What is infoFence?

infoFence, is a 3rd. party real time security database software for Oracle databases.

SCOPE

  • Login Control
  • DDL/DCL (Database Definition & Control Language) Control
  • DML (Data Manipulation Language)/QUERY Control
  • Database and Application Error Detection System
  • Conditional Table Access Logging System.
    It is installed into Oracle Databases (10g,11g,12c) and runs using Database Triggers and optionally be integrated with Oracle Database Vault Option

Oracle Database Vault Option Integration

Oracle Database Vault is a security platform running in database. Segregation of duty is enforced by limiting privileges of DBAs having unlimited privileges. This option requires an additional licence from Oracle Corp. infoFence with its unique design and Oracle Database Vault integration, creates an enourmous difference in database security and management.

Maximum Security

  • infoFence is a security layer on Oracle Databases.
  • Each client logging into database are redefined with their client session values. Existing privileges are never altered but reauthorized in a new layer.
  • User access, DDL, data change, update, query, mask and redaction operations are easily controlled and logged.
  • infoFence provides ability to test before blocking. (Try, analyze then apply)
  • infoFence prevents any security breaches and backdoor access to the database.

Login Control

  • Any user knowing the right user-password can not login to the database unless defined by infoFence explicitly.
  • Even the most powerful user SYS (as sysdba) can not login unless defined in infoFence. No Oracle privileges are revoked at all to provide this restriction.

DDL/DCL Control

  • Users with same database user-pasword may have different privileges and may execute DDL/DCL commands like ALTER, DROP, CREATE, GRANT, REVOKE on specified objects only if defined by infoFence.
  • Even the most powerful user sys (as sysdba) can not execute DDL/DCL commands unless defined by infoFence.
  • All DDL/DCL executions are logged and source code of database object versions are kept historically with their state and error.
  • Specified database Schema and objects are protected against DDL/DCL operations.

DML/Query Control

  • Critical data are now secured. Even the DBAs and the most powerful user SYS are prevented to query and access critical data. Unauthorized accesses are blocked and logged.
  • The selected clients are prevented to access selected tables.
  • The selected clients are prevented to see critical data with Masking or Data Redaction. Data Redaction requires additional Licence from Oracle Corp.
  • In production environment, it is possible to test and analyze the consequences of blocking a table access before blocking. First define in SNIFFMODE, analyze it, then switch to GUARDMODE later on.

Error Detection Detector

  • Any database errors occuring in Oracle database are logged in alertSID.log file. The errors arisen from both database and application are detected and logged by infoFence.
  • When explicitly defined, any database and application error can automatically run an event action by infoFence. The user can write his/her own PL/SQL code for the automatic action alarms.

Logging

  • Login attempts, DDL, DCL, DML (Access & Block), QUERY access operations and error detections are logged.
  • Table/view accesses for desired user groups can be logged. E.g. You can log table/view accesses for direct user connections but not log application server clients.
  • Checksums are kept for each log. Any log can be checked if it is modified, hacked or not. The encrypted logs may logged explicitly.

LDAP OID Support

  • Client defined in Oracle Internet Directory (OID) may login to database with his/her username via Enterprise User Security (EUS). Client authentication definition can be done in infoFence using Client’s username (LDAP user), Ldap path, proxy user and mapped schema name.

Identity Management Support

  • It is easy to integrate with Identity Management Systems.
  • There are fields in client definition for identity definition. Using the APIs at INFOFENCE_PANEL package from infoFence, integration can be done easily.

Reports

  • infoFence user interface panel has generic reports to be generated.

Performance

  • infoFence is highly tuned. It has no top query or wait event on 10000 (ten thousand) concurrent user system and a very high transaction rate.

Web Site : http://infofence.com/en/

Hits: 7

Leave a Reply

Your email address will not be published. Required fields are marked *