|Oracle® Database Firewall Administration Guide
Part Number E18695-08
|PDF · Mobi · ePub|
This chapter contains:
See Also:Oracle Database Firewall Security Management Guide for information about viewing the traffic log for direct database response monitoring
Enabling the Database Response Monitoring feature in the Administration Console allows Oracle Database Firewall to record responses that the protected database makes to login requests, logout requests and SQL statements sent from database clients, as shown in Figure 10-1. This feature allows you to determine whether the database executed logins, logouts and statements successfully, and can provide useful information for audit and forensic purposes.
Figure 10-1 illustrates the process flow of database response monitoring.
You can view database responses by opening the traffic log in the normal way.
You can configure the Analyzer to log database user logins and/or logouts by using the Tools, Login/Logout Policy dialog box. You can also use the dialog to configure the system to produce an alert when a database user logs in or out, and block database users who make a specified number of unsuccessful logins attempts.
The information recorded in the traffic log includes the response interpreted by Oracle Database Firewall (such as "statement fail"), the detailed status information from the database, and the database response text (which may be displayed at the database client).
This section contains:
To enable database response handling:
Log in to the Management Server Administration Console.
See "Logging in to the Administration Console" for more information.
Select the Monitoring tab.
Click List in the Enforcement Points menu.
Click the Settings button of the enforcement point that is being used to monitor the database.
The Monitoring Settings page appears.
Select Activate Database Response Monitoring.
If you also select Full error message annotation, any detailed response text messages generated by the database are also logged.
Click Save to save the changes.
To configure the login and logout policies:
Start and log in to the Analyzer.
Select Login/Logout Policy from the Tools menu.
The following dialog box appears:
Configure the settings in the dialog. The dialog contains the following three sections:
Login Policy: Specify the action level and threat severity to use for successful or unsuccessful database user logins, and whether to log logins.
Failed Login Policy: You can use this section to block a client or generate an alert after a specified number of consecutive unsuccessful logins (an "alert" being a "warn" action level). If triggered, login blocking continues for the specified Reset period; after this period, the database client can attempt to log in again.
Logout Policy: Specify the action level and threat severity to use for database user logouts, and whether to log logouts.
Generate the baseline policy and deploy it onto the Oracle Database Firewalls in the normal way.
See Oracle Database Firewall Security Management Guide for more information about generating and deploying a baseline policy.