OCI OEM Installation – (Using Market Place Image)
Introduction Monitoring plays a major part in mission-critical environments. Most businesses depend on IT infrastructure. As the ... Read More
Découvrez pourquoi Eclipsys a été nommée 2023 Best Workplaces in Technology, Great Place to Work® Canada et Canada's Top 100 SME !
En savoir plus !
Data is the new currency. It is one of the most valuable organizational assets, however, if that data is not well protected, it can quickly become a liability. At an alarming rate, we are seeing more and more data breaches that impact an organization’s brand, their ability to continue to deliver services and do business and of course they are impacted financially. We know that most sensitive data is stored and managed within databases.
Databases now become prime targets for security threats. Oracle Data Safe is the solution with a packaged unified database security control centre for protecting both cloud and on-premises databases. Data Safe provides an integrated set of security features including 5 key components:
What is Oracle Data Safe in OCI?
Oracle Data Safe is a fully-integrated Cloud service focused on the security of your data… Features include Security Assessment, User Assessment, Data Discovery, Data Masking, and Activity Auditing.
This meta link will be useful to set up data safe and register the target database with data safe.
https://docs.oracle.com/en/cloud/paas/data-safe/udscs/set-oracle-data-safe.html
Features of Oracle Data Safe
Also data safe is free to collect 1 million database audit records per month. When it goes beyond 1 million data safe chargeback method is getting applied.
In this article, I will illustrate how we can configure the data safe in the cloud.
First login to OCI and navigate to the Oracle database section, under the external database there is data safe.
Once you click on data safe, open the data safe configuration page.
Data safe page, This page has few options for database registration.
OCI gen 1 supported only cloud registered databases. Now data safe is extended to support Cloud and On-Premises databases.
The most important section is creating a private endpoint.
Before starting this make sure to create VCN (Virtual Circuit Network), VNC automatically creates two IP subnets.
As Data Safe network flow within the OCI (Oracle Cloud Infrastructure), we need to select private. Network Security Group can be selected after creating this.
For this NSG and Security list configuration play a major part in the connection.
For this NSG and Security, list play a major part in the connection. We need to create ingress and egress rules to establish the connection.
Navigate to VCN and add security ingress and egress rule.
For this testing, I created these ingress and egress rules to allow traffic to data safe.
Create a user in the database to collect audit information.
#### Registration
SQL> show pdbs
CON_ID CON_NAME OPEN MODE RESTRICTED
---------- ------------------------------ ---------- ----------
2 PDB$SEED READ ONLY NO
3 PWHSE_PDB READ WRITE NO
SQL> alter session set container=PWHSE_PDB;
Session altered.
SQL> show pdbs
CON_ID CON_NAME OPEN MODE RESTRICTED
---------- ------------------------------ ---------- ----------
3 PWHSE_PDB READ WRITE NO
SQL>
###### create user
CREATE USER DATASAFE$ADMIN IDENTIFIED BY ORacle123## DEFAULT TABLESPACE USERS QUOTA 10M ON USERS TEMPORARY TABLESPACE TEMP;
SQL> CREATE USER DATASAFE$ADMIN IDENTIFIED BY ORacle123## DEFAULT TABLESPACE USERS QUOTA 10M ON USERS TEMPORARY TABLESPACE TEMP;
User created.
This script is there in the data safe target registration section which has a procedure to collect information from the database.
Execute the script as sys and feed prompt information for username, Type etc …
SQL> !pwd
/home/oracle/scripts/sql
SQL> !ls -lrth
total 32K
-rw-r--r-- 1 oracle oinstall 30K Oct 26 18:08 datasafe_privileges.sql
SQL> @datasafe_privileges.sql
Enter value for USERNAME (case sensitive matching the username from dba_users)
DATASAFE$ADMIN
Setting USERNAME to DATASAFE$ADMIN
Enter value for TYPE (grant/revoke)
grant
Setting TYPE to grant
Enter value for MODE (audit_collection/audit_setting/data_discovery/masking/assessment/all)
all
SQL> @datasafe_privileges.sql
Enter value for USERNAME (case sensitive matching the username from dba_users)
DATASAFE$ADMIN
Setting USERNAME to DATASAFE$ADMIN
Enter value for TYPE (grant/revoke)
grant
Setting TYPE to grant
Enter value for MODE (audit_collection/audit_setting/data_discovery/masking/assessment/all)
all
Setting MODE to all
Granting AUDIT_COLLECTION privileges to "DATASAFE$ADMIN" ...
Granting AUDIT_SETTING privileges to "DATASAFE$ADMIN" ...
Granting DATA_DISCOVERY role to "DATASAFE$ADMIN" ...
Granting MASKING role to "DATASAFE$ADMIN" ...
Granting ASSESSMENT role to "DATASAFE$ADMIN" ...
Done.
Disconnected from Oracle Database 19c EE Extreme Perf Release 19.0.0.0.0 - Production
Version 19.11.0.0.0
[oracle@dbsdpl21 sql]$
Please follow mentioned steps to perform data safe registration.
Select the private endpoint as we are using the private endpoint to transfer traffic within the OCI.
Connection setting can be obtained from the database section
Make sure to provide DATASAFE$ADMIN password to register database.
SQL> !pwd
/home/oracle/scripts/sql
SQL> !ls -lrth
total 32K
-rw-r--r-- 1 oracle oinstall 30K Oct 26 18:08 datasafe_privileges.sql
SQL> @datasafe_privileges.sql
Enter value for USERNAME (case sensitive matching the username from dba_users)
DATASAFE$ADMIN
Setting USERNAME to DATASAFE$ADMIN
Enter value for TYPE (grant/revoke)
grant
Setting TYPE to grant
Enter value for MODE (audit_collection/audit_setting/data_discovery/masking/assessment/all)
all
SQL> @datasafe_privileges.sql
Enter value for USERNAME (case sensitive matching the username from dba_users)
DATASAFE$ADMIN
Setting USERNAME to DATASAFE$ADMIN
Enter value for TYPE (grant/revoke)
grant
Setting TYPE to grant
Enter value for MODE (audit_collection/audit_setting/data_discovery/masking/assessment/all)
all
Setting MODE to all
Granting AUDIT_COLLECTION privileges to "DATASAFE$ADMIN" ...
Granting AUDIT_SETTING privileges to "DATASAFE$ADMIN" ...
Granting DATA_DISCOVERY role to "DATASAFE$ADMIN" ...
Granting MASKING role to "DATASAFE$ADMIN" ...
Granting ASSESSMENT role to "DATASAFE$ADMIN" ...
Done.
Disconnected from Oracle Database 19c EE Extreme Perf Release 19.0.0.0.0 - Production
Version 19.11.0.0.0
[oracle@dbsdpl21 sql]$
This happens when you copy entire connection details
connection Settings
The solution is to add the only the service name
Final output after registration target should display in green colour.
Click on the security centre to log in to the data safe console.
This covers 5 sections
Console dashboard
Introduction Monitoring plays a major part in mission-critical environments. Most businesses depend on IT infrastructure. As the ... Read More
Introduction We are living in a data era. Every organization invests in a colossal sum of money to secure its IT infrastructure environment. ... Read More