Oracle 10g 의새로운내부보안솔루션 Oracle Database Vault Eliminating all-powerful database users Building trust and meeting compliance Hyukjae Choi Technology Sales Consulting, Oracle Korea
Agenda Security Background Technical Background Database Vault: Overview Demonstration Summary
Security Background
직면한보안위기 Regulatory Compliance Stringent Auditing Separation of Duty Strong Data Access Controls Information Security Secure Information Sharing Protect against Database Attacks Privacy and Identity Theft Risk Management Compliance Enablement Consolidation Protect Personally Identifiable Information in the DB Protect against Insider Threat Server Consolidation Privacy Insider Threat
규제준수의무강화 /Compliance 기업의책임요구 증명가능한 audit trail 요구 기록보존의책임 규제준수감사와평가 비준수에대한법적 / 경제적인 penalty
Compliances Organizations today face a growing number of regulations that mandate the accuracy, protection and reliability of information
Compliance Mandates
Data Misuse Detection/Privacy Violations Insider threat Identity theft Industrial espionage Government espionage
컴퓨터보안에대한잘못된인식 Myth 보안 = Hacker 의통제? Fact Disgruntled employees and other insiders accounted for more than 70% of the cyber attacks year. 90% of major corporations detected security breaches 70% of corporations detected unauthorized access by insiders Source: 2004 Computer Security Institute and FBI Survey
The Insider Threat the Facts These These crimes crimes were were all all committed committed by by thieves thieves inside inside the the organization organization with with valid valid user user credentials. credentials.
한국의대표적인개인정보침해사례 개인정보침해사례 리니지게임 H 자동차 S 및 K 신용정보사 G 홈페이지제작사 관리체계부실로인한대량개인정보유출사건 G 홈페이지제작사관리체계부실로인한대량개인정보유출사건 대량명의도용사건 : 남의명의를도용하여게임작업장운영하다적발됨 개인정보를취급하는전직장에서근무하면서빼낸개인정보를범행에사용 서비스센터 ( 직영및업무협약 ) 에 IP 와비밀번호를부여해담당책임자없이직원아무나자사전산망에서고객의정보를조회할수있도록방치했던것으로드러났다. 최모씨는 H 자동차서비스센터에근무하면서알게된 ID 와비밀번호를이용해 H 자동차전산망에접속하는방식으로 10 만여건의고객정보를쉽게빼냈다. 무자격자에게채권추심을위탁하면서이들이함부로신용정보를열람할수있도록방치했다. 이결과채무자등신용정보 10 만여건이유출됐다. G 홈페이지제작사김모이사의경우, 해당제작사가모방송국을포함해수백여개의기업홈페이지를제작, 관리하는업체로, 직원누구나각기업의관리자권한이있다는허점을악용했다. 이를통해김모씨는 1 만여명의고객정보를 400 만원을받고게임작업장운영자에게넘겼다. 국내초고속인터넷가입자의 60% 가넘는 771 만명의초고속인터넷가입자들의개인정보가정작서비스운영자들의관리체계부실로대량유출되는사건이발생해충격을줬다. 경찰은이번수사를계기로앞으로개인정보보호차원에서게임사의개인정보유출방지와대량의개인정보취급업체의정보유출방지대책을강구토록촉구한다는계획이다. * Source: 2006 http://news.naver.com/news/read.php?mode=lod&office_id=008&article_id=0000677086
SOX: Sarbanes-Oxley Act 2001 년엔론사사건을계기로 2002 년제정된미국기업회계개혁법 모든미증시상장기업을대상으로회계정보투명성확보와경영진의책임강조 내부통제시스템강화 / 내부고발자보호 / 회계법인겸업금지 CEO, CFO 인증제 : 민 / 형사상의책임 - 문제발생시구속강제규약에서명 연 80 억달러의추가지출발생 감사비용평균 30% 증가 영국계 HSBC : 2840 만달러 (2005 년 ) 영국계글락소스미스클라인 : 440 만달러 (2005 년 ) 프랑스계라파르주 : 1280 만달러 (2005 년 ) 더큰문제는관련비용지출이매년계속된다는것
SOX: 미증시상장국내기업적용대상 2006.7.15 부터자본금 7,500 만달러이상의미증시상장외국기업에도적용 뉴욕증권거래소 (NYSE) 국민은행, 신한금융지주, 우리금융지주 KT, SKT POSCO, 한전, LG필립스LCD 미국장외주식시장 (NASDAQ) 하나로텔레콤 미래산업, 웹젠등 ( 규모가작아서제외 )
국내관련법안 규제명칭관련내용규제기관 전자서명법전자거래기본법전자금융거래법 의료법금융감독원지도지침공인회계사법외부감사법증권관련집단소송법개인정보보호법 Basel II 전자서명발급시신원확인책임전자서명기록의보관, 보호책임전자거래이용자의보호책임전자거래정보보관책임 진료기록부를전자서명법에의거전자문서화환자명부 (5년), 진료기록부 (10년) 등의무기록을일정기간보관의무 증권회사업무관련이메일, 메신저 3년의무보관 Sarbanes-Oxley Act 302조, 404조관련법안 * 302 조 : CEO, CFO의재무보고서서명규정 * 404 조 : 감사인이내부통제프로세스에대해인증 / 날인온라인프라이버시보호법 은행신자기자본에관한협약 정보통신부 산업자원부 보건복지부 금융감독원 현재입법청원중 국제결제은행 (BIS )
