1.1 What's It All About?
There are many facets to computer security. Most security practitioners identify the following different aspects of security:
- Secrecy and confidentiality
Data should not be disclosed to anyone not authorized to access it.
- Accuracy, integrity, and authenticity
Accuracy and integrity mean that data can't be maliciously or accidentally corrupted or modified. Authenticity is a variant on this concept; it provides a way to verify the origin of the data.
- Availability and recoverability
Systems keep working, and data can be recovered efficiently and completely (with no loss of accuracy or integrity) in case of loss.
These terms may all appear to be quite similar, but in reality they are very different. And, different systems have mechanisms that achieve these goals in different ways. For example, encryption is a way of enforcing secrecy and confidentiality. Passwords and digital signatures aid in enforcing authenticity. Backups are a way of helping to guarantee availability and recoverability. Auditing helps ensure accuracy and integrity. Depending on your specific environment and user base, some of these aspects of security may be more important than others. In a classified military environment, for example, secrecy is usually the most important goal. In a banking environment, accuracy and integrity of data may be more important. For most of us, availability and recoverability of data may be more important than anything else as we go about our daily work.
What is your environment? Where are the threats to your system's security coming from? What actions can you take to protect your Oracle databases? How much action is enough to protect your company's valuable data without compromising your systems' performance and your employees ' rights?
1.1.1 Potential Threats
Let's begin to answer these questions by looking at the various potential threats to our systems. If you're reading this chapter at work, stop reading and take a moment to look around you. What do you see? Rooms or cubicles with personal computers on almost every desk? Computer rooms filled with expensive equipment to enable employees to perform their work from various areas throughout your facility? Networks of computers, routers, disk farms, and cabling to connect all of the equipment (and users) together? And people. Your fellow employeesall busily working awayentering or extracting information from your databases or the World Wide Web. Okay. So some of them are just sitting around talking right now. But, they'll eventually go back to their PCs and do somethingeven if it's just to play solitaire.
If you're reading this chapter at home, you might have a computer in your living room, den, kitchen, study, or any other room in your home. You might have Internet and electronic mail access available through your telephone company or an Internet service provider. You might even have access to the Internet from your television set through your television cable company. You might use a modem to connect remotely to your place of business and access your database accounts or various systems via your home computer and telephone line. If you log in remotely, how do you ensure that the information transmitted between your home and your office is protected from interception and viewing by someone else? Suppose that data were intercepted by a competitor? What would the damage to your company be?
More and more companies and individuals are computerizing, using the Internet, and hosting or at least using Web sites. More and more companies are placing their valuable information on computers and in databases. A company's greatest asset is its dataand the people who control, manage and interact with that data. As an Oracle DBA, system administrator, manager, or computer system user, you are charged, in one way or another, with protecting your company's data.
What are the main threats to your system and your Oracle databases? Your hardware probably does not pose much of a security threat to your system. Of course, the equipment might be stolen or might break down, which will keep you from performing your work. You will want to adopt physical security measures (such as fire alarms, locked doors, etc.) to protect the hardware. And of course you will want to back up your databases to ensure that you can recover data if you suffer a hardware failure. Similarly, your software poses certain threats: it may contain bugs or viruses that will keep you from being able to do your work and that may damage your data.
Although hardware and software threats are real, the most significant threat to your systems and data is presented by the people who use them and the people who would like topeople you know well and people you might never have seen or will never see. There are all kinds of potential intruders who might want to gain access to your database and data because they perceive that your data holds some value to them. Perhaps they:
Believe that by accessing your data they will gain a competitive edge
Believe that they have been harmed in some way by your company and want to retaliate
Want to prove that they can get into a "protected" system
Are agents from other countries trying to gain information to help their country
Are just curious and want to browse
1.1.2 What's the Harm?
It's clear that there are many types of threats to your Oracle databases. But how serious a problem is this? What damage could occur if people outside your organization access your company's private data? Look at it a another way. On a personal level, what's wrong with someone who isn't honest obtaining your charge account number and the charge card's expiration date, or someone getting your name and social security number? What damage could a thief do with these pieces of information?
With your charge card number and its expiration date, anyone could charge items to the card. Worse yet, with your name and social security number, a person could actually impersonate you! A friend of ours once lost his wallet. He took all of the steps he believed were necessary to protect himselfhe notified his charge card companies, replaced his automatic bank teller card, and got a new driver's license. He felt pretty safe after taking these actions and believed that would be the end of any problems caused by the loss of his wallet.
He was wrong. About a month later, charge card bills began to arrive . But they were not charge cards with numbers he recognized. In fact, they were not even charge cards for companies with which he did business. Someone had stolen his identity. They had obtained a counterfeit driver's license with their picture on it but with our friend's name and address. The thief began to open charge accounts all over town using our friend's information. And, of course, merchandise was charged on all of these accounts. Thus began a nightmare that was to last for several months. As quickly as our friend learned of accounts that had been opened in his name, notified those companies about the fraud, and closed the accounts, more accounts were opened and more merchandise was charged. Eventually, our friend did manage to stop new accounts from being opened, and he straightened out the mess caused by the theft of his identity. But his credit history remained damaged long after the initial loss of his wallet occurred.
How anxious are you to have personal information made available to someone whom you don't know?
From a corporate perspective, your company's identity might not be easily stolen and used, but company-private data obtained from your database might provide a corporate thief with enough information to underbid your company on a lucrative job. It could even give him enough information to be able to transfer assets outside your organization. Browsing your database could give an intruder information about your employees' salaries (he might then try to hire them away from you), or information about their personal or medical histories (blackmail might even be a possibility). And if an intruder can read your data, he might also be able to change it, which could throw your systems and database into disarray and damage your corporate reputation.
How can you keep such threats from turning into realities? The first thing you need to do is to understand how your systems and databases actually work, and how you can develop policies and apply tools that will protect these valuable assets.