block Device). His expertise also includes Avaloq banking applications, as well as the open source field (MySQL, Unix\/Linux, etc.). Gr\u00e9gory Steulet is \\\"Oracle Certified Professional 10g\\\", \\\"MySQL Cluster 5.1 Certified\\\", and \\\"Avaloq Certified Professional 2.6\\\". Prior to joining dbi services, Gr\u00e9gory Steulet was Senior Consultant at Trivadis in Lausanne. He also worked as IT Administrator at Box Telecom in Miami Beach, Florida (USA). Gr\u00e9gory Steulet has an Executive MBA from the International Institute of Management in Technology, Fribourg (CH). He also holds a Bachelor's Degree in Business Administration and Computer Science from the University of Applied Sciences Western Switzerland. His branch-related experience covers Telecommunications, Financial Services \/ Banking, Logistics, Pharma etc.\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/author\/gregory-steulet\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Oracle AVDF - Database Firewall Policies - dbi Blog","description":"The successful deployment of a Database Firewall depends on an effective policy. Oracle AVDF includes preconfigured firewall policies as described in the Firewall Policy page in the Policy tab of the Audit Vault Server console.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.dbi-services.com\/blog\/avdf-database-firewall-policies\/","og_locale":"en_US","og_type":"article","og_title":"Oracle AVDF - Database Firewall Policies","og_description":"The successful deployment of a Database Firewall depends on an effective policy. Oracle AVDF includes preconfigured firewall policies as described in the Firewall Policy page in the Policy tab of the Audit Vault Server console.","og_url":"https:\/\/www.dbi-services.com\/blog\/avdf-database-firewall-policies\/","og_site_name":"dbi Blog","article_published_time":"2014-11-27T09:13:00+00:00","og_image":[{"width":900,"height":382,"url":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/001_20141122-190809_1.png","type":"image\/png"}],"author":"Gr\u00e9gory Steulet","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Gr\u00e9gory Steulet","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.dbi-services.com\/blog\/avdf-database-firewall-policies\/#article","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/avdf-database-firewall-policies\/"},"author":{"name":"Gr\u00e9gory Steulet","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/7609faada8e4d63e04a28ae29e227098"},"headline":"Oracle AVDF &#8211; Database Firewall Policies","datePublished":"2014-11-27T09:13:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/avdf-database-firewall-policies\/"},"wordCount":1850,"commentCount":0,"image":{"@id":"https:\/\/www.dbi-services.com\/blog\/avdf-database-firewall-policies\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/001_20141122-190809_1.png","keywords":["Audit Vault","Database Vault","Oracle","Oracle Audit Vault and Database Firewall"],"articleSection":["Database management"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.dbi-services.com\/blog\/avdf-database-firewall-policies\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.dbi-services.com\/blog\/avdf-database-firewall-policies\/","url":"https:\/\/www.dbi-services.com\/blog\/avdf-database-firewall-policies\/","name":"Oracle AVDF - Database Firewall Policies - dbi Blog","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/avdf-database-firewall-policies\/#primaryimage"},"image":{"@id":"https:\/\/www.dbi-services.com\/blog\/avdf-database-firewall-policies\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/001_20141122-190809_1.png","datePublished":"2014-11-27T09:13:00+00:00","author":{"@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/7609faada8e4d63e04a28ae29e227098"},"description":"The successful deployment of a Database Firewall depends on an effective policy. Oracle AVDF includes preconfigured firewall policies as described in the Firewall Policy page in the Policy tab of the Audit Vault Server console.","breadcrumb":{"@id":"https:\/\/www.dbi-services.com\/blog\/avdf-database-firewall-policies\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dbi-services.com\/blog\/avdf-database-firewall-policies\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.dbi-services.com\/blog\/avdf-database-firewall-policies\/#primaryimage","url":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/001_20141122-190809_1.png","contentUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/001_20141122-190809_1.png","width":900,"height":382},{"@type":"BreadcrumbList","@id":"https:\/\/www.dbi-services.com\/blog\/avdf-database-firewall-policies\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.dbi-services.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Oracle AVDF &#8211; Database Firewall Policies"}]},{"@type":"WebSite","@id":"https:\/\/www.dbi-services.com\/blog\/#website","url":"https:\/\/www.dbi-services.com\/blog\/","name":"dbi Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/7609faada8e4d63e04a28ae29e227098","name":"Gr\u00e9gory Steulet","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/e1531483285469fe17ea7a769ce5d8a8a01847185e4245d9c4d22c575c7c6d3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/e1531483285469fe17ea7a769ce5d8a8a01847185e4245d9c4d22c575c7c6d3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e1531483285469fe17ea7a769ce5d8a8a01847185e4245d9c4d22c575c7c6d3e?s=96&d=mm&r=g","caption":"Gr\u00e9gory Steulet"},"description":"Gr\u00e9gory Steulet has more than ten years of experience in database and infrastructure management, engineering, and optimization. He is specialized in Oracle technologies and high availability solutions (Oracle DataGuard, Data Replication Block Device). His expertise also includes Avaloq banking applications, as well as the open source field (MySQL, Unix\/Linux, etc.). Gr\u00e9gory Steulet is \"Oracle Certified Professional 10g\", \"MySQL Cluster 5.1 Certified\", and \"Avaloq Certified Professional 2.6\". Prior to joining dbi services, Gr\u00e9gory Steulet was Senior Consultant at Trivadis in Lausanne. He also worked as IT Administrator at Box Telecom in Miami Beach, Florida (USA). Gr\u00e9gory Steulet has an Executive MBA from the International Institute of Management in Technology, Fribourg (CH). He also holds a Bachelor's Degree in Business Administration and Computer Science from the University of Applied Sciences Western Switzerland. His branch-related experience covers Telecommunications, Financial Services \/ Banking, Logistics, Pharma etc.","url":"https:\/\/www.dbi-services.com\/blog\/author\/gregory-steulet\/"}]}},"_links":{"self":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/4157","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/comments?post=4157"}],"version-history":[{"count":0,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/4157\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/media\/4158"}],"wp:attachment":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/media?parent=4157"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/categories?post=4157"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/tags?post=4157"},{"taxonomy":"type","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/type_dbi?post=4157"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}