Database Reference
In-Depth Information
Regexp Redaction:
Able to go into the string value and remove a portion of it based on a
regex rule
*******@gmail.com
Random Redaction
: Where data type is preserved but the value is replaced with randomly
different but functionally similar value 2343 0780 → 9478 2877
Data masking
, or layering a view on top of a table, can provide similar functionality to data redaction. This
functionality is already available n the Virtual Private Database (VPD) feature, available with Enterprise License, but
it can only “null out” an entire field. Data masking does not have the ability to hide just a portion of the field as with
redaction. Also, data masking cannot replace characters in the field with other meaningful but false characters, e.g., to
obscure the fact that the data has been redacted.
In a way, this last functionality is an extension of the traditional meaning of redaction. The word
redaction
comes
from a human process of inking out the sensitive parts of a document by hand. A redacted document presents itself as
non-complete, whereas the Oracle redaction functionality has the ability to present itself as complete, when in fact
the data is simply not real.
Therefore, care should be taken with Oracle's implementation of redaction. Oracle software achieves redaction
through the use of the built-in,
REGEX_REPLACE
function. The classic use case is to mask all but the last four digits of a
credit card number so that a customer service representative can confirm identity but not see the whole number. This
credit card redaction functionality is common in e-commerce web-sites, but has normally been implemented at the
application layer. Oracle data redaction is implemented before the network layer so it reduces concern about network
sniffers and application bypass.
■
a benefit of Oracle's approach to redaction is the ability to customize views of the same data to different users.
this can be done at a basic level with traditional views, but redaction adds field editing and data generation.
Note
Redaction is actually quite an important security feature. What is commonly called the Black Hat community i.e.,
not as ethically guided as the White Hat community, have turned their attention to social engineering in recent years.
This commonly involves ringing a call center and pretending to be a customer, then trying to deduce information
from the call center representative regarding a real customer, or regarding the way that the company handles
customers in general. Data redaction reduces the risk of such an attack being successful.
The concerns with redaction are that it is an extra cost option, and as a new product there have been some flaws
that allow redaction bypass, which we will discuss in Chapter 10.
Database Auditing
What follows is a description of the build up to the changes in 12c auditing through vendor feedback and the beta
process, developing into the actual delivered database auditing functionality.
Context of the Changes to Audit Trail in 12c
In the build up to 12c an attempt to mandate a move to a centralized and more proprietary audit-trail format
occurred. This represented Oracle taking more control of
its
audit trail so that Oracle products could be used to read
the audit trail. In my view that could have been a step backward. The main problem with audit trail currently is that
it does not get used enough, as DBAs and security folks do not have time to read it and/or don't have the software to
process it into actionable items. It has taken a long time for practitioners to build systems that can address this issue
(the use of Oracle's audit trail for security response has been covered in depth in my previous book
Oracle Forensics
).
