10 Configuring and Using Database Response Monitoring

This chapter contains:

See Also:

Oracle Database Firewall Security Management Guide for information about viewing the traffic log for direct database response monitoring

About Database Response Monitoring

Enabling the Database Response Monitoring feature in the Administration Console allows Oracle Database Firewall to record responses that the protected database makes to login requests, logout requests and SQL statements sent from database clients, as shown in Figure 10-1. This feature allows you to determine whether the database executed logins, logouts and statements successfully, and can provide useful information for audit and forensic purposes.

Figure 10-1 illustrates the process flow of database response monitoring.

Figure 10-1 Database Response Monitoring

Description of Figure 10-1 follows
Description of "Figure 10-1 Database Response Monitoring"

You can view database responses by opening the traffic log in the normal way.

Database Response Monitoring records database responses for all SQL statements, logins and logouts that are logged by the policy, as configured using the Analyzer software.

You can configure the Analyzer to log database user logins and/or logouts by using the Tools, Login/Logout Policy dialog box. You can also use the dialog to configure the system to produce an alert when a database user logs in or out, and block database users who make a specified number of unsuccessful logins attempts.

The information recorded in the traffic log includes the response interpreted by Oracle Database Firewall (such as "statement fail"), the detailed status information from the database, and the database response text (which may be displayed at the database client).

Configuring Database Response Monitoring

This section contains:

Enabling Database Response Monitoring

To enable database response handling:

  1. Log in to the Management Server Administration Console.

    See "Logging in to the Administration Console" for more information.

  2. Select the Monitoring tab.

  3. Click List in the Enforcement Points menu.

  4. Click the Settings button of the enforcement point that is being used to monitor the database.

    The Monitoring Settings page appears.

  5. Select Activate Database Response Monitoring.

    If you also select Full error message annotation, any detailed response text messages generated by the database are also logged.

    Description of image083.gif follows
    Description of the illustration image083.gif

  6. Click Save to save the changes.

Setting Up Login and Logout Policies in the Oracle Database Firewall Analyzer

The login and logout policies are stored in the Oracle Database Firewall and must be configured using the Oracle Database Firewall Analyzer software.

To configure the login and logout policies:

  1. Start and log in to the Analyzer.

  2. Select Login/Logout Policy from the Tools menu.

    The following dialog box appears:

    Description of image085.jpg follows
    Description of the illustration image085.jpg

  3. Configure the settings in the dialog. The dialog contains the following three sections:

    • Login Policy: Specify the action level and threat severity to use for successful or unsuccessful database user logins, and whether to log logins.

    • Failed Login Policy: You can use this section to block a client or generate an alert after a specified number of consecutive unsuccessful logins (an "alert" being a "warn" action level). If triggered, login blocking continues for the specified Reset period; after this period, the database client can attempt to log in again.

    • Logout Policy: Specify the action level and threat severity to use for database user logouts, and whether to log logouts.

  4. Generate the baseline policy and deploy it onto the Oracle Database Firewalls in the normal way.

    See Oracle Database Firewall Security Management Guide for more information about generating and deploying a baseline policy.