Contents

List of Examples

List of Figures

List of Tables

Title and Copyright Information

Preface

• Audience
• Documentation Accessibility
• Related Documents
• Conventions

1 Introducing Oracle Database Firewall

• Downloading the Latest Version of This Manual
• Oracle Database Firewall System Architecture
  • About the Oracle Database Firewall System Architecture
  • High-Availability Resilient Pairs
  • Ways to Connect Oracle Database Firewall to a Database Network
  • Integrating Oracle Database Firewall with Third-Party Products
• Using the Oracle Database Firewall Administration Console
  • About the Oracle Database Firewall Administration Console
  • Which Administration Console Should I Use?
    • Tasks Performed in a Standalone Database Firewall Administration Console
    • Tasks Performed in a Managed Database Firewall Administration Console
    • Tasks Performed in a Management Server
  • Logging in to the Administration Console
  • Administration Console Tabs

2 Configuring an Oracle Database Firewall

• About Configuring an Oracle Database Firewall
• Step 1: Set the Standalone Database Firewall Date and Time
• Step 2: Specify the Management Server NTP Time Server
• Step 3: Specify the Standalone Database Firewall System Settings
• Step 4: Enable Secure Log Access in the Standalone Database Firewall
• Step 5: Configure the Standalone Database Firewall Syslog Destinations
• Step 6: Configure the Standalone Database Firewall Enforcement Points
• Step 7: Configure the Standalone Database Firewall Bridge IP Address
• Step 8: Test the Standalone Database Firewall System Operation
• What's Next?

3 Configuring a Database Firewall Management Server

• About Configuring an Oracle Database Firewall Management Server-Based System
• Step 1: Perform Initial Tasks for Each Database Firewall Management Server
  • Step 1A: Specify the Management Server System Settings
  • Step 1B: Enable Secure Log Access
  • Step 1C: Set the Database Firewall Management Server Date and Time
  • Step 1D: Specify the Management Server NTP Time Server
  • Step 1E: Configure the Management Server Syslog Destinations
• Step 2: Perform Tasks for Each Oracle Database Firewall
  • Step 2A: Configure the Database Firewall System and Time Settings
  • Step 2B: Enter the Database Firewall Management Server Certificate and IP Address
• Step 3: Complete the Final Database Firewall Management Server Tasks
  • Step 3A: Specify Management Server Partner Settings (Resilient Pair Only)
  • Step 3B: Add Each Oracle Database Firewall to the Management Server
  • Step 3C: Define Resilient Pairs of Oracle Database Firewalls
• Step 4: Configure the Management Server Enforcement Points
• Step 5: Test the Management Server System Operation
• What's Next?

4 Configuring Oracle Database Firewall for High Availability

• About Using High Availability with Oracle Database Firewall
  • How Does High Availability Work with the Oracle Database Firewall Components?
  • Incorporating Resilient Pairs of Oracle Database Firewall Management Servers
  • Adding Paired Enforcement Points
  • Network Communication for the Resilient Pairs
• Configuring a Resilient Pair of Oracle Database Firewall Management Servers
  • Procedure for Configuring a Pair of Resilient Database Firewall Management Servers
  • Swapping the Primary and Secondary Database Firewall Management Servers
• Configuring a Resilient Pair of Oracle Database Firewalls
  • Procedure for Configuring a Pair of Oracle Database Firewalls
  • Swapping the Primary and Secondary Oracle Database Firewalls
• Pairing Enforcement Points
• Archiving Data
• Updating the Oracle Database Firewall Software in Resilient Pairs

5 Configuring Stored Procedure Auditing

• About Auditing Stored Procedures
• Setting User Permissions for Stored Procedure Auditing
  • Setting Stored Procedure Auditing User Permissions on Oracle Databases
  • Setting Stored Procedure Auditing User Permissions for SQL Server Databases
  • Setting Stored Procedure Auditing User Permissions for Sybase ASE Databases
  • Setting Stored Procedure Auditing User Permissions for Sybase SQL Anywhere Databases
    • Installing the Sybase SQL Anywhere ODBC Driver for Linux
    • Setting Stored Procedure Auditing User Permissions
  • Setting Stored Procedure Auditing User Permissions for IBM DB2 SQL Databases
• Enabling Stored Procedure Auditing on the Database Firewall
• Disabling Stored Procedure Auditing

6 Configuring and Using Role Auditing

• About Auditing User Roles
• Setting User Permissions for User Role Auditing
  • Setting User Role Auditing User Permissions for Oracle Databases
  • Setting User Role Auditing User Permissions for SQL Server Databases
  • Setting User Role Auditing User Permissions for Sybase ASE Databases
  • Setting User Role Auditing User Permissions for Sybase SQL Anywhere Databases
    • Installing the Sybase SQL Anywhere ODBC Driver for Linux
    • Setting User Role Auditing User Permissions
  • Setting User Role Auditing Permissions for IBM DB2 SQL Databases
• Enabling User Role Auditing on the Database Firewall
• Disabling User Role Auditing

7 Configuring and Using Local Monitoring

• About Local Monitoring
• Installing Local Monitoring
  • Accessing the Scripts Required to Install Local Monitoring
  • Database Accounts Created for Local Monitoring
  • Installing Local Monitoring in an Oracle Database
  • Installing Local Monitoring in a Microsoft SQL Server Database
  • Installing Local Monitoring in a Sybase ASE Database
• Enabling Local Monitoring
• Disabling Local Monitoring

8 Configuring and Using Remote Monitoring

• About Remote Monitoring
• Installing and Enabling Remote Monitoring
  • Step 1: Configure the Remote Monitor in the Administration Console
  • Step 2: Access and Run the remote-agent Remote Monitor Script
  • Step 3: Ensure That the Remote Monitor Is Active
• Disabling Remote Monitoring

