What is infoFence?

Maximum Security

• infoFence is a security layer on Oracle Databases.
• Each client logging into database are redefined with their client session values. Existing privileges are never altered but reauthorized in a new layer.
• User access, DDL, data change, update, query, mask and redaction operations are easily controlled and logged.
• infoFence provides ability to test before blocking. (Try, analyze then apply)
• infoFence prevents any security breaches and backdoor access to the database.

Login Control

• Any user knowing the right user-password can not login to the database unless defined by infoFence explicitly.
• Even the most powerful user SYS (as sysdba) can not login unless defined in infoFence. No Oracle privileges are revoked at all to provide this restriction.

DDL/DCL Control

• Users with same database user-pasword may have different privileges and may execute DDL/DCL commands like ALTER, DROP, CREATE, GRANT, REVOKE on specified objects only if defined by infoFence.
• Even the most powerful user sys (as sysdba) can not execute DDL/DCL commands unless defined by infoFence.
• All DDL/DCL executions are logged and source code of database object versions are kept historically with their state and error.
• Specified database Schema and objects are protected against DDL/DCL operations.

DML/Query Control

• Critical data are now secured. Even the DBAs and the most powerful user SYS are prevented to query and access critical data. Unauthorized accesses are blocked and logged.
• The selected clients are prevented to access selected tables.
• The selected clients are prevented to see critical data with Masking or Data Redaction. Data Redaction requires additional Licence from Oracle Corp. Data Redaction can be used on table and views easily with try & apply approach.
• TRY & APPLY APPROACH: In production environment, it is possible to test and analyze the consequences of blocking a table access before blocking. First define in SNIFFMODE, analyze it, then switch to GUARDMODE later on.

Error Detection

• Any database errors occuring in Oracle database are logged in alertSID.log file. The errors arisen from both database and application are detected and logged by infoFence.
• When explicitly defined, any database and application error can automatically run an event action by infoFence. The user can write his/her own PL/SQL code for the automatic action alarms.

Logging

• Logs can be kept in a seperate electronic data storage away from Oracle Databases where Oracle DBAs can not access, infoSaver is the storage part of infoFence.
• Login attempts, DDL, DCL, DML (Access & Block), QUERY access operations and error detections are logged.
• Table/view accesses for desired user groups can be logged. E.g. You can log table/view accesses for direct user connections but not log application server clients.
• Checksums are kept for each log. Any log can be checked if it is modified, hacked or not. The encrypted logs may logged explicitly.

LDAP OID Support

• Client defined in Oracle Internet Directory (OID) may login to database with his/her username via Enterprise User Security (EUS). Client authentication definition can be done in infoFence using Client’s username (LDAP user), Ldap path, proxy user and mapped schema name.

Identity Management Support

• It is easy to integrate with Identity Management Systems.
• There are fields in client definition for identity definition. Using the APIs at INFOFENCE_PANEL package from infoFence, integration can be done easily.

Reports

• infoFence user interface panel has generic reports to be generated.

Performance

• infoFence is highly tuned. It has no top query or wait event on 10000 (ten thousand) concurrent user system and a very high transaction rate.

Control Panel

• infoFence has a very user friendly and easy interface.