Friday, July 22, 2011

Oracle Database Firewall - What is it?

It all started with acquisition of Secerno, a database firewall vendor, in 2010. Secerno's product “DataWall” helped analyze how databases are accessed so that DBA’s can set up policies to control the access.
The database firewall has the ability to analyze SQL statements sent from database clients and determine whether to pass, block, log, alert, or substitute SQL statements, based on a defined policy. Users can set whitelist and blacklist policies to control the firewall. It can detect injected SQL’s and block them.  According to Oracle, the database firewall can do the following -
  • Monitors and blocks SQL traffic on the network with white list, black list and exception list policies
  • Protects against application bypass, SQL injection and similar threats
  • Reports on database activity for SOX, PCI, HIPAA and other regulations, choosing from dozens of out-of-the-box reports
  • Supports other Databases as well - MS SQL Server, IBM DB2 , and Sybase
The Database Firewall joins other database-security products offered by Oracle such as Oracle Advanced Security, Audit Vault, Database Vault, Secure backup etc.
Oracle Database firewall comes in 2 components:-
Database Firewall:
  • Record and analyze SQL transaction requests and responses from one or more Oracle, Microsoft SQL Server, or Sybase databases, and Sybase SQL Anywhere.
  • Categorizes SQL transactions
  • Enforces data policies
  • Enables real-time alerting and event propagation
Database Firewall Management Server:
  • Aggregates SQL data from one or more Database Firewalls
  • Serves as a reporting platform for business reports
  • Centralizes the distribution of data control policies, but still enables the use of different policies for specific databases
  • Stores and manages log files, including archiving and restoring the log files
  • Remotely manages all Database Firewalls to which it connects
  • Integrates with third-party applications, such as Crystal Reports
However there are some key issues that it does not address and hence would need use of other security options such as Audit Vault, VPD etc. For example, Privileged users can login to the OS directly and make local connections to the database. This bypasses the database firewall.
The two components are priced separately.  The Database Firewall comes at a cost of $5,000 per processor and Database Firewall Management Server component is priced at $57,500 per processor. 

Thursday, July 14, 2011

Pre-packaged Oracle VM's for Developers

Interesting. I remember that in order to make development effort faster, we used to make images of our development boxes with all the required software / applications installed on it. This was pre-virtualization era. But with virtualization, it became a common norm and easier. Now Oracle has also started packaging different development stack on a pre-built Oracle VM which one can simply download and start using it.

All you need to do is install VirtualBox to get these pre-built VM's working. Currently Oracle has the following development stacks bundled in a VM with more coming in future -

  • Java Development
  • Database App Development 
  • SOA & BPM Development
  • Oracle WebLogic Server Hands-on
  • Oracle WebCenter Portal Framework 11g Hands-on
  • Oracle Solaris 11 Express Developer
  • Oracle Solaris 11 Express Network Virtualization 
  • Oracle Solaris 10 9/10
  • Enterprise PHP Development
  • Oracle Tuxedo Web Application Server Demo
Refer to the following link for components that have been bundled in the above listed VM's and download them. Go download and speed up your development effort.

In a previous post, I had covered the Oracle VM images with pre-installed Oracle Database (10g and 11g) and Oracle RAC (10g, 11g, and 11gR2) software.

Friday, July 8, 2011

Oracle Pre-upgrade utility

The Pre-upgrade tool provides a list of items which should be reviewed before upgrading the database (just like a pre-requisites checklist). Basically it reports about the database configuration and parameters etc. that need attention prior to upgrade. The best thing is this script can be run while the database is running on the existing version that means no shutdown required.  This allows you to properly plan your upgrade process and avoid unnecessary down time due to pre-requisites missed for the upgrade.
Note: - A few registry$ tables will be created and data would be inserted into them.
The snapshot (taken from Metalink note 884522.1) explains which script should be used based on the version you are on and the version you are intending to upgrade to. You can download the scripts from the same metalink note as well.
You can find these scripts under $ORACLE_HOME/rdbms/admin directory of the version you are planning to upgrade to.
The following snapshot gives a sample output of the script executed on a 10g database.
While you will refer to an upgrade guide / companion available from Oracle to note down all the pre-requisite steps and get them rectified. This script gives you a consolidated output of the pre-requisites and one can fix and re-run the script to check if it complies with most.

Tuesday, July 5, 2011

Database Upgrade Guide – 10g to 11g

I came across this useful upgrade advisor/guide on Metalink(ID 251.1) so thought I should share this. I think it was available earlier as well but in some crude format. It’s a nice step-by-step guide / reference for anyone who wants to upgrade to 11g. It explains you the benefits of 11g and guides you through a 6-step approach (Evaluate, Plan, Configure, Test, Implement and Accept) to get to 11g. It explains each phase with expected deliverables/outcomes and lists a host of referenceable material – documents / guides, ppts, multimedia trainings, metalink notes etc. one can refer to.
It’s very handy guide for anyone who wants to migrate from 10g to 11gR2.