Oracle Openworld Directory Index
E-business Architecture
Web server
Client
Application/Web Server
The Web Server will act as a client to the database and will have database software installed on it.
The Web Server will contain information about the database server that can be used to exploit the database resource.
Firewall Technology
The firewall can be comprised of software and/or hardware.
It can be placed in front of a company’s web server and/or between the web server and the database server.
Can be used to prevent public internet traffic from entering into a private network.
It can also be used to isolate servers from one another that are on the same network or from a non-secure network.
Firewall Technology
Lock down the ports on the server.
Network traffic can be restricted.
Ease of administration and alarms are key features.
The E-business Database Should Be ‘Hardened’
Do not allow development in a production database.
Physically secure the development database.
Keep the software up to date and patched.
The E-business Database Should Be ‘Hardened’
Use file system security to protect the DBMS software and data files
Turn off all operating system functionality/services that are not needed (email, print) on the database server
The E-business Database Should Be ‘Hardened’
Turn on O/S level auditing and review the audit log daily.
Turn on database level auditing and review log daily.
Secure the backup of the database to prevent it from being stolen.
The E-business Database Should Be ‘Hardened’
Remove non-essential users and enforce password management.
Change the default passwords on accounts.
The E-business Database Should Be ‘Hardened’
Virtual private database (VPD) enables fine-grained access control by associating one or more security policies with a table or view.
The security policy function will return a predicate (where clause) that will be appended to any SQL statement that will access a table that belongs to the VPD.
The E-business Should Be ‘Hardened’
Virtual private database.
Attach security policies at the table or view level, allows for easy integration to existing systems.
One to many policies per table.
Different policies for different type of accesses (SELECT,UPDATE..).
Firewall Types Screening Router
Will enforce rules at the data packet level on a network.
It will inspect the packet header of the network data packet to determine if the data packet is valid.
Can be used to block traffic from a specific network to isolate one network from another.
Can block ports at the application software level I.E. FTP protocol, telnet.
Firewall Types Proxy Gateway
Screens all commands from the internet.
Allows only the commands that have been defined.
Allows the internet application to think it has connected to the company’s application.
Firewall Types Guard Type
Contains all of the features of a proxy firewall.
Adds the feature adding rules that can be computable for a given activity.
The rules can be complex and prone to human error.
Firewall Best Practice
Use SQL*net proxies for inbound traffic.
Only allow outbound traffic through the firewall, if not using proxies.
Separate the internet database and the companies normal network.
Firewall Best Practice (Cont.)
Use firewalls as border crossing to separate the internet database and the company’s normal network.
Review the firewall log to determine if any inappropriate activity has occurred.
RMAN Architecture
It has the ability to execute.
Oracle commands
Operating system commands
Interface with third party backup software
Log all of its activities into a catalog
Scale by using multiple channels for multiple backup devices
RMAN Architecture
The backup hardware.
Could be a tape library.
A single tape unit.
Group of disks that have been allocated for disk backup.
The control file has also been modified to contain more information about the backup and recovery activities of the database.
RMAN Architecture
RMAN Architecture Set up
RMAN Architecture Scripts
RMAN Architecture Scripts, to Backup Database
RMAN Architecture Scripts, to Offline Backup
RMAN Architecture Script to Backup Archive Log
RMAN Architecture Special Commands
RMAN Architecture Special Commands
RMAN Architecture Special Commands
RMAN Architecture Image Copy Backup
RMAN Architecture Image Copy Backup Script
RMAN Architecture Recover Database
Recover Database Until logseq
Recover Database Until Time
Summary