9 Configuring and Using Direct Database Interrogation

• About Direct Database Interrogation
• Setting User Permissions for Direct Database Interrogation
  • Setting Direct Database Interrogation User Permissions in a SQL Server Database
  • Setting Direct Database Interrogation User Permissions in a Sybase SQL Anywhere Database
• Enabling Direct Database Interrogation
• Disabling Direct Database Interrogation

10 Configuring and Using Database Response Monitoring

• About Database Response Monitoring
• Configuring Database Response Monitoring
  • Enabling Database Response Monitoring
  • Setting Up Login and Logout Policies in the Oracle Database Firewall Analyzer

11 Using Oracle Database Firewall with BIG-IP ASM

• About the Integration of Oracle Database Firewall with BIG-IP ASM
• Key Benefits of Integrating Oracle Database Firewall with BIG-IP ASM
• How the Integration Works
• Deploying the Oracle Database Firewall-BIG-IP ASM Integration
  • About the Deployment
  • System Requirements
  • Configuring Oracle Database Firewall
  • Configuring BIG-IP ASM
    • Logging Profile
    • Policy Settings
  • Developing a BIG-IP ASM iRule
    • Required Syslog Message Format
    • Configuring syslog-ng.conf
• Presentation of Data in Oracle Database Firewall
  • Administration Console Dashboard
  • Viewing the Traffic Log Generated by BIG-IP ASM
    • Understanding the Attributes
  • Web Application Firewall (WAF) Reports

12 Using Oracle Database Firewall with ArcSight SIEM

• About the Integration of Oracle Database Firewall with ArcSight SIEM
• Enabling the Oracle Database Firewall-ArcSight SIEM Integration
• Oracle Database Firewall-ArcSight SIEM Syslog Mapping Tables
  • About the ArcSight SIEM Integration
  • DBFW:3 (Heartbeat)
  • DBFW:4 (Property Change)
  • DBFW:8 (Database Audit)
  • DBFW:9 (Statement Alert)
  • DBFW:10 (Statement Alert (WAF))
  • DBFW:11 (Login Alert)
  • DBFW:12 (Logout Alert)
  • DBFW:system (System Message (Operating System Alerts))

13 System Administration

• Using the Dashboard
• Configuring Oracle Database Firewalls
• Configuring Protected Databases
  • About Configuring Protected Databases
  • Configuring User Settings for Protected Databases
• Listing, Creating, and Configuring Enforcement Points
  • About Working with Enforcement Points
  • Managing Enforcement Points
  • Finding the Status of an Enforcement Point
  • Changing the Settings of an Enforcement Point
  • Configuring BIG-IP Application Security Manager Settings
• Configuring a Resilient Pair of Enforcement Points
• Configuring Traffic Sources
• Configuring the System
• Archiving Data
  • About Archiving Data
  • Defining Archiving Destinations
  • Creating an Archive Schedule
  • Starting an Archive Job Manually
  • Starting a Configuration Archive Job
  • Restoring an Archive
• Viewing the Logs
• Configuring Connectors to Third-Party Systems
• Configuring E-Mail Alerts for Third Party Connectors
  • Configuring the SMTP Server
  • Configuring E-Mail Recipients
  • Example E-Mail Alert Notification
• Configuring Users
  • About Configuring Users
  • Creating a New User Account
  • Creating Password Policies
• Viewing and Capturing Network Traffic in an Individual Database Firewall
  • Viewing Network Traffic
  • Capturing Network Traffic

A Oracle Database Firewall Security Guidelines

• General Security Recommendations
• Considerations for Deploying Network-Based Solutions
  • Handling Network Encryption
  • Handling Server-Side SQL and Context Configurations
• How Oracle Database Firewall Works with Various Database Access Paths
• Security Considerations for Special Configurations
  • Handling an Oracle Shared Server Configuration and Dispatchers
  • How TCP Invited Nodes Are Affected by Client IP Addresses
  • Additional Behavior to be Aware Of

B Oracle Database Firewall Database Schema

• About the Oracle Database Firewall Schema
• Summary Tables
  • About the Summary Tables
  • applied_baselines Table
  • database_user_addresses Table
  • database_users Table
  • dictionary Table
  • protected_database_addresses Table
  • protected_databases Table
  • sources Table
  • summary_clusters Table
  • summary_records Table
  • summary_sessions Table
  • summary_statement_attributes Table
  • traffic_events Table
  • traffic_summaries View
  • Relationship Diagram of the Summary Tables
• Log Forensic Tables
  • About the Forensic Tables
  • traffic_log_queries Table
  • traffic_log_query_results Table
• Stored Procedure and User Role Audit Tables
  • About the Stored Procedure and User Role Audit Tables
  • doa_approved_edits Table
  • doa_approved_objects Table
  • doa_edit_comments Table
  • doa_edits Table
  • doa_pending_approvals Table
  • doa_tag_definitions Table

C Syslog Message Format

• About Syslog Messages
• Message Format
  • Message ID = 1 (General Messages)
  • Message ID = 3 (Heartbeat)
  • Message ID = 4 (Property Change)
  • Message ID = 8 (Database Audit Summary)
  • Message ID = 9 (Statement Alerts)
  • Message ID = 10 (F5 BIG-IP ASM Alerts)
  • Message ID = 11 (Login Alert)
  • Message ID = 12 (Logout Alert)

D Traffic Log Attributes

• Transaction Status
• Performance
• Context
• Attributes (F5)

Glossary

Index