Where s the Solution? Perfection Employee Education Corporate Policy Technology Time
Technical Background
Oracle 10g Database Security Solutions Product/Solution Area Authentication Data Protection Auditing Access Control Feature Strong Authentication Network Encryption Transparent Data Encryption Encryption API Secure Backup Fine Grained Auditing Audit Vault Virtual Private Database Label Security Database Vault Description 오라클의인증방식대신 3rd Party 표준인증서비스를사용가능토록함 클라이언트와 DB 서버간의모든네트워크통신패킷을암호화 사용자 SQL 에투명하게 (SQL 수정이필요없음 ), 커널에서자동으로특정컬럼을암호화하여저장하고, 필요시복호화함 테이블데이터를암호화할수있도록하는 API 의제공 테이프전용백업관리툴, 모든데이터를암호화하여백업관리 사용자가원하는특정컬럼에대해서조건에맞는경우에만 Auditing 함으로써 DB 의부하를최소화해주는 auditing 기능 여러 DB 또는 Auditing Tool 에분산되어있는 Audit 정보통합관리 / 분석. 행단위의접근제어 접속한세션의환경및권한에따라자신에게맞는레코드만이보여지도록한다. 각사용자는동일한테이블이라도자신에게허가된정보만볼수있다 VPD 를이용해개발된옵션제품으로, 테이블의각행에대해서다중레벨접근제어를할수있도록해준다. 해당테이블에는 LABEL 컬럼이추가된다 단일 DB 안에서업무별로독립적인데이터베이스를구성 / 각업무별별도의관리자에의해서관리되도록해준다. 또한, 조건에따라특정명령의실행권한을제어할수있게해주는내부보안솔루션 * Oracle DB Security 제품군 :1. ASO(Advanced Security Option) 2. OLS(Oracle Label Security) Option 3. Database/Audit Vault 4. Oracle Secure Backup Oracle ASO(Advanced Security Option) 에속하는 features 별도의라이센스제품들 E E 라이센스에포함
Oracle 10g DB Security Solutions Product/Solution Enterprise Edition 의 default 기능 Encryption API Fine Grained Auditing Virtual Private Database 별도 license 제품 ASO(Advanced Security Option) Strong Authentication Network Encryption TDE(Transparent Data Encryption) OLS(Oracle Label Security) Option Database Vault & Audit Vault Oracle Secure Backup
Competitive Comparison No other commercially available alternative Technology Oracle Microsoft IBM Define and Enforce Realm Protections Database Vault No No Prevent Access by Powerful Users Database Vault No No Multi-factor Authorization Database Vault No No SQL Command Rules Database Vault No No
3 rd party 제품의분류 Type Access Control Auditing Data Encryption Sniffing Type Gateway Type Agent Type Features Use Mirroring network port No stress on DB Impossible cut off in advance Possible to loss packet Use Gateway Server No stress on DB Possible cut off in advance based on policy Check all packet to DB Server(TCP) Need to failover Gateway Server Installed DB Server Possible cut off in advance based on policy Installed DB Server Encrypt data Product
내부보안은? Access Control Auditing DB Encryption IDM LDAP Database Authorization Realms Rules/Factors VS VPD/OLS No Competitor!!!! 외부침입의방지및 Data 의 encryption 만가능 내부보안이가능한유일한솔루션 : DB Kernel 의기능으로서타솔루션에서는절대구현불가
Database Vault: Overview
Database Vault 구성요소 비즈니스데이터변경및관리작업에대한감시및보고서작성 Reports 비즈니스에따른데이터를 Realm 별로완벽하게분리해주고별도의관리체계를지원 Realms Multi Factor Authorization 정당한사용자세션이라도접속환경의다양한인자들을통한실시간접근제어가능 - 특정 IP로의접속만허용 - 지정된시간에만접근허용 Command Rules 모든 DB 관리명령어에대해룰을적용함으로써, 불필요한명령어및권한오용을미연에방지 - 서비스시간에는 DROP TABLE 불허 - 백업은밤 10시부터새벽 6까지만허용 - 테이블스페이스변경에대한권한은 SYS에게만허용 Separation of Duty 시스템관리자와업무데이터관리자의완벽한분리를통한내부보안을강화
