Oracle AVDF Configuration

Next: Oracle Audit and Database Firewall (AVDF) Introduction

Oracle AVDF Installation

Application experiment of ORACLEAVDF in 1.HIS

Next, we use the configuration to demonstrate a case of Oracle AVDF to his, first after completing the previous basic configuration, once again logged in as an auditor Auditvault server can see the entire interface has a significant change in the main console interface. As shown: the "Report" and "strategy" tabs appear in the main Control tab, which is divided into the most recently generated alarms, the top 5 protected targets by the warning, the recently failed logins, the proof operation four sections, which basically shows the current production environment profile. You can also get more detailed reports on firewall alerts and audits from the report. But this requires auditors to define the audit and firewall policies beforehand.

Oracle AVDF Main Console interface

You can see that under the "Policies" tab of the console, there are audit settings and firewall policies in the classification of the policy. The setting of the policy is simple, but all policies need to be tailored to specific applications, but this is often a complex matter. So here only the audit and firewall policies assume two simple requirements to set:

1. Audit the insertion operation of the outpatient expense record form in his;

2, the firewall to Zl_parameters_update call operation interception.

1.1. Audit configuration

For the two small requirements that are assumed above, first select the Audit Settings menu under the Policies tab. Then select the target that needs to be implemented in the protected target list. When selected, it automatically jumps to the page associated with the target audit setting, which shows an overview of the current target audit setup, such as whether to audit the SYS user, how many statements, or what is being audited. Of course, the specific information needs to be carried out in the specific classification to see.

Configuring audits for outpatient expense records (i)

The current Audit Settings Overview page. Since we are going to audit the insertion of the outpatient Fermat record table, select the category "Object" here. Of course, according to the requirements of different, here you can choose the statement of Audit, authority audit or fine-grained audit and so on.

Configure audit for outpatient expense record form (ii)

On the Audit Settings page of the image (Object), click "Create", then fill in the image information that needs to be audited and save it after completion. Depending on the requirements, the audit is required here for the type is the table, the image name is zlhis. Outpatient expense records, the operation that needs to be audited is insert.

To configure an audit of the outpatient expense record form (iii)

The audit policy appears on the audit Settings page for the Object after creation is complete. The function button on the right allows you to set whether the selected policy is enabled on this page.

Configuring audits for Outpatient expense Records (IV)

Such an audit policy for the insertion of outpatient expense record sheets is set to complete. Other types of audit policy settings are similar, but differ when the audit information is filled out.

1.2. Firewall configuration

Next, set up a firewall to invoke the interception policy on the stored procedure. Select the Firewall Policy menu and click Create Policy. Here you need to determine the type of application database, the name of the policy, and so on. Someone may have some questions here, how to create a strategy like this? Does the policy know which of the stored procedures I want to intercept? People who may not have been exposed to the firewall will have a similar question here, in fact, under the firewall policy, there is a concept called rules, which really works in the rules defined in the policy.

Configuring firewalls for the zl_parameters_update process (i)

Determines that a policy is automatically redirected to a page that defines a rule after it is created. Since our requirement is to intercept zl_parameters_update this stored procedure, the rules defined on the page need to be selected to set the rules for SQL analysis. The firewall has recorded the usual SQL in our program because it has previously been used to connect to the target database using the Zlhis program. Here, in the main report, find the SQL statement that needs to be intercepted, then select the Settings policy on the right, and in the Popup Settings Control Policy dialog box, specify the block SQL statement and the logging level and threat severity information.

Configuring firewalls for the Zl_parameters_update process (ii)

Sets the control policy. The set action is block, logging is one time, and the threat severity is medium. This is only a rule for the needs of the front, so we need to understand the application requirements when we actually make the rules. After the rule is set up, you also need to publish the policy you just defined on the right side of the policy definition Master interface.

Configuring firewalls for the Zl_parameters_update process (iii)

Once the above steps are complete, you can apply the defined policies to the security goals. At this point, under the Firewall Policy main menu, you can see which policies are currently defined and which policies have been applied to the security target database (the new definition has not been applied when the status is no in the deployment time bar, whereas the state Yes is applied).

Configuring firewalls for the Zl_parameters_update process (iv)

Jump to the Target menu page under the Protected Targets tab, select the target you want to protect by applying a firewall policy, select the policy you just defined above and save it in the firewall policy bar. At the same time, the audit policy, stored procedure audit, user authorization and so on can be set up on this page.

Configuring firewalls for the Zl_parameters_update process (v)

Finally, after all the policies, rules have been defined and the application is specified, take a look at the report, which is what each auditor cares most about. The purpose of deploying Oracle Audit Vault and Database Firewall is to protect security objectives, to alert potential security threats, and to mitigate security risks in a realistic and effective way.

A significant amount of reports have been built into the Oracle Audit Vault and Databasefirewall to meet the needs of most audit efforts. and Oracleaudit Vault and Database Firewall also supports custom reports that can be customized by modifying the report templates they provide to achieve some special requirements. The following is the report console page:

Oracle AVDF Main Press Interface (VI)

Among them, according to the requirements of the different reports of the format, content, presentation form, etc. are more, this article can not be enumerated.

1.3. Effect Display

The following is an example of a report generated by only two policies that were set up to meet hypothetical requirements in the previous article. In order to generate data, we need to first run the Zlhis application to trigger the insertion of the outpatient expense record table and call Zl_parameters_update the operation of this stored procedure.

Because it is a hypothetical requirement, the parameter is set in the outpatient fee module of the ZLHSI program, and the zl_parameters_update stored procedure is called when the operation is determined.

Zlhis software operation (i)

The procedure for inserting the outpatient expense record table is subsequently required, so the next step is to simulate an outpatient fee, which will insert data into the outpatient expense record table.

Zlhis software operation (ii)

Once you have completed the above, we can go to the report to see the corresponding report. As shown:

Oracle AVDF Report Lookup (i)

Click the blank page icon at the far left of the audit report report to get more detailed information, including what client, operating system process ID, SQL statement binding variable value, and so on.

Oracle AVDF Report Lookup (ii)

The firewall policy calls the interception report on the zl_parameters_update stored procedure.

Oracle AVDF Report Lookup (iii)

In addition, you can specify to generate offline reports in PDF or XLS format, in addition to using a browser to view various reports online. Reports for the generated XLS format.

Oracle AVDF Report Lookup (iv)

The installation, configuration, and deployment of Oracle Auditvault and Database firewall can be slightly more complex than other Oracle products used in the past. But for the application of this product, it is more important to clarify the needs of the business, what needs to be audited, what needs to be blocked, what is just a warning, and so on. No matter how complex, the installation configuration is a fixed step, the number of use more familiar with, and the business needs are thousands of changes. Only a clear understanding of the business needs and a good strategy to make the Oracle Audit Vault and Database firewall better achieve the desired protection objectives.

Oracle AVDF Configuration