Comparison between security features of Oracle and DBCoffer

Advantages and disadvantages of the security product OracleDatabaseVault1, can prevent privileged users such as DBA 2. Internal Implementation of Oracle, no need to change the application, flexible installation 3,

Advantages and disadvantages of Security Products: Oracle Database Vault 1. Privileged users such as DBA can be protected; 2. Internal Implementation of Oracle; No changes to applications; flexible installation; 3,

Security Products

Advantages

Disadvantages

Oracle Database Vault

1. Privileged users such as DBAs can be protected

2. Internal Implementation of Oracle, no need to change the application, and flexible installation

3. Good control over who, when, and where applications can be accessed,

1. Oracle version requirements

2. Complicated new permission system

3. DBA will lose database-related image maintenance and management capabilities

4. No official stable version has been released

5. Performance Considerations

Transparent Data Encryption (TDE)

1. Data Encryption in storage

2. full and transparent access from upper-layer applications

1. A single function that must be used with other security policies

Oracle Label Security

1. Implement row-level access control of data

2. graphic configuration tools

1. DBAs cannot access data.

2. During installation, the data database instance must be stopped.

3. High Data logic requirements and inflexible implementation

Virtual Private Database (VPD)

1. Implement row-level access control for data, and implement logic dependency on data (that is, data filtering conditions must be available)

2. inflexible implementation, generally used in combination with other security policies

3. It is not convenient for large-scale deployment.

1. DBAs cannot access sensitive data.

Secure Application role

Bind the database access control policy to the role, which must be supported by VPD.

1. DBAs cannot access sensitive data.

Fine-grained Audit

1. Implement Audit on specific conditions, such as specific time, IP address, column, and value

2. This audit is implemented within Oracle without modifying the application.

1. DBAs cannot access sensitive data.

DBCoffer security reinforcement

1. Data Storage Encryption

2. Provide access audit for sensitive data

3. effectively prevents access to sensitive data by DBA and other privileged users

4. Data Access Control over specific IP addresses and time

5. read/write control of sensitive data

6. Provides interface logic control for ease of use

7. Transparent to common Oracle Application Development Interfaces

1. Currently, row-level access control is not supported

2. A large number of tests are required to verify the transparency of Oracle Applications.

3. Many external extensions and complex overall logic

4. Currently, only field-level data protection is provided, which has a significant impact on performance when applied in a large scale.

5. The stability of the software needs to be improved due to changes in requirements and major software changes

The above is a summary of my personal practice. If you have any guidance or ideas, please feel free to send me a letter.

Fnxjiabo@foxmail.com