New Concept for Powerful Security Realms make it easy to restrict users with powerful DBA privileges to specified application schemas Separation of Duty -Easy to create an HR dba or Financials dba Factors extend access beyond User and Role based Access Rules control database access based on factors in the environment - Control access based on time of day, IP address, location
Factor Network Domain A Firewall Domain = Network A when: DB Hostname in (DB-1, DB-2) and DB Host IP in (138.1.127.90, 138.1.127.91) and DB Instance in (CMD05, CNTL06) Network Domain B Firewall Domain = Network B when: DB Hostname in (DB-1, DB-2) and DB Host IP in (129.1.150.80, 129.1.150.81) and DB Instance in (SHIP8, SHORE7) Multi-factored Approach
Rules & Factors Financials Rule 1: Fin. App from office= All Privileges Rule 2: Off hours = Read, Insert OE Rule 3: Less secure connectivity = Read Only GL Rules enforce access based on factors Factors can be anything Rules validate all factors before allowing access
Command Rules Restrict use of DDL Commands On specific or all objects Based on Rule Set conditions Audit/alert and report on violations via Audit Vault Advantages/Potential Usage Separation of Duties (e.g. DBA cannot manage users. Restrict CREATE USER, ALTER USER commands) Implement Business Procedures (e.g. Cannot issue DDL commands against the operational tables during business hours)
Building Trust and Meeting Compliance Financials Realm HR Realm DBA DBA Other Applications Realm DBA OE GL PER BEN OLTP OLAP Separation In Control Power user(dba?) 의권한제거 Adaptable Multi-Factor Security multiple factor에의한접속제한 Realms, command rules, predefined schedule등에의한 Resource access의제한 Protected Schema SYS, DV, Audit Hardened Database Server
Defense in Depth using Data Vault Database Authorizations Realms Rules/Factors VPD/OLS Database Authorizations Database Privileges Grant roles/privileges to users/roles DATA VAULT Realms Restrict system privileges to specific users/roles for specific schemas/objects (realms) Control realm and role authorizations DATA VAULT Rules/Factors Further restrict authorized actions based on rules Factors expose security attributes, building blocks VPD/OLS Further restrict access at the record level
Audit Vault Specialized Warehouse for Audit Data Enterprise Audit Sources Oracle Database 9i R2 Customer Reports (custom) 3 rd Party Audit Sources Oracle App Svr Oracle Applications Oracle Database 10g R2 WHO WHAT WHEN WHERE Oracle Audit Vault Reporting Oracle Database 10g R1 HOW
Benefit Insider threat Regulatory compliance Separation of duty Prevent powerful application users from abusing their privileges
효율의극대화사례 두회사의데이터가공존하는경우 LG 필립스 LCD 삼성 / 소니 LCD 협력업체들과데이터공유 카드사및은행들 (HSBC) 미국및유럽과사용자정보공유 항공회사들
Demonstration
Summary 내부보안을위한완벽한솔루션 단일 DB를업무별로독립적인데이터베이스로구축 분리된업무별로별도의관리자생성 (Separation of Duty) 기존의어떤솔루션도 Database의내부보안을해결하지못함 Consolidation Compliance Trusted Information Sharing Customized Control of data access conditions Protection From Insider Threat
Q U E S T I O N S A N S W E R S